Weekly Reading List: Week Ending January 23

January 25, 2009

Translucent Databases, Peter Wayner – This book is older by technology reference standards (2002), but I find the concepts in it to be critical for secure database design.  The amazing thing is how many databases with sensitive information don’t use these very simple techniques.  The book itself is only around 175 pages.  You can find it on the original author’s site here:  Translucent Databases

Chaos:  Making a New Science, James Gleick – If you can read this book without having your head spin with new ideas and concepts then you might be a zombie.  Mr. Gleick manages to describe key concepts and work being done in the field of  chaos  without bringing in thick math.  This book was a best seller and was nominated for the Pulitzer prize.  You can find the author’s website here: Chaos: Making a New Science

Weekly Reading List: Week Ending January 16, 2009

January 16, 2009

Weekly Reading List:

“The Right Way To Do Wrong”, Harry Houdini – Written to explore the depths of the underworld in 1906, there are some striking comparisons to modern day scams and thievery.  It is absolutely amazing how little things have changed.  You can find the text here: The Right Way To Do Wrong

How to Suck at Information Security, The SANS Institute – Very direct, and very true categorization of most commonly ignored reasons that infosec programs fail.  There is even a PDF cheat sheet available.
The info is here: How To Suck At Information Security

Verizon Wireless 2008 Data Breach Report – This has actually been out for a bit, but there is a lot of information to be gleaned from its pages.
The Verizon Wireless page for this is here: Data Breach Report
Richard Bejtlich has the best writeup I have seen on Verizon’s report:  TaoSecurity

Subpoena Duces Tecum – Or Not?

January 13, 2009

Any expert that has had to respond to a subpoena duces tecum is likely to find this interesting.  I am not convinced as an expert that I would like to push this line, though.  Thoughts?


In re Teleglobe Communications Corp., 2008
Category – Production, Spoliation
WL 3198875
( Bankr. D. Del. Aug. 7, 2008 )

Background:  Defendants’ motion to exclude testimony of the plaintiff’s expert as a sanction for the alleged spoliation of information considered in forming their opinions is denied.  The court found that Rule 26(a)(2)(B) does not require the plaintiffs’ experts produce all drafts of their reports.

In addition, the court rejected the notion that draft reports fall into the category of data or information “considered” by the expert, which must be produced:

“The expert does not really ‘consider’ prior drafts in forming his opinion; the prior drafts are simply preliminary iterations of his opinion.  Rather than ‘consider’ his prior thoughts and statements, in editing the report the expert is considering the underlying data which forms the basis of the revisions.”

The court recognized that the Plaintiff’s experts did not destroy any documents, they simply made corrections to their reports and failed to save the drafts.

Have Cellphone, Will PDF

January 13, 2009

From Twitter: “http://twitter.com/vidocrazor/statuses/1109866285

This is another Gina Trapani “Upgrade Your LIfe” tip I found that has been HUGE for me.

I am a major whiteboard fanatic – if it were up to me all surfaces of every wall in my life would be covered with whiteboard.

The folks at Qipit.com will take a photo of a page , whiteboard, etc. and convert to PDF.  This service works straight from your mobile phone (assuming that you have a camera and email – you DO have that, right?), requires no software install, and is absolutely free – a killer combination.

As an example:  I have registered my number with Qipit and placed the “copy@qipit.com” email address in my contacts as “Qipit”.  Now when I need notes from a whiteboard I simply snap a shot with my iPhone 3g and email it to user “Qipit”.  Within seconds I have a PDF version of my whiteboard.

Occasionally the transmogrification will fail, simply realign the shot and repeat – it takes seconds.

The website is here: http://www.qipit.com/

Lifehacker Goodness

January 13, 2009

From Twitter: “http://twitter.com/vidocrazor/statuses/1108280366

I discovered Lifehacker not too long ago – there are some incredible gems mixed in amongst some of the cruft.

Gina Trapani’s book “Upgrade Your Life” is essentially a Best of… for the site and well worth the price of admission.

Some of my favorites from the book:

Quicksilver: Has sped up the use of my Macbook considerably.

Email and File Management: Includes some advanced uses for Spotlight.

Firefox Add-ons: Some of the add-ons recommended by the book have completely altered my management of investigative information gleaned from the web.

Time Management: Several tips from the book have increased my daily output.