BTW - what does everyone think of the titles? Doc Searls has them on his page. I find them amusing, plus they help me remember where I left off. They section off the posts better than the dates. So I thought I'd give them a try here.
So much to post
Stories coming off the wire left and right. AOL is releasing a secure IM package, designed for enterprise use. I wonder how much that will cost? Seems silly to me, this would be pretty easy to do with a tweaked open-source setup.
Hiring hackers? Be careful.
OS Opinion has the right idea - you're never too small to be hacked. This piece discusses some of the potential threats facing companies.
Spying on users without cookies? I'll believe it when I see it. You've got to love the farout promises of a startup.
This looks pretty funny. A DNS registration service has the message: "Prowl requests your assistance against the Decepticons!" appear on several of their sites - then claim they were not cracked.
My friend Chris just pointed out some typos - everyone please do so. Lord knows I make plenty of them.
Check out the Internet Storm Center, the result of distributed IDS systems reporting data from all over the world.
What Would We Do Without It?
Salon has an interesting article on email. There are a few good stories and toward the end, some things we all need to be aware of:
The flipside of this access to anyone in a company is that e-mail creates a record of one's thoughts and actions that, in most cases, is permanent. An e-mail can thus become a smoking gun, an electronic paper trail that later comes back to haunt the sender.
Anonymous Comments Are Fun
Remember the Peter Tippett article I disagreed with a few days ago? Came across a similar report this morning and browsing the reader comments, I found this gem:
I'll make sure to lock 90% of my doors and windows.
It's The Truth, Unfortunately
At the Networld+Interop convention in Las Vegas, several big names discussed how security remains an afterthought on many levels.
"The reality is, everything is vulnerable. I just don't believe that we'll ever get ahead of the attacks," said John Roese, chief technology officer of Enterasys, of Portsmouth, N.H. "There will always be a threat, and you'll never be completely protected. I'm disturbed that most enterprises don't have the mechanisms to react to things like Code Red and Nimda."
We've got a theme today - surveillance. Look for it in airplanes soon. I probably look pretty funny sleeping on a plane - all hunched over and cramped.
Airbus, the European jet manufacturer, is planning to build concealed cameras into the light fittings above the seats in its aircraft. The idea is to let the crew monitor passengers and spot hijackers before they strike. The cameras also work in the dark.
MIT's Technology Review discusses the information which can be gleaned from workplace surveillance. This is definitely a different take on the issue. However, employees will always be uncomfortable being monitored - even if it's of benevolent intent.
Do nurses, doctors, airplane pilots and white-collar workers want to have their keystrokes captured and their movements recorded? Probably not. Do questions of privacy and proprietary use have to be negotiated anew? Of course. Innoveillance represents yet another battleground where innovators and their customers will clash over the future of value creation. But the fundamental observation remains the same: the ability to intelligently discriminate between how people actually behave and how they are supposed to behave is critical to understanding how ideas spread. The marginal cost of providing that kind of vision is declining; the marginal value of having that kind of vision is climbing. You can’t see what you’re not looking for. Open your eyes.
Interesting take on wireless security in this SecurityFocus column. I think he makes some good points, there's a lot of FUD floating around. But wireless security does require some preparation and planning.
Simply put, I don’t buy into the hype and hoopla surrounding wireless networking. Sure, it has its advantages in certain areas, but I don’t see the need for a whole new industry to provide all manner of ‘wireless security’ solutions. I would have alienated most of the vendors by calling their products and ‘wireless security solutions’ useless and irrelevant – in a word, snake oil.
Pretty good interview here of a guy who is labled as a penetration tester for the government.
Translation - crackers have only exposed the tip of the iceberg. There's thousands more!
Jim Allchin, Microsoft's senior vice president for Windows, warned in testimony Tuesday that too much disclosure of technical information in the wrong areas would benefit hackers and create more opportunity for virus attacks.
I don't agree with this guy - and some of his security myth comments are absurd.
But most businesses already had quite adequate security systems in place and personnel trained to deal with incidents, said Dr Tippett, who helped invent Norton security products and is now chief technology officer of TruSecure.
Sure they do. This must be a convention for people who like to bury their heads in sand.
This is lovely. A man got past an airline security checkpoint with 2 loaded guns. The best part - he claimed that they were needed for his work - at a record company.
Note to all the aspiring crackers out there: don't hack a hotel's internet access when there's a security convention going on. It was probably one of the attendees, but they stopped - quickly.
Even before the CanSecWest security conference started on Wednesday, unknown hackers had given the hotel's high-speed network a case of the hiccups. By Wednesday evening, the system was laid out flat.
Wow - this will be the biggest implementation of biometric access in the world. I'll definitely be following the progress of this project.
Within two years, all U.S. Defense Department workers will enter their facilities via fingerprint or iris authentication.
I've imagined this scenario before:
However, the dirty little secret of the security industry is that if the big software vendors paid more attention to security, security hardware and software vendors would be out of business, according to experts.
But can't imagine it happening anytime soon. There will always be weaknesses and vulnerabilities, things we can't even imagine right now. The article does has some good insight regarding the future of this industry.
Simplicity - the key to security management?
This is important because managing enterprise security has grown increasingly complex, and many companies don't do the job properly--not because they don't care, but because they don't know how. There's a shortage of skilled managers, and other factors present a challenge. For one thing, it takes sufficiently long to really learn network security, and the topic is complex.