Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Thursday, December 07, 2006

Symantec's Invisible Burglar Game

Good one!

Try the infamous Airport security flash game too, and search everyone for exploding toothpastes, and other dangerous substances as they become dangerous throughout the game.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Symantec's Invisible Burglar Game

Cheers to Symantec's PR folks for coming up with such an entertaining promotion of Norton 360, so that "if everything gets too much hit the spacebar to activate the Norton 360 force field to destroy everything in sight."

Good one!

Try the infamous Airport security flash game too, and search everyone for exploding toothpastes, and other dangerous substances as they become dangerous throughout the game.

Dancho Danchev

Thursday, November 30, 2006

A Chart of Personal Data Security Breaches 2005-2006

Following my previous post on "Personal Data Security Breaches - 2000/2005", you may also find this "Chart of Security Breaches for 2005 - 2006" worth taking a look at -- lost or stolen equipment with data dominate the threatscape.

With the eye-popping big bubbles, and hundreds of thousands of people exposed due to the centralized and insecure nature of storing and processing their information, ask yourself why would an attacker ever bother to initiate a network level attack against a data aggregator nowadays? Consider the other perspective when it comes to data security breaches, namely "To report, or not to report?" a breach, and how is an organization supposed to report when they're not ever aware that personal information has already been exposed.

Take your time to go through a very good resource keeping track of all reported data security breaches and notice the most common patterns for yourself.

Dancho Danchev

A Movie About Trusted Computing

Great opinionated introduction to the topic. Trusted computing isn't the panacea of total security simply because there can never be 100% secure OS or a device, unless of course you put so much security layers in place to end up with zero usability, so what's it gonna be? Insecurities are a commodity, but security and usability issues are always a matter of viewpoint, so don't act as if you can provide 100% security, because what you're actually offering is a marginal thinking while proposing a solution.

Dancho Danchev