A recent study conducted by British Telecom claims that 94% of the companies they polled expected to suffer a compromise sometime in 2009. I guess companies are finally acknowledging one of Information Security's most sacred truths:  Prevention eventually fails.  I first heard this truism while reading Richard Bejtlich's fantastic book The Tao of Network Security Monitoring.  In it, he claims that preventive controls are doomed to eventual failure due to 2 factors: Some intruders are smarter than the people securing the systems, and intruders are unpredictable. These sobering facts recently prompted InfoSec pioneer Dan Greer to comment in an interview: [...]the world we...

I've preached for years the need for users to scrutinize heavily any URLs in emails they receive, especially in emails from financial institutions.  As applications and operating systems get more and more secure, hackers are increasingly relying on tricking the end users into clicking on a hostile link or otherwise actively enable the compromise of their own system. Traditionally, one of the mechanisms you can use to determine that an email is a phishing attempt is to scrutinize the link or button the email wants you to click. For instance, you can hover your mouse over this http://www.Visa.com link, and determine pretty...

Well, bmonday.com has undergone a number of major redesigns over the years, why not the owner? There were two reasons for my nearly-2-year sabbatical in Oklahoma.  Officially, the public reason was to reconnect with my family, but the less publicized reason was to reinvent myself.  My 15 years in Seattle had left me solidly in a rut, and one I didn't much like.  The recurring theme in the unpleasant bits of my life was the fact that I wasn't very happy with the man I'd become, outside of a very successful career.  I had gotten complacent in my personal life, and needed to mix things up. ...