Wednesday, June 09, 2010

Publicly Traded Companies Read This Blog

I think some publicly traded companies read this blog! Ok, maybe I'm dreaming, but consider the story After Google hack, warnings pop up in SEC filings by Robert McMillan:

Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property.

In the past few months Google, Intel, Symantec and Northrop Grumman -- all companies thought to have been targets of a widespread spying operation -- have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks...

Google warned that it could lose customers following a breach, as users question the effectiveness of its security. "Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures," the company said in the filing.

Google's admission that it had been targeted put a public spotlight on a problem that had been growing for years: targeted attacks, known to security professionals as the advanced persistent threat (APT)...


So how do I know they read my blog? Check out my February 2008 post Justifying Digital Security via 10-K Risk Factors:

Perhaps digital security could try aligning itself with the risk factors in the company 10-K?

More directly, check out my May 2009 post President Obama's Real Speech on Cyber Security:

We will work with Congress to establish a national breach disclosure law, and we will require publicly traded companies to outline digital risks in their annual 10-K filings.

Well, the President didn't say that (I did), but thankfully companies are not waiting around for President Obama to be a real information security leader.

16 comments:

Tom Brennan said...

Application Security resources @ http://www.owasp.org

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Anonymous said...

wow, looks like that OWASP bot is pretty sophisticated...it even made it through your CAPTCHA!

Anonymous said...

Tom, what the f***?

Do you seriously believe you are helping anyone by spamming on people's blogs? How does OWASP even relate to this? Rich is talking about government sponsored computer espionage. I'm sorry, I didn't see a section on OWASP.org where you help with this. In fact, you probably can't b/c if you read what gets posted here then you would realize that the super-minority of these intruders exploit web application vulnerabilities.

Stop spamming OWASP everywhere and let their content advertise for itself. If it was useful, someone would have commented about it for its merits.

Anonymous said...

Seriously, is there some kind of affiliate program for plugging OWASP?

cause i could use a money.

Anonymous said...

Don't hate cause your spam bot wasn't developed by the leet haxorz at OWASP.

Anonymous said...

FACT: the original name of anti-samy was anti-brennan but it self-destructed under the magnitude of its task.

Anonymous said...

Tom Brennan Facts....

Tom Brennan once named dropped OWASP during a Eulogy for a family member.

Anonymous said...

If Tom Brennan didn't exist, it would be necessary to invent him.

Anonymous said...

In the future, spamminess of blog comments will be measured in Brennans.

For example, a comment about online pharmacies, on a blog post about animal husbandry, can be measured at 3 Brennans, based on the direct ratio of orthogonality of the comment to the topic at hand.

Anonymous said...

I'm not quite sure I understand. Does that mean a comment about exceedingly large breast size on a blog post about the selectiveness of ingredients used in fast food would be 7 or 8 Brennans?

Richard Bejtlich said...

Normally I would delete the first comment as spam, but this thread has been so entertaining I feel compelled to leave it!

Anonymous said...

I was myself going to say wtf...but then thought some popcorn would be better.

-LonerVamp

Anonymous said...

It might be necessary to rate the original post as 10 Brennans in order to avoid pesky fractional values. Unless 1 Brennan is the ideal, then a common Viagra spam can be .230 Brennans like a mediocre baseball player.

Anonymous said...

This blog appears to be susceptible to Cross-Site Brennan-Spamming (CS BS), a vulnerability class ranked as critical in OWASP's Web Execution Attack Knowledge Framework And Report Tool (WEAKFART). More information on this vulnerability is available at www.owasp.org

Anonymous said...

Ooooooh Nooooo! How do we prevent CS BS?! How many people are affected? WILL THIS BE THE END OF SAFE BROWSING ON THE INTERNET?

Anonymous said...

CS BS is best controled with OWASP Helper Simplified Integration Thingies (OHSHIT).