Network Security Blog

“What people don’t realize is that they’re between 10 and 150 milliseconds from every creep on the planet” Mike Poor

It’s easy to forget that physical distance is no deterent in hacking.  All it means is a little more delay in the return of the packet, but they can still get to you.  In an Internet that’s so US-centric, it’s easy for the average user to ignore the threat from Russia or Nigeria.  Another thing to remember, even though phishing is illegal in the US, it may not be in the country the email is originating from.

Technorati Tags: Security, podcast, hackers

Paul at Pauldotcom.com pointed out that we’d both been noticed in an article listing Info Security podcasts at Info World.  I wrote up several of the podcast I listen too regularly last month on my ComputerWorld blog.  Unluckily, I missed Paul’s podcast on the list.  I’m going to have to do another list, this one just for the security podcasts.  The list is growing and I’m going to have to prune something soon.  Otherwise I’m going to have to start listening to podcasts in my sleep.

Kathryn Cramer has an excellent, if long, article hunting down the technology that’s proposed to be used to plug the Analog Hole.  This is a stupid idea to begin with, the idea that the ‘a-hole’ can be plugged, but the thought that a secret technology be legislated into use is idiotic.  If this legislature does pass and VEIL does become mandatory, I’m willing to bet that it’ll be broken within a couple of months.  All that will really be accomplished is that the pirates will be put off for a few months and consumers will be pissed for years to come. 

Technorati Tags: DRM, VEIL

I received an email about this yesterday from a reader, Vick.  There are accusations on the ‘Net that large parts of the Official (ISC)2 Guide to the CISSP Exam were plagiarized.  This isn’t a minor accusation, especially when it’s about a company like the (ISC)2 who subscribes to a code of ethics.  I wanted to see some form of verification before I said anything on the blog.  Well, I just got a link in the mail (Thanks Kevin).  The messageboard post lists a couple of articles that are available online and were lifted wholesale and put in the book.

Strictly speaking, I don’t think the onus for policing the content of the book really lies with the (ISC)2; they probably paid a publisher who commissioned a writer, or several writers, to write the book.   But that’s no excuse for this happening.  Plagarism may not be a crime, but it is a policy and ethics violation that looks bad for the writer, looks bad for the publisher and leaves the (ISC)2 with egg on their face. 

I don’t have a copy of the Guide, and I’m probably not going to go out and purchase one just to verify the accusations of plagiarism.  But if someone else who has a copy of the book would look at the articles mentioned and the pages in the Guide and do a comparison, I’d love to hear what you have to say.  I’m hoping that this is a misunderstanding and that the guide gives credit to the original authors in the bibliography.  If not, the (ISC)2 has some ‘splaining to do.

Technorati Tags: security, ISC2, ethics

It’s good to be back at home for the podcast.  I was missing my main microphone and a good set of headphones.  I had a minor allergy attack in the middle of the podcast, so please excuse any sniffles I missed in editing.  Tonight’s episode is my wrapup of the RSA Convention, and unluckily I wasn’t overly impressed.  Next year’s show is supposed to be back in San Francisco, which will hopefully make it better.

Tonight’s music was evolution by the Lemmings

Network Security Podcast, Episode 15, February 21, 2006
Duration:  31:00 minuts

TaoSecurity Blog
Still Secure
Indentity Woman
Giant Squid Audio Lab

(ISC)2 Study
Invasion of the Computer Snatchers
Internet Storm Center

Technorati Tags: security, podcast, privacy, PCI, Mac

Looks like February just isn’t going to be a good month for Mac enthusiast.  Another vulnerability has been discovered for the Mac that allows execution of malicious code on a Mac.  I’m not posting this as a dig against the Mac, but as a reminder that Mac users need to start thinking more about security.  Just using a Mac is no longer enough to keep you safe.  You’re going to need to run anti-virus, anti-spyware, a personal firewall and all the other tools smart Windows users have started to take for granted.  This is what comes from having more than a 5% market share; people see you as a appealing target.  Welcome to the world of worms and viruses all you Mac users.

Edit:  Here’s some more information on the Mac vulnerability.

Technorati Tags: security, Mac, vulnerability

I just wanted to put up a quick note before I forgot:  be very carefull when connecting to anything at a security conference.  Last week while at RSA they offered free wireless connectivity in the press room.  The SSID for the official wireless network was ‘rsa2006′.  Then there was the other network, ‘RSA2006′.  Subtle, but important, difference.  ‘RSA2006′ was a laptop in peer-to-peer mode, and I can’t help but wonder how much information the owner was able to glean at the conference.  Be careful with your laptop at security conferences, and consider re-imaging after you attend one. And don’t even take a laptop you like to a hacker conference.  You’re going to have to re-image after one of those.

Technorati Tags: security, wireless

Brian Krebs gives an excellent interview with a botnet owner.  If you had any doubts that botnets are becoming part of mainstream criminal activitiy, this article should dispell those illusions.  The thing I find depressing is the fact that this kid has the potential to make more than I am, without paying taxes. 

I wrote about the (ISC)2 dinner and the study they released there.  The most annoying part was they under-ordered the dinner and I ended up having to go out and get my own dinner.  I ended up at some pretty good sushi (Sushi Zen), so it was okay in the end.

I’ve got no idea why it took so long, but my feed is finally working with the Apple iTunes store you can access it at this link:

http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=125724709&s=143441

Let me know if there are any problems and I’ll thrash around some more, though I don’t have the faintest idea why this finally started working.  I just know I got a set of emails telling me it was now available.

Technorati Tags: podcast, iTunes