The Week that Was - 2013.04.01

I was on vacation last week so the news this week is a bit stale, but there are still some good items in here.  For instance: A federal judge found National Security Letters (NSL) unconstitutional.  [7]  It appears the numbers of NSLs have been decreasing over the years, but violations of the Constitution are never good even in small quantities.


Russell Thomas published some interesting work regarding Indicators of Impact, which are helpful in a risk analysis scenario.  [14]  I'm looking forward to seeing some case studies around his work.

The Skype Transparency Report is also interesting and worth a read.  [19]

I'm light on commentary this week but I'll step it up next week.  Let me know if you have any questions via the Comments section.

Link Dump

[1]  D. Axe, “After the Aircraft Carrier: 3 Alternatives to the Navy’s Vulnerable Flattops | Danger Room,” Danger Room, 20-Mar-2013. [Online]. Available: [Accessed: 20-Mar-2013].

[2]  J. Somaini, “Before you take the plunge...,” SC Magazine, 01-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[3]  K. Jackson-Higgins, “Decoy ICS/SCADA Water Utility Networks Hit By Attacks,” Dark Reading, 18-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[4]  A. Schaub, “Describing Policy,” SCHAUBA SEC, 21-Mar-2013. [Online]. Available: [Accessed: 21-Mar-2013].

[5]  E. Chickowski, “Does Your Security Data Mesh With Risk Metrics?,” Dark Reading, 19-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[6]  J. Leyden, “Experts finger disk-wiping badness used in S Korea megahack,” The Register, 22-Mar-2013. [Online]. Available: [Accessed: 22-Mar-2013].

[7]  “Federal Judge Finds National Security Letters Unconstitutional, Bans Them | Threat Level |,” Threat Level. [Online]. Available: [Accessed: 16-Mar-2013].

[8]  C. Farivar, “Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent,” Ars Technica, 19-Mar-2013. [Online]. Available: [Accessed: 20-Mar-2013].

[9]  S. Nichols, “Florida confirms cyber attack on voting systems,”, 19-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[10]  C. Brook, “GAO: Flaws in IRS Network Could Put Taxpayer Information in Jeopardy,” ThreatPost, 18-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[11]  E. Chickowski, “Genesco Lawsuit Could Shake PCI Compliance Regime To Its Core,” Dark Reading, 21-Mar-2013. [Online]. Available: [Accessed: 22-Mar-2013].

[12]  R. Chirgwin, “Google adds validation to DNSSEC,” The Register, 20-Mar-2013. [Online]. Available: [Accessed: 20-Mar-2013].

[13]  M. Rothman, “Incite 3/20/2013: Falling down,” Securosis, 20-Mar-2013. [Online]. Available: [Accessed: 21-Mar-2013].

[14]  R. Thomas, “Indicators of Impact — Ground Truth for Breach Impact Estimation « The New School of Information Security,” The New School of Information Security, 18-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[15]  “Internet fears over press regulation,” BBC, 19-Mar-2013. [Online]. Available: [Accessed: 20-Mar-2013].

[16]  “IRS Has Improved Controls but Needs to Resolve Weaknesses,” Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[17]  D. McCullagh, “Justice Department bends on (some) e-mail privacy fixes,” CNET, 18-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[18]  K. Zetter, “Logic Bomb Set Off South Korea Cyberattack,” Threat Level, 21-Mar-2013. [Online]. Available: [Accessed: 22-Mar-2013].

[19]  J. Dohnert, “Microsoft releases Skype transparency report under pressure from privacy groups,”, 21-Mar-2013. [Online]. Available: [Accessed: 22-Mar-2013].

[20]  M. Cohen, “Nate Silver on the N.C.A.A. Bracket,” FiveThirtyEight. [Online]. Available: [Accessed: 20-Mar-2013].

[21]  M. Rothman, “New Job Diligence,” Securosis, 19-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[22]  M. Rothman, “Preparation Yields Results,” Securosis, 17-Mar-2103. [Online]. Available: [Accessed: 19-Mar-2013].

[23]  S. Sharwood, “Researchers find cloud storage apps leave files on smartphones,” The Register, 19-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].

[24]  “South Korean Banks and Broadcasting Organizations Suffer Major Damage from Cyber Attack,” Symantec Connect Community, 21-Mar-2013. [Online]. Available: [Accessed: 22-Mar-2013].

[25]B. Schneier, “Text Message Retention Policies,” Schneier on Security, 21-Mar-2013. [Online]. Available: [Accessed: 22-Mar-2013].

[26]D. Reisinger, “U.S. government to fight for warrantless GPS tracking,” CNET, 19-Mar-2013. [Online]. Available: [Accessed: 20-Mar-2013].

[27]D. Reisinger, “What 420,000 insecure devices reveal about Web security,” CNET, 18-Mar-2013. [Online]. Available: [Accessed: 19-Mar-2013].


Volume of National Security Letters Issued by Year