CSO is doing home security now? Don’t CSOs rate having their own magazine any longer, or are their responsibilities expanding? As a non-CSO, I don’t have to feel guilty about reading it now :)

I am helping VANTOS launch a new blog about Enterprise Investigation Management, which is a new take on the convergence of forensics, investigations, risk mgt, e-discovery and how this is changing the nature of managing corporate investigations.  We have a lot of industry luminaries who will be posting soon, we welcome your collaboration.  Click here to check it out and post comments.

This article describes a new speed record in smashing the CAPTCHA filtering technique with Botnets.  We are going to have to figure out how to fight botnets indirectly, the direct tactics don’t seem to be working and they are getting stronger.

Based on what’s reported in this Washington Post article, the U.S. Customs and Border Protection (CBP) agency thinks so.   Seems like there are cases of people being searched and forced to not only surrender their laptops and other electronic devices, but to provide passwords and instructions for accessing their systems as well, allowing the officials to create exact copies of all information in the device including documents, browsing history, calendars, email…..everything.

While this has obvious privacy concerns (the Electronic Frontier Foundation and Asian Law Caucus have filed suit to force the disclosure of CBP policies in this situation, including which rules govern the seizing and copying of the contents of electronic devices), it also has serious ramifications for us as security professionals.  What controls will we need to implement and enforce if this practice is found to be acceptable and becomes more common?

 - Andy Brinkhorst

Look very closely, I think that is Bruce Schneier as one of the contestants.  You gotta have fun in our industry…

And they allow flames! Knock yourself out, I want to avoid secondary screening.

Securent and its vision of providing granular application entitlement security via its XACML architecture was just validated big time by the announcement that it was being acquired by Cisco.  This is one of the most successful security exits in recent history based on several financial metrics.  Securent and XACML provide true ROI benefits by allowing an enterprise to enforce critical business policies within applications without rewriting mountains of code or creating loopholes.  You will all be using it soon, so go learn more about XACML.  I will pat myself gently on the back for picking this one and joining their advisory board.