Reading List

Interesting Finds

Jason Haley — Tue, 14 Feb 2006 14:13:28 GMT

re: Reading List

Brian — Tue, 14 Feb 2006 18:36:18 GMT

Jesper, with the importance of "People Security" and the useful things that Steve Riley and yourself have presented on this topic in the last few years I think it would be a great contribution to the security community for Steve and yourself to consider publishing more on this topic. Another book would be highly appropriate on this topic since this seems to be the hardest aspect of security to bring across to a business.

re: Reading List

Lars — Wed, 15 Feb 2006 00:38:47 GMT

Jesper, about Mitnick: "..defrauding his victims of millions of dollars in the process..". As far as I know, I think it has never been proved in court or otherwise that there ever was any great financial loss for the victims or any economic gain for Mitnick himself at the time. True, there was cost in cleaning up after his security breaches, but Mitnick never to my knowledge deprived his victims of revenue by illigally obtaining their software for personal review or use. I understand your point about not really feeling comfortable about recommending his book as he is in fact now gaining from his past criminal activities (he did it, not study it), but I think it's inappropriate to label him wrongfully as having defrauded his victims of huge costs if he did not.

Otherwise, I'm a great fan of you and Steve, love your way of getting down to the real security issues as seen in your webcasts and your book.

All the best,
Lars
Denmark

re: Reading List

Susan — Wed, 15 Feb 2006 02:22:29 GMT

One blog that is for sure on my must reads (besides yours and Mr. Riley's of course) is http://blogs.technet.com/msrc

The MSRC blog will have late breaking security issues posted long before it's on the official channels.

Another one of interest is the Swiss Security blog
http://blogs.technet.com/ms_schweiz_security_blog/default.aspx

The Antimalware blog (which always looks like you are typing animalware)
http://blogs.technet.com/antimalware/

re: Reading List

jesper — Wed, 15 Feb 2006 03:01:53 GMT

Brian, I wish I knew enough about people security, but I really do not feel like I do. I am trying to study it though.

Lars, I don't recall all the details about what exactly Mitnick profited from, but the legal and clean-up costs should not be overlooked. Regardless of whether the criminal profited from the crime, the victims lost.

Susan, good pointers, but I was mostly looking for learning opportunities, not merely keeping up on new events. I may have to add those though. It is very hard to draw the line in this business. As we see above, sometimes learning means you have to go study things you would rather not.

re: Reading List

Jonathan — Thu, 16 Feb 2006 18:03:45 GMT

I just finished reading Marcus Ranum's list and now I'm going back to read over the rest of that site. There's a lot of good information in there and he's really made it approachable. Thanks for the heads-up on this, Jesper.