Network Security Blog

I got a late start tonight.  It’s been a heck of a week already, and it’s already Tuesday.  I’m preparing for a big conference, where I’ll be giving part of a presentation, and its a lot of work.  I’m drooling a little over the thought of purchasing one of the new minimac’s (I know, it’s Mac Mini, but I prefer minimac) even though my wife’s thrown some cold water over the thought of getting one.  I can still dream about recording my next podcast in Garageband though, can’t I?

Tonight’s music was Complicated by retrograde

Network Security Podcast, Episode 16, February 28, 2006
Duration:  30:53 minutes

IT security podcasts you can’t miss
Privacy and Anonymity
Torpark
Four lose jobs after data breach at Oregon health care facility
Employee fired for a data breach?
Why Windows Vista Won’t Suck

Pauldotcom.com

Technorati Tags: Security, Podcast

Last night I sat down with my friend Dan Sweet and I recorded a short podcast “State of Employment in the IT Industry“.  Dan has some good points about the future of the IT industry and how to write your resume to get your next job.  He’s made me think again about going back to school and getting my MBA.  Now if I can only convince my wife it’s worth the money.

Technorati Tags: podcast, employment, recruiting

Dennis, one of my fellow Podcast Roundtabler’s reminded me that Google Pages can be used to harvest email addresses.  I was aware of this, but I decided to go ahead and get my page despite that.  My email address is easy enough to figure out and I’ve put it out there enough times that I wasn’t in too much danger of getting an appreciable increase in spam.  I probably will get more spam, but it’ll just be lost in the general background noise. 

This highlights one of the principles of security that is often forgotten:  You’ll never be able to remove or mitigate all threats.  Security is about mitigating the threats you can and making sure you’re willing to accept those remaining. 

Technorati Tags: Security, Google

I’m listening to the latest episode of This Week in Tech and decided to claim my own Google Page.  It took less than 10 minutes to set up and publish.  I doubt I’ll ever do anything with it, but I’ve got it reserved.

Technorati Tags: Google, blogging

One of the hazards of having an SSH server running on the standard port (22 for the less geeky) is the number of brute force attempts seen on a daily basis.  Not too many days go by that I don’t see several hundred attempts from some host or another.  I’ve been worried about this for a while and thanks to the guys at the Cyberspeak podcast, I may finally have my solution:  DenyHosts.  I haven’t installed it yet, but it looks pretty easy to configure.  If you’ve tried it, let me know about any issues you encountered.
 

Technorati Tags: security, SSH

I wasn’t aware of this, but there have apparently been 3 messages that were encoded with the Enigma machine that were never broken since World War II.  Now there are only 2.  A project that uses distributed computing power has been started to crack the codes, and the first of these have fallen.  This is pretty cool, but it makes me wonder how ‘unbreakable’ today’s encryption codes are.  Will we be able to break AES and Triple DES relatively easily 60 years from now?

Technorati Tags: Security, Enigma

I really do appreciate it when a company comes right out and says, “We’ve had a rough week, we know you were affected, we’re sorry.”  Instead of trying to hide the recent outages and difficulties, the folks at Libsyn have taken the time to explain some of the difficulties they’ve been through and are apologizing.  Having been through several major network upgrades and knowing what they can be like, I like this approach a lot better than the “Move along, nothing to see here” method many companies take.  I know I’ll be sticking with them as long as they keep up this type of honest and open communication.  Thanks guys, now get some rest.

Technorati Tags: Libsyn, podcast

FTC Settles with CardSystems Over Data Breach

What they’re proposing isn’t even a slap on the wrist!  It’s basically letting them off the hook for the biggest compromise ever, and CardSystems got compromised due to their own stupidity.  They kept data in a way that was contrary to the Payment Card Industry (PCI) Data Security Standards, industry best standards and common sense.  You know I’m gong to have something to say when this opens up to public comment.

The lack of security “compromised millions of credit and debit cards,
and led to millions of dollars in fraudulent purchases,” the FTC said.

The FTC said it would publish the proposed settlement in the
Federal Register, then accept public comments for 30 days before
finalizing the settlement.

Technorati Tags: security, PCI, compromise

I was wandering through my RSS feeds when I found this site, Family Watchdog (thanks to Xeni).  This creeps me out on so many levels.  First of all, when I put in my own address, I was horrified to find three convicted offenders within half a mile of my home.  I have two young boys, ages four and six.  I don’t want anyone who’s been previously convicted of a crime against children anywhere near them.  Second of all, the amount of information available with just one or two more clicks is amazing.  Pictures, address, type of offense, distance from my house, it’s all there.  And I think I find this violation of privacy nearly as hard to handle as the proximity of the sexual offenders.

One of the categories on the page is ‘Other Offense’.  I don’t know what that is, but it worries me.  As a society, we’re becoming more and more okay with the idea of tracking people, especially criminals.  But I see this as another of those slippery slopes where we may not no when to stop.  I can easily imagine a day when a speeding ticket in your youth could mean having a tracking tag put in your car for the next five years, since your obviously a danger to traffic.  That’s a exaggeration to the absurd, isn’t it?  Or maybe not.  Look at a different way:  we already have rental companies placing tracking systems in their cars.  If your insurance agency offered you a discount if you’d allow them to put a similar device in your car, would you consider it?

I’m glad someone’s gone through th effort to create the Family Watchdog site.  I’m just afraid that the Traffic Watchdog or the Littering Watchdog are going to come next.  It’s wonderful to be able to find out about those bad people in your neighborhood, I just don’t want it to go too far.

(I’m sick, so excuse me if this rambles a little more than usual.)

Technorati Tags: security, privacy

I hope you guys can use this, but I’m using this post mainly as a bookmark for mysef.  After last week’s RSA Conference, I’m not sure I want to run my laptop off of the normal build and running XP off of a USB key seems like a much better option.  The other option is running of of a Linux LiveCD, but I’m just not as comfortable setting up wireless on a Linux build as I am in Windows. 

But first things first; I plan on getting Windows Vista running on a VMWare virtual machine this weekend.  Or drive myself nuts trying.

Technorati Tags: security, windows