A few stories to pass along today. In this piece, PBX security - something overlooked by almost every company, is discussed. Phreaking doesn't get much press today, but believe me, it's still around. And here's a story on responding to DoS attacks. Additionally, check out the Wifi Security Project for a tidbit on wireless spamming.
posted by mt at 10:09

I wouldn't call this person a guru, but they'd definitely be a valuable asset to any IT department.

They know how to set up and maintain firewall, antivirus and intrusion detection systems. They know how to scan the company network for holes. They are up to speed on the latest vulnerabilities -- and know whether or not software patches are available.

They know what to do when the corporate servers get hacked, and they know how to stop the attack in its tracks. They also have the gumption to tell you when they cannot handle something, and they can recommend where to go for help.

This, experts say, is the profile of the perfect security guru.

posted by mt at 15:01

Strange. Some days I have to stretch to find a post, other days it seems as if I find something interesting around every corner. Kevin Mitnick discusses one of his specialties - social engineeering:

"A lot of people think they are not gullible, that they can't be manipulated, but nothing could be further from the truth," says Mitnick.

Here, the lack of security specialists is discussed. Articles like that always make me laugh, there are plenty of skilled professionals, just not a lot of people willing to pay for them. What they really mean is that there's a lack of people who can handle the basic security tasks. Lastly, the Washington Post reports on some new government security standards for MS Windows products.
posted by mt at 10:05

George Smith of SecurityFocus with another great commentary on media hype. The opinion columnists at SecurityFocus consistently produce some of the best security articles on the web - check them out.

It's fun to get caught up in the chase of disaster. Passing on official fictions seasoned with anecdotal accounts of pandemic human screw-up salted with the infrequent loquacious virus-writer or hacker eager to play the part of pitiful but sinister freak (the porn-obsessed virus-writer, hackers thought to have Asperger's Syndrome) always lands above the fold, is guaranteed high transfer in mailing lists, and spawns same-day copycat journalism. Tales which lack these ingredients don't.

posted by mt at 10:23

Wired looks into the FBI's hiring techniques and postulates why their computer security skills seem to be lacking. Very interesting read - not a lot of computer geeks fit the "profile" of an FBI agent.

But after responding to the agency's appeals for computer security experts, aspiring G-men hackers sadly say that their names will never appear on the FBI's Most Wanted Job Applicants list.

Although their technical abilities should allow them to qualify easily as agents, their ethics, age and/or physical fitness levels excluded them.

posted by mt at 15:34

A busy start to the week. I haven't been able to read much aside from Jon Lasser's most recent piece at SecurityFocus. He discusses the NSA's decision to stop contributing to the SE Linux project.

What prompted this decision? Not abuse of their code by script kiddies, nor the ungrateful trolling of the hordes, but lobbying by the U.S. software industry against the government giving away something that could compete with products sold commercially. Microsoft in particular allegedly conducted intense lobbying to block further open-source development by the NSA, according to CNET.

posted by mt at 12:00

Did the FBI botch email evidence? Wired reports on what looks to be a major screw up in the investigation of a suspected terrorist. There aren't many details in the article, but one has to ask how a forensic team could overlook a Hotmail account. Wouldn't free webmail services be the first thing you looked for?

Moussaoui claims his e-mail could help him establish his alibi. But the FBI has no records of the account, and an incredulous U.S. District Judge Leonie M. Brinkema now wants to know how the FBI could have searched the computers Moussaoui used and not located any traces of the Hotmail account.

posted by mt at 13:24

Is one of my neighbors trying to send me a message? I found this search referenced this evening in the HTTP logs.

"GET / HTTP/1.1" 200 11803 "http://search.earthlink.net/search?area=earthlink-ws&q=PROTECTING+YOURSELF+FROM+A+NEIGHBOR+WHO+IS+MAD" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"

Sure got my attention. I wonder if anything we've posted helped this poor person out.
posted by mt at 01:14