Archive for June, 2006

Jun 27 2006

Network Security Podcast, Episode 33

Published by under Podcast

This is probably going to be the earliest I’ll ever release an episode of the podcast.  I’m going on vacation tomorrow morning, so I wanted to make sure the podcast was up and available.  There won’t be a podcast next week, but the podcast after that will be exciting.  I haven’t recorded that interview yet, so I’m not telling who it is yet.  Just rest assured, you’ll understand why I’m excited when you hear the guest.

This week’s guest was Jeff Stanton, professor at Syracuse University and co-author of The Visible Employee.  Dr. Stanton’s book looks into the realm of employee monitoring, examining employee attitudes, management viewpoints and the technology involved.  Having run an employee monitoring program before, I was extremely interested in hearing how other IT professionals feel about being made responsible for watching their fellow employees.  Employee monitoring is something that has to be handled very carefully to protect the business while not intruding on the employee’s right to privacy.  And a lot of businesses haven’t really taken the necessary time to do it right. 

Network Security Podcast, Episode 33, June 27, 2006

Time: 33:42

Tonight’s music:  Osho Mask by Aaron Wilkinson

Technorati Tags: , ,

No responses yet

Jun 26 2006

Why is Google suddenly the bad guy lately?

Published by under Privacy

This is the second or third instance I’ve heard recently of “Google shouldn’t have seen that!”.  Officials in the Catawba County School district are blaming Google, saying the big G indexed files and information on over 600 students that they shouldn’t have accessed.  The information in question was supposedly behind a page that needed a password to access.  But if you know anything about search engines, you know that spiders, at least legitimate spiders, don’t do anything other than index and can’t access a page that has any security measures.  Hmm, can you say “misconfiguration”?  Oh, and there were social security numbers involved.  Why is a school still using SS #’s to identify their students?

Technorati Tags: ,

No responses yet

Jun 25 2006

Security Round Table #2 is up!

Published by under Podcast

I haven’t had a chance to listen to the finished product yet, but episode 2 of the Security Roundtable is up and available.  Michael Santarcangelo from the Security Catalyst, Alan Shimel from StillSecure, After All These Years and I had a rousing conversation about how the VA is over-reacting to the loss of 26.5 Million records (hint: Do something you can actually maintain for more than a month or two.) and the differences in security reporting between the European Union and the United States.  We could have kept going that day, but then the podcast would have been two hours long.  Nobody want’s that, do they?

Listen on-line on the Security Roundtable site or download the MP3 

Technorati Tags: , , ,

No responses yet

Jun 23 2006

Jay Rosen

Published by under General

Jay Rosen

Jay Rosen,
originally uploaded by mmckeay.

Citizen journalism at Bloggercon IV

No responses yet

Jun 23 2006

Dave Winer & Doc Searls

Published by under General

Dave Winer & Doc Searls

Dave Winer & Doc Searls, the primary instigators behind the un-conference known as BloggerCon IV.
originally uploaded by mmckeay.


No responses yet

Jun 22 2006

Fake Identity + Disposable Email = ?

Published by under Privacy

I wouldn’t exactly say that this is going to lead to complete anonymity, but using the Fake Name Generator along with one of the various disposable email services could go a long way towards keeping your real  identity a secret.  It’s not going to stop someone from tracking you down if they really want to, but it will make it a lot harder for sites that need this information before they’ll give you access. 

Technorati Tags: , ,

No responses yet

Jun 22 2006

Breaching laptops via Wi-Fi

Published by under Security Advisories

I hope I’m not the only one out there who turns off their wireless card unless it’s specifically needed. If you don’t, here’s another reason you might want to give the practice some serious consideration: researchers have found a way to take over laptops via the wireless drivers without the system even needing to be associated with an access point.

From the article, it sounds like this isn’t a vulnerability in every wireless driver, just a particular subset of the systems out there.  Which is somewhat of a relief, as it means an update from the manufacturer will probably fix the problem, even if most of the laptop owners out there will never use the update.  We’re going to have to wait until August to find out the nature of the problem, and what safeguards can be put in place to prevent this exploit from being used.  In the mean time, turn off your wireless card unless you’re actually planning on using it.

Technorati Tags: , ,

No responses yet

Jun 20 2006

Network Security Podcast, Episode 32

Published by under Podcast

I was joined tonight by Larry Pesce of PauldotCom Security Weekly fame.  Larry shared with me a little behind the scenes about how the Security Weekly show came into being, how he got into security and the new book on the Linksys WRT54G he and Paul are working on.  Along the way we also talked about a couple of other wireless security issues, such as a writer who thinks there are no wireless insecurity issues and the state of wireless IDS.  Then I wrap up with a rant about stolen servers and the lies companies are telling themselves.

Network Security Podcast, Episode 32, June 20, 2006

Time: 38:04

Tonight’s music:  Wisdom of Insecurity by Dick Aven

Technorati Tags: , , , ,

No responses yet

Jun 20 2006

Insider Threat mailing list

Published by under General

The insider is one of the toughest threats to your company’s security to fight.  He or she is someone who has legitimate access to your data but needs to be prevented from using that data in malicious or unintended ways.  Now there’s a Yahoo Group dedicated to fighting this threat.  The group is moderated, so it will hopefully be a fairly low traffic mailing list.

Subscribe to the Insider Threat mailing list

No responses yet

Jun 19 2006

Interview with Shel Israel

Published by under Blogging,Podcast

I have my fingers in a lot of projects, which has both good points and bad.  One of the best parts of being involved with so much is that from time to time I get to meet some really interesting people.  Thanks to my friend Jeremiah Owyang, I got to meet Shel Israel, co-author of Naked Conversations.  This last weekend Jeremiah and I took some time to interview Shel for the Podcast Roundtable, which is now available for download.

Shel has a visionary ideas about the Blogosphere, which were formed during his research for Naked.  Now he’s preparing for a world tour during which he will try and find out how blogging and technology are influencing the future.  The idea of community is morphing from something location based into something interest based.  But if you’ve read Naked, you already knew that.

So this isn’t a security-related podcast, but it is one you should listen to if your at all interested in blogging.  I just hope we get the chance to talk to Shel again after he starts his world tour.  He made the offer and I’m going to do my best to follow up on that.

Listen to the Podcast Roundtable interview of Shel Israel

Time:  31:30

Technorati Tags: , ,

No responses yet

Next »