Comments for Adam On...

Comment on CBE: The Data Breach CVE? by Adam Shostack

Adam Shostack — Sat, 12 Jul 2008 21:19:42 +0000

We don’t need or want a common lexicon. Trying to get to one would have killed the CVE. CVE worked because we didn’t do that.

What’s really needed is someone with time and energy to do this. It might be an interesting experiment to try it and see what problems come up. That might lead to an academic paper or two. (Thus letting you start with grad students.

Comment on The State of Security Sales Calls by alan shimel

alan shimel — Thu, 19 Jun 2008 11:33:40 +0000

Adam - thanks for picking up on my theme. Here at StillSecure, we are trying but have learned the hard way too. Am interested in how you would like a security vendor to engage you?

Comment on Why I Love The Internet, Reason #2 by Kees Leune

Kees Leune — Sat, 19 Apr 2008 15:21:09 +0000

I can totally related to this post I used to play and DM a lot 2nd edition and 3rd edition adventures, and I really enjoyed it a lot. Time to start finding the dice and play some slow games on an IRC channel, perhaps?

Comment on [UPDATE] Missing Out On Good PR by Sham Sao

Sham Sao — Wed, 02 Apr 2008 14:50:38 +0000

Just wanted to add some information regarding IdentityTruth. IdentityTruth is not just a credit monitoring service - it offers multiple levels of protection against Identity Theft including tracking of breaches like the LaSalle breach, scanning of Internet sites, change of address and phone data, and billions of other database records.

There’s an interesting timeline on the IdentityTruth website showing how identity theft happens, why Credit Monitoring alone is not enough, and where IdentityTruth helps:

http://www.identitytruth.com/services/demo/timeline_audio.html

Comment on [UPDATE] Missing Out On Good PR by Adam Dodge

Adam Dodge — Tue, 01 Apr 2008 20:23:02 +0000

I received this e-mail from an individual claiming to be a “Ruth Shuman” from Lasell College. Given that the IP address traces back to a Verizon Internet account in the Boston area, I’m going to take it as valid

Subject: Are all of your reports inaccurate? — Adam On… contact form
From: Ruth Shuman

I hope that IdentityTruth is paying you a lot of money for its free
advertising. If you cared enough to do fact checking before putting out
this false information, you would see that Lasell College is offering free
credit monitoring through a competitor. IdentityTruth has equally bad
practices putting out a press release as if it was on behalf of Lasell to
get business. Your business practices, as well as IdentityTruth’s are
unprofessional and should be scrutinized by the Attorneys General Offices
around the country and the Better Business Bureaus in all major markets. If
you don’t publically correct these false accusations I will be happy to
contact them directly. Thank you.

— End E-mail

[Adam: By the way, I have received no money from IdentityTruth nor do I expect to]

Comment on Yeah… I Don’t Get It by Adam Dodge

Adam Dodge — Thu, 13 Mar 2008 19:19:09 +0000

Yeah, which is why I just don’t get it

Comment on Yeah… I Don’t Get It by tkrabec

tkrabec — Thu, 13 Mar 2008 19:11:06 +0000

Wouldn’t it be more effective to block p2p, rather than IM? Especially when you need to share files with individual users or groups on IM, and all you have to do to share a file with the masses(with p2p) is have it in the wrong folder or share the share the wrong thing.

–Tim Krabec