Security Longreads for August 14, 2015

August 14, 2015

Issue #64

With a wealth of security reading available, the Security Longreads weekly e-mail is designed to highlight particularly interesting longer reads. Our “Security Reads” covers topics related to Information Security while our “Other Reads” are topics that have nothing to do with security but could be of interest to readers of JaySchulman.com.

Did someone forward this to you? Sign up at jayschulman.com.

Commentary: I never would have guessed that this week would be dominated by the CSO of Oracle and not a Blackhat or Defcon post-mortem. The first post is the famous post by Mary Ann Davidson of Oracle. It is worth reading yourself versus anyone’s summary article. In the spirit of Mary Ann’s post, I also included a funny post from The Onion. (If you aren’t familiar with The Onion, it’s comedy not reality.)

The Harvard Business Review covers while cybersecurity is so hard. (Read this knowing your CXO is probably reading it.) Finally, an interesting piece on a vulnerability discovered two years ago in automotive keys. The problem? To fix it, you have to replace both the key and the ignition switch.

In Other Reads, I feel like most security people are conflict averse. Another Harvard Business Review piece on why we shouldn’t be. Also a piece on Doing Less. More. (It’s written for entrepreneurs but I think it’s valid for anyone.)

Happy Weekend,

-Jay

Security Reads

No, You Really Can’t (Mary Ann Davidson Blog)

I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.” How Hackers Steal Data From Websites — The Onion — America’s Finest News Source

With millions of Americans’ personal information becoming compromised by recent high-profile data breaches, many people are wondering just how anonymous hackers target and infiltrate these supposedly secure systems. Here is a step-by-step explanation of how your data can be stolen: Why Cybersecurity Is So Difficult to Get Right

It seems like hardly a week goes by without news of a data breach at yet another company. And it seems more and more common for breaches to break records in the amount of information stolen. If you’re a company trying to secure your data, where do you start? What should you think about? Patching a fragmented, Stagefrightened Android isn’t easy • The Register

Android users face a triple patching headache with the recent discovery of a collection of serious vulnerabilities affecting smartphones and tablets running Google’s mobile operating system.

Security experts warn that the fragmented nature of Android devices will make patching more difficult than it would be in updating PCs. Researchers reveal electronic car lock hack after 2-year injunction by Volkswagen | Ars Technica

Dutch, British researchers disclosed bug early, but company’s lawyers blocked publication.

Reads by Jay

Get Engaged In Local Security Groups –Jay S Schulman

One of the more common questions I get is where can I network and grow my knowledge within my community. If you’re not thinking about your network, you should. As I’ve been recording the Building a Life and Career in Security Podcast, one of the most common themes is having a strong network — and … Building Great Security Metrics –Jay S Schulman

I love metrics. So much of what we do in security feels like we’re running on a hamster wheel. Metrics give you some indication of whether you’re moving forward, back, or just running in circles. Before I give any advice on metrics, you should start with my favorite book on the subject: Security Metrics, A …