tl;dr: A seller who sold a terrible product is offering me $50 to change my review from 2 stars to 4 or 5. I’m not even sure where to start with this one. It’s a scenario that I’ve never experienced before even as one of the earliest of early adopters of Amazon (like, when they only sold books and this Unix nerd was deep into the O’Reilly series). I shop on Amazon for the convenience. They don’t always have the best selection or price, so I still shop around. In some cases, the selection is superior so I’ll browse through and choose based on the reviews. Now, we all know there are issues with review sites doing shady things to ...

Postini was a technology darling in the mid-2000s that sold email filtering technology as a service to companies struggling to combat the onslaught of SPAM and malicious emails that were sprayed at corporate inboxes. For small companies or small footprints, the price was right as well. $1/user/month translated to super cheap filtering with a nice web interface to boot. Google thought so highly of the technology that they paid $625M in cash in 2007 for the company, which was absorbed into Google Apps over time. Those of us legacy Postini users were drug along for a time as the service continued to dwindle in quality and usability, culminating in a complete shutdown and forced migration in December. Google handled the ...

I’m not afraid to point out misleading or questionable research findings funded by marketing groups strictly to gain headlines. Studies like the cost per record or cost per breach white papers come to mind here that give us excellent, attention grabbing headlines supported by a house of cards (specifically the cost per record studies). The information presented is unusable for risk management purposes, and is a quick way to get laughed out of a room if you quote these studies. What risk managers need is something that is comparable to their companies when trying to think about costs. Simply taking an average cost per record or an average cost per breach is not concrete enough to make risk management decisions. ...

SMS-based authentication continues to be a great way to placate a user into thinking they are safe while creating an avenue for attackers to gain access to their accounts. Fabio Assolini and Andre Tenreiro from Kaspersky published some research that puts numbers in fraud losses to these threats. SIM Swaps cost criminals $10-15/SIM with gains from fraud being over $1,000. That’s a good return on investment. It’s why I’ve become a huge fan of U2F and other non-SMS authenticators (see my guide here). Companies like Yubico have made real multi-factor authentication doable for the masses with zero client-side infrastructure. Major companies like Google and Facebook are leading the charge to remove SMS-based authentication and account recovery options by allowing users ...