Security Blog |
3.23.2002
Stories like this drive me crazy. I'd love to get the technical details. What exactly were the 125000 attempts? Portscans? Worms? Sophisticated or not, it's definitely a big, focused attack, on an important Air Force base.
Bruce Schneier sums up the CBDTPA nicely with this quote: For the entertainment industry to put this forward just shows how much of the economy they are willing to sacrifice for their ends. Their scared to death that the empire they built is about to crumble. 3.22.2002
Why do politicians address things they don't understand? Senator Fritz Hollings introduced the Consumer Broadband and Digital Television Promotion Act (CBDTPA) this week. It will never pass, but why demonstrate that you have no grasp on technology, the internet or the future by signing your name to such a thing? Wired has a good breakdown of this nonsense.
Any CFO who is cutting back or eliminating security funds right now is crazy. I understand that budget cuts are currently the norm, but there are far better areas for cost cutting. This article discusses such cuts and "hired hackers". Professionals call this a penetration test.
No, Silicon Valley is not dead, just rebuilding. And you've gotta love this line: While many of the M.B.A. gold diggers high-tailed it back to Old Economy-ville, the people who matter in Silicon Valley—the geeks—weren’t going anywhere. Amen to that.
Here's an exciting story about a guy who helped the FBI snag some hackers in a scenario straight out of Hollywood. Who said computer security's dull? Just another day at the office.
This looks cool. A host based firewall for an enterprise environment, built right into a 3com NIC - I like it.
Is there anything better than working late into the night, while Art Bell is on the radio? I think not.
Are phone phreaks running the Las Vegas telephone network? I doubt it. But the accusations make for a juicy story. 3.21.2002
The government will be expunging sensitive data from its public sites. Is there a lot of this floating around on government sites? Evidently yes.
Good quote from an article on the pay of security executives. "Why did the healthcare industry need HIPAA in the first place? Because they didn't take security seriously. In many ways, they still don't," said Hunt.
Interesting - foreign crackers extradited to the US to face charges? Looks like it could happen in this case. Overseas cracking might not provide the insulation it once did.
A thanks goes out to Doc Searls for visiting and offering a few tips. Check out his page, it's a daily stop for me. 3.20.2002
Here's an interesting idea - an emergency technology team. A group that can rapidly mobilize and implement a patchwork system to keep networks up should disaster strike. It's a bill introduced Wednesday to the Senate.
According to this article, the FBI is considering putting an end to the National Infrastructure Protection Center. The money saved would likely go to beefing up internal computer crime divisions - a good thing.
A scary story about intellectual property, contracts and open source development. It's a primer on employment agreements, something all programmers need to understand.
DIRT stories have been making the rounds. It's supposed to be a piece of software used by government agencies which can magically monitor you, capture data, remain undetected and read your mind. I'm waiting for some major news outlet to run with it as the ultimate spyware. Surprise - it's not.
I'm getting tired of the open versus closed source security debate. Under a thorough review, almost every piece of software is likely insecure in some fashion. Don't worry, MS decided to address this problem, internally of course -- starting a few weeks ago. The scrutiny of open source software has been handled by thousands of programmers working virtually non-stop. Security bugs aren't going to disappear overnight. In the long run, my money is on the source code I can see for myself.
We'll be hearing a lot about this in the near future - wireless security. Nothing technical here, just a list of companies jockeying for position.
If you happen to find yourself on trial someday and decide to represent yourself - don't do this. It's a story about the courtroom antics of accused Ebay cracker - Jerome Heckenkamp.
OK. I've tweaked the colors a bit and changed the template - ready to go live. How about an explanation first? My friend Scott Granneman introduced me to the content management and weblog scene. I realized it's something I've participated in for quite some time, since I frequent sites like Slashdot, the Drudge Report and Salon. Quickly, I was hooked on the small, personal blogs like the Scripting News, Doc Searls and Glenn Reynolds. I love the mix of news, links and commentary produced by similar individuals all over the web. In just a few weeks, I was using a small group of sites to filter my news. Amazing concept - isn't it? We're drowning in all this information and our own peers can save us. So, after a few months of enjoying and learning from some of the great bloggers out there, I decided it was time to contribute. I hope to offer honest commentary on the network security world, my specialty. It's an area which can be confusing for those unfamiliar with it, thanks to the FUD and paranoia surrounding it. I'll try to cut through that by providing noteworthy links and a few brief thoughts. Occasionally, I'll thrown in some off-topic stuff to keep everyone on their toes. It's an experiment, so be patient and don't hesitate to talk back. I've rambled enough, let's get started. 3.19.2002
|
