Network Security Blog

I’ve been playing with the Nokia 770 for almost 2 weeks now, and while I’m impressed, it does leave a bit to be desired.  One issue I’ve run into is that the system gets unstable when you surf to sites with a lot of graphics.  Another issue is that the wireless connectivity is a little weak.  I like it the size, a lot, and I’m hoping to be able to get the system running several wireless testing tools, but one of the tools I’d really like to use, Kismet, is still not ready for prime time.  I will admit I’ve realy enjoyed using the 770 to wander around the house listening to Radio Paradise. 

Linux.com has a more comprehensive review of the 770 that pretty much paralles my own experiences.  I’m interested to hear if anyone else out there has had much of a chance to play with the Nokia 770.

Technorati Tags: security, McKeay, Nokia 770, Linux

This is a minor thing, but it’s usually the minor things that come back to bite you on the bottom:  Michael at MCW Research caught Gmail telling him to turn off his firewall to enable him to read email.   I realized when I read his comments that I’d seen the same thing recently, but I’d read the warning and promptly ignored it.  But how many of our average users are going to read the message and do exactly what it says.  Even if the firewall service restarts next time the user starts up his or her computer, that still might mean they’re without protection for hours, possibly days.  So the bad idea of the day award goes to Google and the Gmail team for telling users to lower their shields.

Technorati Tags: security, gmail, desktop firewall

powered by performancing firefox

It figures:  when I’m sitting at my desk during the normal course of my day there’s usually only one or two articles or blog posts that interest me.  But when I’m in a class and really should be paying attention to what the teacher is saying, there a ton of interesting articles popping up.  I’m learning how to use RAT, which is probably better than reading any of these articles, but I needed to save them for later reading.

• Technophilia:  Protect your web searches: If there’s anything you need to do right now, this may be it.
• Rational Security:  Get your head out of your UTM – Hardware is a piece of the puzzle..   I interviewed Chris Hoff last Friday to get an idea of what enterprise level UTM really is, which will be tomorrow night’s podcast.  I like Chris, but he’s one of those guys you don’t want to get worked up. 
• Converging Networks:  Walk on part in the War.  This is the post that poked Chris Hoff from his peaceful slumber.  A lot of this is a continuation of conversations between Chris, Mitchell, Alan Shimel, Mike Rothman and Richard Steinnon.  Sorry, but I can’t summarize the whole conversation for you, but I can say that it makes for interesting reading.
• Converging Networks:  PCI for Everybody – SMB’s too  I’m always looking for more information on PCI. 
• The Six worst security mistakes:  Thanks to Jeff Hayes for pointing this one out on his blog.

So much for quick, but I still have a few minutes to get something to eat before heading back to class.

Technorati Tags: security, McKeay

It figures:  now that I’ve started using Akismet to help cut down on the comment spam, it goes down.  At least I don’t have Robert Scoble’s problem of having to cut through 64K of spam messages, but one of the other blogs I’m part of already has been hit pretty hard.  I’m just glad I’ve got a number of other anti-spam plugins running on the server.  Either they’re working of I’ve just been really lucky so far. 

Edit:  According Scoble, Akismet is back up, just before 9:00 this morning

Technorati Tags: security, McKeay, comment spam, scoble

I’m off at training today (yes, this SANS training course starts on a Sunday) and I saw this entry on Freenigma for Firefox.  I can’t play with it right now myself, but I want to in the near future.  If you’ve used it, give me some feedback.  They also mention one or two other options for encrypting your webmail, whick I’m going to check out to.

Technorati Tags: security, privacy, mckeay

Even amongst security professionals PCI isn’t all that well known.  So every time I hear someone else talk about the requirements it makes me feel a little better.  So I’m really glad to hear Jeff Haye’s talk about PCI.  The latest statistics I’ve heard about PCI compliance say that only about 20-30% of all Tier 1 merchants (the big guys who do 6 million or more transactions a year) are PCI compliant, but another 60% have plans for becoming compliant.  The numbers aren’t nearly that good for the lower tier merchants, from what I’m hearing.  I’m wondering how many of the smaller merchants don’t even know about PCI and haven’t taken any steps to secure their ecommerce site?

Edited to add another one:  Payment Card Security & IT Controls Explained

Technorati Tags: security, PCI, compliance

Podcasting eats up a ton of hard drive space.  A 30 minute interview takes up 300-400 megabytes of space for the raw file, plus I usually have to have about the same amount of space for the edited file and any supplimentary files.  This means I’m using up almost a gig of hard drive space every week, sometimes more.   Even with the space available on drives today, this can eat up space quickly.  USB drives are great, but they’re slower than the internal drives and it shows when working on audio files.  Now Iomega has a external 320 gig eSATA drive!  I’m hoping that given Iomega has been a sponsor for the last couple of podcasts they might be willing to send me one of these for ‘review’. 

I use Bloglines almost exclusively for tracking my RSS feeds.  So it annoys me greatly that the site has been acting a little wonky and articles that are weeks old as if they were new lately.  Anyone else experiencing this annoying little issue?

Edit: 
I like to give credit where credit’s due:  Robyn at Bloglines is obviously listening, because they commented on the posting.  Here’s what they had to say:

We’re
really sorry about that unread counts went wacky this AM. We fixed the
bug around noon Pacific time today but if you still see high unread
counts, they’ll reset when you click on the subscription or folder
name. You can also reset all your subscriptions at once by clicking the
“Mark All Read” link at the top of your feed list.

Thanks for using Bloglines and let us know if you experience any other problems.
www.bloglines.com/contact

Robyn DeuPree
Bloglines Product Manager

P.S. Chad, it sounds like you are experiencing something different. I’ll reach you directly and help figure it out.

At Linux World this year the folks from Bitdefender were handing out keyfobs that looked like USB drives, but only contained a link to their site that autoexecutes, and nothing else.  I’ve tried to format or edit the link to no avail.  Which makes this exactly what I’m looking for, to use in a project of my own.  If anyone knows where I might be able to find out more about these USB keys, I’d appreciate a heads up.  I’d really love it if these things are write once/read many, but I suspect that they have to have the information put on them at the factory.  Drop me a line if you know anything.

Ed Felten has a semi-sarcastic posting about researchers who are refusing to use the AOL database on ‘ethical grounds’.  I can understand not wanting to use the information for those reasons, but I agree with Ed that it is possible to do research using the database and still do so in an ethical way.  I have a copy of the database that I’m not using, but my objections stem from not having enough time in the day, not an ethical dilema.  I just wonder if there are any ethical dilema’s around law enforcement using the information in the database to nail pedophiles and other criminals. 

By the way, I don’t feel any sympathy for the people at AOL who lost their jobs over this.  I think they got what they deserved and I hope this serves as a warning to other companies.