faulker051

Here is why I am rejecting many requests to “comment on the Sony PSN breach”: because most of such post-breach comments by outsiders are pure drivel , that rarely even RAISES to the level of FUD . So: Q: What got stolen in the now infamous Sony PlayStation Network (PSN) breach, the #4 largest ever at DatalossDB ? A: Definitively, for all PSN users: “name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID” (source: Sony letter, obtained via dataloss-discuss@datalossdb.org ) Possibly: “profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers” (source: same Sony letter) Total record count stands at 77 millions. Q: Were all the credit cards stolen? A: I don’t know and Sony says THEY DON’T KNOW either .   Q: What does it mean, “they don’t know”? A: To me, it means they sucked at security mon...

So, yes, seatbelts. One of my favorite compliance metaphors lately, which I have considered infallible (and used everywhere ). After all, everybody knows that seatbelts save lives and there is plenty of reliable evidence of that, coming from DoT / NHTSA studies (this one, BTW, is worth a skim for the infosec crowd, for sure), etc. So, we all know that…. However, the other day I was in Russia, traveling to Lake Baikal in particular (long story, but it has to do with my wife’s love of exotic locations, both tropical and permafrost-bound) Given that it was still winter and given that roads in Russia are …mmm…. not , most locals simply drive on the ice of a lake – it is way smoother, shorter and faster than “doing the road thing.” Besides, that is the only way to reach some lake islands in winter ( bonus question for advanced readers: how do the locals get to those islands when the lake is already frozen [no boats], but the ice is too thin for cars or already broken down [no cars...

SANS is almost ready with their 7th Annual Log Management Survey , which would be unveiled at two SANS webcasts on April 25 and April 26 (both at 1PM EST / 10AM PST). The SANS log management survey is a useful measure of what organizations do with logs and how it changes year over year. SANS states that “organizations still want better access to their log data and better integration with third party security software and their SIEM systems and their Windows logs.” I am allowed to share a few (very few!) bits from a report, but expect full analysis from me when it officially comes out. So: Collection has dropped way down among the most challenging tasks related to logs – now categorization, reporting, analysis and other higher level tasks show up as top challenges (good news!) Alerting / detection again trumps search / investigations as far as basic log use cases are concerned (it is definitely very interesting since post-incident search requires much less tuning than alert...

OMG, today is The Breach Day , an official security holiday. Verizon Business has just released their super-famous “ 2011 Data Breach Investigations Report ” Here are my notes, thoughts, jokes and highlights (are images and quotes are from VzDBIR 2011). First, we all know that science has been looking for a scientific proof of stupidity for years, and finally it is here, delivered through the power of a Pie Chart below: In other words, most of the damaging, expensive breaches has cheap countermeasures that people just don’t do. Niiiice! On a more serious note, not only many of the breached organizations were ignorant, there were not even close to being PCI DSS compliant (more on this below). Doesn’t it make you think that we are going backwards in security, “APT” notwithstanding? So, who ARE these people? Well, we now know: Key industries are those know for limited infosec resource and lots of juicy payment card numbers, often combined with other useful information such as mailing addr...

Blogs are "stateless" and people often pay attention only to what they see today . Thus a lot of useful security reading material gets lost.  These monthly round-ups is my way of reminding people about interesting and useful blog content. If you are “too busy to read the blogs,” at least read these . So, here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month. My PCI DSS log review procedures that I created for a consulting client and posted on the blog (sanitized, of course!)  took THE top spot again: the first post “ Complete PCI DSS Log Review Procedures, Part 1 ” and the whole series “ PCI_Log_Review ” would be useful to most large organizations  under PCI DSS (as well as other regulated organization that are looking to create a structure log review policies, procedures and process) “ SIEM Resourcing or How Much the Friggin’ Thing Would REALLY Cost Me? ” is a new post about figuring out th...

Just a quick post about my upcoming presentation at Source Boston 2011 – one of the most fun security conferences around! The details are quoted from the conference site : So You Got That SIEM. Now What Do You Do? Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin ) Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive." So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful? At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a f...