Where to go with information

March 24, 2010

Report security concerns to CERT-CC and Carnegie-Mellon University:
https://forms.cert.org/VulReport/

Phishing should be reported to Anti-Phishing Working Group:
http:www.apwg.org/

The CERT-CC at Carnegie-Mellon University’s (CMU) Software Engineering Institute (SEI) is the very first Computer Emergency Response Team in the world. The Cordination Center (CERT-CC) was created after the Morris worm hit the web in the late 1980s.  The “CERT” name is owned by CMU and is leased for use to the U.S. Department of Homeland Security (and other governments).

The U.S. Federal Bureau of Investigation investigates Internet crime.   You should report information about Internet crime to the FBI, here: http://www.ic3.gov/complaint/default.aspx

If something is bugging you and you don’t know where to get advice, please send me an email. I am not a member of law enforcement and will respect your privacy.

john.crout at infragard /dot/ org (to disclose technical information)
jcrout-wordpress at softhome dot net (to contact me)

Trust – Trusted – Trustworthy

January 8, 2008

Safety and reliability allow trust. Process control lays the requisite foundation. Consider web security.

Process control increases the likelihood of surviving tests designed to cause failure. Safety must be demonstated. An application (or server) whose security is not demonstrated isn’t worthy of trust.

If it isn’t safe to fly, don’t get onboard. Who knows where those life jackets have been? Don’t trust them on your kids — or your grandkids.