Category Archives: Brian Krebs

And I thought I was quite softly spoken…

I was more than a little flattered to find myself included in Sys-Con Media’s Top 25 “Most Powerful Voices in Security” (article by Jim Kaskade). (Let’s not get too excited: I just scraped in at number 22.) But when I checked through the whole top 100 and saw some very familiar names there, I’d have been grateful to scrape in at #100, let alone in the top quarter.

Actually, it’s a little scary too, to get some idea of how many people might notice when I get something wrong. Oh yes, it does happen…

The study apparently included researched over 800 people, including security company executives, bloggers and media people, top names in cloud computing,  government officials, CISOs, and industry analysts. So it’s not surprising to see big hitters like Eugene Kaspersky, Rich Mogull, Brian Krebs and Bruce Schneier in there.

 On a more personal level, congratulations to Graham Cluley and Richi Jennings, both of whom were, inevitably, much higher placed than I was. 🙂 (Hat tip, too, to Dan Raywood for drawing my attention to it.)

Enough self-congratulation: back to the grindstone…

Small Blue-Green World/AVIEN Dogsbody-in-Chief
ESET Senior Research Fellow

Status Epsilon-icus*

Ok. That wasn’t the last update.

And very possibly the last update here (the target blog suggests why…): Epsilon Overkill and the Security Ecology

Update 3: Rebecca Herson evaluates some of the advice given by Epsilon customers for coping with the phlurry of phish anticipated post-Epsilon:

Links and a little extra irony from me:

Update 2: a discomfiting suggestion that there was a longstanding problem that Epsilon were actually aware of:,epsilon-breach-used-four-month-old-attack.aspx (hat tip to Kurt Wismer, again)

Update: a few more articles you might find worth reading.

It’s reasonable to assume that the Epsilon fiasco will lead to an epidemic: at any rate, luminaries such as Brian Krebs and Randy Abrams are making that assumption, and publishing some excellent proactive advice accordingly. So rather than go over the same ground, I’ll just cite some of the more useful blog posts around that.

Two highly relevant posts by Brian Krebs:

And two relevant posts by Randy:

A list of companies known to have been affected from ThreatPost:

And a characteristically to-the-point rant by Kurt Wismer on why it wouldn’t be an issue in a sane world:

*Yes, a rather forced pun, I know. 

AVIEN Dogsbody
ESET Senior Research Fellow