Sunday, October 16, 2016

This site has moved!

Set your blog site bookmarks to, https://www.securitycurmudgeon.com/.  Please update any article bookmarks since those links have changed as well.

Monday, October 10, 2016

Top Security Expert, IoT Security is a Market Failure

Photo (click to enlarge)

In a recent blog post, Security Economics of the Internet of Things on Schneier on Security, security expert and cryptologist Bruce Schneier describes economics related to securing IoT devices.  The post was written due to unprecedented DDOS attacks against investigative security journalist Brian Krebs and his web site krebsonsecurity.com.  Schneier describes an interesting situation in IoT security where neither the purchaser or seller has a business stake in security quality.  As a result, IoT security across industry is very weak or non-existent.  This is far different than the smart phone or computer markets where there is strong business interest, security patching, and devices are replaced every two to three years.  Schneier notes weak and sometimes non-existent IoT security creates an "externality", a sort of invisible pollution, impacting many individuals and businesses broadly.  So while purchaser and seller don't share a business interest in security quality other innocent parties may be harmed by those decisions which is like environmental pollution.  Schneier takes a strong stance describing IoT security as a market failure and that government involvement is the only way to correct failed markets.

Related posts
Security Sucks - Who's to Blame?
A Few Thoughts on Security as a Public Health Issue
Woodsy Owl 2016 - Don't Pollute Software!

Tuesday, October 4, 2016

Why Yahoo's Previous Security Chief Left for Facebook

There is seldom transparency around executive departures but this one is particularly interesting.

[Yahoo's Response] "Yahoo is a law abiding company, and complies with the laws of the United States," the company said in a brief statement in response to Reuters questions about the demand. Yahoo declined any further comment.

The original story, Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence

Share It!