Network Security Blog

There are some problems reported with one of the latest Microsoft patches, MS06-15.  If you are using Hewlett Packard’s “Share-to-web” program or Nvidia drivers the patch could cause your system to hang.  In both of these cases it appears that you have to be using older versions of the program/drivers.  This is a good example of why end users should be updating their programs and drivers on a regular basis.

Mikko at F-Secure had a good idea for fighting phishing.  A significant amount of phishing sites aren’t hosting the images they use, they’re directing the browser to download the real image from bank they’re imitating.  So what if the banks added some relatively simple code to instruct the web server to send a alternative image if they received a significant number of referals to the original image?  Using Mikko’s idea, the bank’s alternative image would include a stamp that would make it clear that the refering site was illegitimate and give the consumer a phone number to call.  The idea could be circumvented by smart phishers, but it would add one more hoop they’d have to jump through.  Even if it only stops the lazy phishers, that’s a couple more percentages of the total scams that wouldn’t work. 

Technorati Tags: security, phishing

Episode 5 of the Podcast Roundtable is out.  Dennis, Dan, Jeremiah and I spent some time talking about the security implications of RSS feeds, Measuring the Return on Investment of Blogging, and the reported death of newspapers.  Take a listen and tell me what you think.

Technorati Tags: Podcast, security, RSS

In this day and age, I’m surprised that companies even try to put the genie back in the bottle.  All AT&T is going to do by insisting the information about the Narus ST-6400 be sealed is to guarantee every self-respecting blogger is going to find out more about the situation.  Our government is spying on us, which shouldn’t be a surprise to anyone by now.  But the depth of the situation is a little shocking, even to me.

I truly appreciate the risk Mr. Klein has taken in order to safeguard our liberties.  He’s probably looking at facing legal action from AT&T, as well as possible harassment from the federal government.  I just hope no one tries to bring criminal charges against him. 

What do think about this situation?  Is Mark Klein a hero?  Or is he a criminal who should be put in jail for disclosing government secrets?  I think my position is pretty clear, but what do you think?

Technorati Tags: security, spying, at&t

Last night I got to go to the Geek Dinner called by Steve Rubel.  You can read my thoughts on the dinner on the Podcast Roundtable, and see a picture of me on the site of fellow Tabler, Jeremiah Owyang. 

Tonight’s podcast is actually last night’s podcast.  I’m headed into San Francisco shortly for a dinner with Jeremiah Owyang and a host of others.  We’re getting together at the Thirsty Bear to meet Steve Rubel of Micro Persuasion fame.  This episode is short, but there was no way I was going to skip a podcast in order to go to the dinner.  I don’t plan on getting home until 10:00 or 11:00 tonight and there was no way I was going to record the podcast then.  Did you know it usually takes me about three hours to record a 30 minute podcast? 

Network Security Podcast, Episode 22, April 11, 2006

• Place your pin on the Network Security Podcast Frappr Map
• Free anti-fraud DVD’s from the USPS.  I recieved mine yesterday.  I’ve watched three, and I’d definitely say they’re worth the price.
• Cross-platform virus is no big deal

Tonight’s music is, appropriately,  In San Francisco by The Welcome Matt

Technorati Tags: security, podcast

Mike Rothman, Alan Shimel and I had a conversation about the death of the Sourcefire/Check Point deal last month.  One of the reason we discussed for the end of the deal was the idea of xenophobia.  Mike has since written a NetworkWorld column on the subject and is taking some heat for it.  I’m sorry if some people are offended by the concerns Mike is raising, but I think he’s hit the nail on the head.  We are becoming a nation that’s afraid of anything different from us, and this is just a symptom of the times.  Since 9/11 people have been more and more afraid of anyone who’s not American, a tendency that our politicians have been encouraging.  This phobia induces strong emotions in most people, and politicians are using this to further their careers.  We live in an increasingly global economy and can’t afford to shun the world outside the US borders.

A couple of weeks ago I had the pleasure of interviewing Alex Neihaus, the Vice President of Marketing for Astaro Internet Security.  Alex and Astaro are big supporters of podcasting and blogging and Alex spent half an hour talking to me about the Astaro Gateway appliances. 

Network Security Podcast, Alex Neihaus, Astaro

The United States Postal Service is offering a series of seven free fraud prevention DVD’s.  If the quality of the cover art is any indication of the quality of the material, these promise to be very good.  I’ve ordered a copy of each of the DVD’s for work, and a couple extra copies to share with friends and relatives.  Would I be violating the DMCA if I made a couple of copies to give to friends who probably wouldn’t return the original if I gave it too them?

Thanks to Bob Johnston on the CISSP mailing list for bringing these DVD’s to my attention. 

Technorati Tags: security fraud prevention

I’m still working on this (especially the color scheme), but if you’ve got a moment or two to spare, mark your spot on the Network Security Frappr Map.