LinkedIn Security Breach Triggers $5 Million Lawsuit – Security – End user/client security – Information Week

LinkedIn Security Breach Triggers $5 Million Lawsuit – Security – End user/client security – Informationweek.

Key statement:

…that LinkedIn did not recognize its databases had been compromised until it was informed through public channels provides further evidence that the company didn’t adhere to industry standards.

I do not agree with this assessment. It is possible to be compromised and simply not have a positive sign that it has occurred – until the results are circulating publicly or others notice that there are symptoms of a breach.

We’re seeing information systems develop the same kind of complexity that biological systems exhibit – one to one, one to many, and many to one relationships were common…but now we’re looking at behaviours of complex systems no one party understands. Rather than concrete evidence of changes or breaches we have insinuations of breaches. Smart actors are using heuristic techniques to gain entry without tripping defensive responses, and there is no way to guarantee a breach can’t occur, even with “industry standard” projections.

What do you do when your “industry standard” protections must evolve weekly?

I’m interested to see what level of protection LinkedIn purports to adhere to, but even if it’s good enough there will be another breach. How do we plan for that reality?

I’m curious about the practical expression of these skills in the enterprise. Every breach I’ve been privy to or personally uncovered has occurred due to the lack of maintenance in one part of the system, lack of attention to detail, or poor process (A problem is found but is unreportable as noone will act on the information or take ownership of the issue, or worse, profess ignorance out of fear for taking blame as the first responder). Any of these familiar? They’re solvable now.

So hopefully the problem at LinkedIn *is* the latter (process, policy, or technical failures), because the former – sophisticated breaches that are coming from all angles using co-operatively integrated components (inside the network, outside the network, human and robot/AI players) is concerning, yet incredibly exciting. We’re seeing complex networks behaving like biological systems and I expect data protection and AV vendors to step up to the plate. Just don’t expect the breaches to stop…they’ll inevitably continue as long as we present high value targets.

LKML: Timo Jyrinki: Simultaneous cat and external keyboard input causing kernel panic


LKML: Timo Jyrinki: Simultaneous cat and external keyboard input causing kernel panic.

I encountered a kernel panic with the 3.1.0 kernel on a Dell Latitude
E6410 while inputting simultaneously from the integrated keyboard with
a cat and from the external keyboard myself. I was trying to type my
password with the external keyboard (pw dialog already visible), but I
noticed that the computer didn’t seem responsive to my typing. Then
suddenly the cat shifted his position and there was a kernel panic
involving input handling. I’m now using i8042.nokbd kernel parameter
as a workaround, something I’ve found useful also earlier.

I’ve never given thought to use an animal with multiple external peripherals when testing input load issues. Now I have one more reason to get another cat.


Joker search on youtube.
Joker search on youtube.

I was doing a random search on the Joker role Heath Ledger played in the Dark Night…look what the top “suggested” video was on the far right.

Joker? :D

Roti time


Island Foods. I love these guys.

Their veggie roti is amazing, and if you ask for very hot, it’s truly very hot.

I tend to get the domestic-kid-hotness-conversion from most places, so I have had to ask for the “really, really hot” in many place to compensate. These guys know me now, and really-hot will nearly kill you if you have to ask.