A bunch of security news

To make up for the slow progress on SecurityMusings recently, here’s one mega-post with bunches of links.

First off, PGP is 15 years old. The technology that started to put security and crypto into the average user’s hands has reached a pretty significant milestone, and deserves some recognition.

Next is not specifically security related — it is how much of an IT disaster the electronic health records management system at Kaiser is. Aside from the problems of downtime and amazingly high ($4B) cost, it seems that it’s beginning to affect patient care, which is a Very Bad Thing. Although we don’t work with Kaiser (yet), we have dabbled in EHR for other customers. The EHR groups and vendors suffer from an unfocused and unorganized approach to security — there are enough security-related standards in that space so that everyone can have their own.

Joel on Software put up a posting called What’s a SQL Injection Bug? which is a great description of exactly how serious — and easy to overlook — this kind of error is. Written by a programmer, for programmers, this kind of advice is always welcome.

Dark Reading has an article called Kicking some Brass:

Do you ever wonder what the heck is wrong with top management? Why don’t they see risks associated with IT security breaches? Why don’t they help you do something about it?

The results (highlighted in the article) are unsurprising, but the more this message gets out, hopefully the less people will be satisfied with the status quo.

Lastly, here’s a cute comic for your viewing pleasure. If you understand the comic, you officially get crypto.