It is often said that there is no such thing as security through obscurity. However, if the purpose is to evade detection, then security through obscurity is a valid option; it is hard for data to be compromised if that data is never found. Read more...

First things first. The so-called Siri "vulnerability" that was widely reported this week is a dumb non-issue created by journalists seeking sensationalist headlines. A simple setting disables the ability to use Siri without unlocking the phone rendering the whole issue moot. What the sensationalists fail to take into account is that the iPhone is a consumer device. Most consumers don't even use a passcode. The obvious default setting for Siri in this case, as one of the attractive new USPs of the iPhone 4S... Read more

Performance and effectiveness claims from vendors of network security products can never be taken at face value. In a process crucial to making the right buying decisions, how do the CISO, CIO and other security professionals ensure that new in-line security products are tested thoroughly in an environment that replicates as closely as possible that found in his or her own network? Read more...

This weekend the infosec community lost one of its early pioneers and formative forces. Gene Schultz was also an advisory board member of NSS Labs. He was a wise, kind soul, and a consumate gentleman. I was personally graced by his mentorship, encouragement, support, and friendship over the last 7 years. He will be sorely missed and well remembered.

Gene's obituary, as written by long-time friend and another icon in infosec. http://www.cerias.purdue.edu/site/blog/post/gene_schultz_r._i._p/