Security Blog |
7.26.2002
Slow I'm not slacking off, there's just a lack of news. Jason had a take on the Yale-Princeton bit. He thinks Yale should get hammered for having such weak security on a site with confidential information on it. And he's right - social security numbers, names and addresses made readily available. Check out this link courtesy of Doc Searls. It's the ultimate war-driving machine.  Very impressive. For those who don't know, that's Netstumbler - a wifi scanner, running on an Acura MDX's navigation screen. I want one.
Ivy league cracking Strange story claiming that the Princeton admissions office illegally accessed a Yale server setup to notify prospective students of their application status. Princeton has evidently admitted to the act, claiming they wanted to "check security". Yikes, talk about competitive. Yale University complained to the FBI on Thursday that admissions officials at Princeton improperly entered a Yale Web site that was set up for prospective students. 7.25.2002
Google privacy NYTimes on something we've known for a while - Google and its bretheren are keeping information alive. That's a good thing, unless you want it to be forgotten. But it used to be that only government agencies and businesses had the resources and manpower to track personal information. Today, the combined power of the Internet, search engines and archival databases can enable almost anyone to find information about almost anyone else, possibly to satiate a passing curiosity.
'Technological Vigilantism' More on the bill which would make it legal to hack a computer if it's suspected of storing copyrighted material. In Berman's own words, this lunatic bill will establish "a safe harbor from liability for copyright owners that use technological means to prevent the unauthorized distribution of their copyrighted works." This is why we need tech savvy politicians. Berman, a democrat from California, and his team obviously have no understanding of technology, the Internet or computer security. Or they would realize that this ridiculous proposal is the digital equivalent of a law allowing us to break into someone's home if we think they have something which might belong to us. The real world analogy sounds silly, right? So I have to wonder if politicians like demonstrating ignorance. I don't care if the entertainment industry is lining his pocket with thousands of dollars for campaigning, a debacle like this destroys a reputation for common sense - perhaps the most valuable asset a politician can have. It's what I look for on election day. 7.24.2002
Busy day Sorry for the lack of posts today, but I'm just now getting a chance to catch my breath. Surfing around, it doesn't look like I missed much. On an unrelated note, I was talking with a reporter this afternoon about HIPAA. The conversation reminded of what a challenge it is for the industry. I don't think health organizations will comply with its standards anytime soon, unless they've been diligently planning for the last few years. Good luck to those who haven't.
Thank goodness From the Washington Times: House Majority Leader Dick Armey, in his markup of legislation to create a Homeland Security Department, yesterday rejected a national identification card and scrapped a program that would use volunteers in domestic surveillance.
Suburban NYSE? The NYSE is contemplating a disaster recovery and business continuity plan. An excellent idea. The New York Stock Exchange, which has operated in lower Manhattan for 210 years, may move half its trading to Westchester County to ensure the market stays open after a disaster, people familiar with the matter said. 7.23.2002
Unbelievable Sometime a story is just so over the top, I don't know what to say. This is one of them. Sponsored by Reps. Howard Berman, D-Calif., and Howard Coble, R-N.C., the measure would permit copyright holders to perform nearly unchecked electronic hacking if they have a "reasonable basis" to believe that piracy is taking place. Berman and Coble plan to introduce the 10-page bill this week. I know this won't go through, but it shows how desperate the entertainment industry is becoming. Here's an idea for them - adapt. Update your old business model, make it fit your customers' new demands. If done right, the money keeps pouring in.
Blog press A thanks to Information Week for including us on their Blog Resources page. They have a great story up - Are You Blogging Yet? I'm in good company: Doc Searls, Slashdot and Dan Gillmor to name a few. Very humbling to be included with such a group.
Red tape Government. You've gotta love it. From the NYTimes: WASHINGTON (AP) -- Years after orders from the White House to beef up the security of the nation's most important computer systems, the government is having trouble identifying which organizations should be involved and how they should be coordinated, according to a new report. There's an obvious need to trim some of the fat. Consolidate these groups, get the right people together. Unfortunately, that's likely too much to hope for.
New article I just had an article published at Security Focus - Detection and Removal of Malicious Code. It's an overview of how to repair a cracked machine, with minimal downtime. An intro piece on autorooters should be out in a few weeks. Has it happened yet? The phone call, the e-mail, the page, or maybe you discovered it yourself. Something wasn't right: sluggish performance, too much network activity, a missing file. After a little investigating, the realization - you've been cracked. If this isn't familiar to you yet, odds are it will be in the future. Crackers have access to countless variations of malicious code: automated rootkits, trojans, viruses and specific exploits, all designed to breach your security. Detecting and removing these programs can be a daunting task, with little room for wasted time or error. In this article, I'll explain techniques readers can use to get their system back on-line and prevent it from happening again.
NIPC vacation? Rob Rosenberger of Vmyths wonders where the FBI's NIPC has been all summer. Incredibly, the Internet still exists despite FBI NIPC's mass vacation. Go figure. Then again, I can't even tell you who defends the Internet in their presence, let alone their absence. 7.22.2002
Correction From the logs, I noticed a bad link in the IDS return on investment story, posted on the 19th. It's fixed, check it out.
Funny stuff I read this Dave Barry column in the paper last Sunday, but forgot to find the link. Today, someone forwarded it to a security list. It's pretty funny and has likely happened to most of us. Password and spam humor. But as I say, that information is classified. To keep you outsiders from getting hold of it, we employees are required to keep changing our passwords until, in a triumph of corporate security, we cannot remember them even with the aid of Sodium Pentothal. Many of us have to put a post-it note on our computer with our password written on it, along with the word ''PASSWORD,'' so we remember what it is. This is probably not a solid security practice, but if we don't do it, we will be unable to get into the system and carry out the important work of deleting our e-mail.
High-Flying Schmidt Security Focus columnist George Smith's take on Howard Schmidt, a high-ranking member of the Critical Infrastructure Protection Board. George has the same distate for gloom and doom preaching that I do, and let's it fly in the article. It's so refreshing to see someone call these politicians (they sure aren't technical) out. This is not the worst. Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005! Cats and dogs fornicate in the street as the sky turns black as sackcloth. George goes on to explain how the cycle works. Vendors pay quite well for fire and brimstone speakers, then bombard the scared attendees with their products. For the St. Louisans visiting, Howard Schmidt was recently at Wash-U for "Winning the Way on Cyberterrorism" - I did not attend. In simplest terms, Schmidt is a computer security celebrity junketeer, a highly specialized occupation somewhat obscured by an official biography bulging with professional-strength acronyms. Much of his time is spent as a featured speaker jetting around corporate America. Search engines return Schmidt lectures everywhere in 2002...
Wifi sec Here's one of those articles which is, for the most part, good, minus a few bits of FUD. Mainly it just describes a bunch of scary wifi scenarios. Some quite feasible, others far-fetched. Worth a quick read. But the wireless revolution, the hottest trend since the creation of the Internet, also poses a profound threat to our security and privacy. By tapping into these wireless networks--essentially radio broadcasts--whackers might readily break into computer networks in homes, businesses and government offices and read private memos, files and financial information.
Email to Switzerland? Be careful. It'll be logged for 6 months. A record of almost every email sent to and from Switzerland is to be logged and stored for at least six months, under a new Swiss surveillance law. 7.21.2002
Blog press I was recently named to the St. Louis Business Journal's 30 under 30 list. And the blog is mentioned in the article! A big thanks goes out to the Business Journal and the event sponsors. I had a great time at the reception, which was held last week. Additionally, congrats to the other recipients - a talented bunch to say the least.
Whitepaper Via Slashdot: The ACLU has released an interesting paper on how broadband access threatens Internet freedom. |
