It has been announced that President Obama will pick his new cyber czar tomorrow. This will likely be a position reporting to the National Security Advisor, similar to Richard Clarke’s position under President Clinton.

This position will be critical for organizing the government’s fragmented information security efforts, both for the government sector and the country’s infrastructure, which is largely privately owned. Many of the security tasks that must take place to improve our nation’s security posture are well known. They are employed by forward thinking and risk averse sectors such as the financial industry. The challenge is rolling …

In lieu of actual technical content, and inspired by Jeremiah’s blog post, 8 reasons why website vulnerabilities are not fixed, I started thinking about all the different manifestations of reason #8, “No one at the organization knows about, understands, or respects the issue.”

I polled the Veracode research group, most of whom have been security consultants at one time or another, and ask them about the best responses they’ve heard from customers that reflect a lack of understanding or respect for a pen test finding. These often start with the proclamation, “that’s impossible…” followed by one of …

If you visit this article on the New York Times website, you’ll get immediately redirected to the website containing the original content of the article. [UPDATE: they fixed it, so it won't redirect you anymore]

Why does this happen, you ask? Apparently the New York Times ingests various third-party news feeds, wraps the article in the New York Times template, and serves it up. Here’s an example of an IDG article that was served up in similar fashion — note the word /external in the URL. When importing the article, the New York Times allows …