Discovery Channel :: It Takes a Thief
I caught an episode of this show over the weekend, and another tonight. It was great, showing how easy it is to break into the average house in the middle of the day with no one any the wiser. Okay, the frat house wasn’t average, and the one in the second show was a very upscale house, but in both cases, the attitudes the homeowners show was pretty average. Locking up their valuables was an afterthought, if they even thought about it at all.
One of the things I like the most about this show is that the hosts make it clear to the homeowners that the technical part of security, the locks etc, is only the beginning of securing their homes. It’s attitudes that have to change to make the tools effective. The hosts bring it home with a certain amount of visceral reality by actually trashing the houses as they tape the show. You should see the expressions on people’s faces when they walk into their recently burglarized house.
As a security professional, I try to keep myself aware of the human portion of network security. It’s easy to get my head so deep in firewall configurations, server builds and IDS rules that I forget the other portion of security: education. Reminding the HR clerk not to leave sensitive documents on the desktop, making users aware that it’s not okay to take home copies of sensitive documents, asking people to think before they send that spreadsheet with the company financials out over email. In a lot of ways, the human element of security is just as important as the technical element. We can’t afford to ignore either one.
Since I discovered podcasts a couple of months ago, one of the sites I like to visit on an irregular basis is the IT Conversations website. They have a wide variety of podcasts from different authors, many of them having been recorded at live IT events around the country. One of the more recent podcasts come from the BlogHer Conference several months ago. Titled Legal Tips: What You Can Get Away With, it goes over many of the concerns facing bloggers today. Can I blog about my boss without getting fired? What if someone post copyrighted content on my site? What is copyright law and the Creative Common License? The presentation starts with one of those standard disclaimers, but this one I have to agree with: If you’re having legal problems, go see a lawyer, don’t rely on what you hear on a podcast for your protection.
Listening to the Legal Tips podcast led me to another site worth looking at if you blog, Chilling Effects Clearinghouse. There have been numerous examples over the last couple of years of bloggers being silenced by the mere threat of legal action. I’ve blogged about it a few times myself, and, more importantly, refrained from blogging on several occasions because of possible legal repercussions. One of my most recent examples was the presentation Michael Lynn gave at the BlackHat Briefings; I refrained from posting a copy of his presentation because of the Cease and Desist orders a number of sites recieved. If I’d had a chance to read Chilling Effects prior to this event I might have posted his presentation. At the very least, read the FAQ if you blog.
The Chilling Effect in turn brought me to my final link of the night, the Electronic Freedom Frontier’s Legal Guide for bloggers. I’ve long been a fan of the EFF, even when I had only the sketchiest idea of who they were. I mean, anyone who’s willing to fight the Digital Millenium Copyright Act can’t be all bad, and they’re also one of the biggest defenders against the Recording Industry Association of America. The EFF is one of the sponsors of Chilling Effects, right in line with their goal of helping us keep all of our freedoms in the digital realm as we enter the 21st century.
If you blog, and you think there’s even a slim chance you might annoy some one, some day, take the 30 or so minutes it takes to listen to Legal Tips podcast. Then bookmark the Chilling Effects and EFF Legal Guide websites for the future. Hopefully neither you nor I will ever need to refer to these sites in a real world legal battle, but you want to know where to find them, just in case. And one of the biggest keys to winning a legal battle is knowing how to avoid one in the first place.
You may, or may not, have noticed that all of the blog entries today have come in fairly short order in the last hour or so. I’m being kept so busy at my new job I rarely have the time blog at work, unless something really important or aggrivating comes up. Somehow, I can still find the time to rant. Anyways, I’m going to try keeping track of some of the articles that catch my eye during the day and blog about them when I get home at night, some time after I get the kids to bed. We’ll see how that works out. As long as it doesn’t take too much time away from City of Heroes, we should all be okay. The only problem is that I’ll probably write a cranky entry, like my last one.
Another issue I’m dealing with tonight is blog spam. I’ve made some minor changes that should deal with the problem for now, but one of these days I have to bite the bullet and upgrade my blog software to something that has more anti-blogspam features built in. I’ve been pretty happy with MovableType for the last few years, but if I’m going to upgrade, I’m going to have to at least look at other products. But first, I’m going to have to convince my wife to allow me to spend some more money on hardware. Another one of those things that’ll have to wait until after Christmas.
Finally, and most noteworthy, is that I got a surprising reply to a comment I made in the blog last week. Ron Gula, the CTO of Tenable Security and Dragon IDS fame, sent me an email offering to give me an interview. Basically, he wants a chance to defend Tenable’s decision to remove Nessus from the Open Source arena. I’d like to talk to/exchange email’s with Mr. Gula and post the interview here, but I’ve never done an interview before. Which means I need a little help; if you’ve got questions you’ld like to pose to Ron Gula or Renaud Deraison (the guy who actually wrote Nessus), send them to me or post them here. I’ve exchanged a couple of emails with Mr. Gula, but eventually I’m going to find the time to take him up on his offer. So help me out a little and see if I should branch out to interviews, or if I should stick to my rants.