Archive for September, 2006

Sep 29 2006

Portable Media Expo

Published by under Podcast

Here’s the lowdown in the 5 minutes I have between events down here at the Portable Media Expo:  I’ve hooked up with Micheal Santarcangelo and Dan Kuykendall from the Security Roundtable for a few hours, I’ve managed to meet Randal Schwartz, and I’ve had a short spot on the Slice of SciFi podcast (Dan was invited, I tagged along and dragged Micheal with us).  I’ve met so many podcaster’s that I’ve only heard before, like almost all of the members of Friends in Tech.  And I lost $20 in the Podcast Pickle poker party in less than an hour last night.  At least I wasn’t the first one out at our table.  Now I’m off to the Podcast Awards. I’ve got a stack of cards about 3″ thick to go through over the next week or two when  I get back. 

Now back to your regularly scheduled paranoia.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Sep 28 2006

Testifying to the House Administration Committee

Published by under Government

Ed Felten is presenting to the House Administration Commmittee today and has posted a written copy of the testemony on his site.  The thing I find most amazing about Diebold is that they’ve been leveling the same accusations against Professor Felten and his students that they did against Avi Rubin and his students several years ago.  And they’re the same specious arguments, with no validity.

Quit attacking the messenger and listen to the message, Diebold.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 28 2006

Quicklinks before heading to PME

Published by under General

I’m off to the Portable Media Expo in an hour or two, but I wanted to get a quick group of links that caught my attention.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 28 2006

Suggestions for improving PCI

Published by under PCI

Fellow Computerworld blogger Eric Ogren has an excellent article evalutating the current (version 1.1) Payment Card Industry (PCI) requirements.  He not only lists what he thinks of the current requirements, he also has several good suggestions for improving PCI in the future. 

Tooting my own horn a little, he missed one resource for discussing PCI best practices, the PCI_Standards Yahoo group.  It’s a very low traffic group I started about 6 months ago, but we now have over 100 members and when a question is asked there, it usually get’s a well thought out response very quickly.  If you are involved in the implementation of the PCI requirements, stop by and ask a few questions.

Technorati Tags: , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 26 2006

Network Security Podcast, Episode 45

Published by under Podcast

I kept it short tonight, since I’m off to Southern California in preparation for the Portable Media Expo this weekend.  I’m going down a couple days early to visit family, which means I have to leave the house before 5:00 am to avoid the worst of the traffic.  I’ve been varying the length of the podcast a lot lately, short when it’s just me, longer when I have a guest, and occasionally much longer when they have something exceptional to say.  If the variable length bothers you, speak up and let me know.  If the variable length is fine with you, speak up and let me know. 

Astaro Security Gateway – Not only my sponsor, but one of the subjects of tonight’s podcast.  I’m looking for feedback from anyone who’s tried their product
Brave New Ballot – Avi Rubin’s book on dangers of electronic voting machines, especially Diebold
PCI Security Standards Council – Brought to you tonight by Appendix B

Network Security Podcast, Episode 45, September 26, 2006

Time:  18:24

Tonight’s music: Heroes by Jack in the Pulpit

Thanks again to my sponsor Astaro Corporation. Visit their site and sign up to receive your free demo Astaro Security Gateway

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 26 2006

The VML patch for IE is available

Published by under Microsoft

According to F-Secure the real patch is out for the VML vulnerability in Internet Exploder … er Explorer is now available.  I have to give Microsoft some credit for releasing a patch out of the normal cycle.  I wonder if they would have released it if it wasn’t for the ZERT third-party patch?

Technorati Tags: , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 26 2006

Several hour outage this morning

Published by under Blogging

One of the problems with setting up your network with scavaged/old equipment is that occasionally it goes out for a little while.  I’ve been having a lot of problems with one of my hubs (yes, hub) in the DMZ of my network just locking up every once in a while.  A quick power cycle and it’s good to go again, but I’m not always there to deal with it.  Maybe that’ll be one of my ‘capital expenditures’ from the household budget next month.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 25 2006

“I’m a media slut”

Published by under Podcast

I no longer feel so special about having Bruce Schneier on the podcast.  He’s a self-professed media slut.

Actually, interviewing Bruce was a lot of fun and I hope I can have him on the show again when I’ve gotten a lot better at interviews.  He’s worth interviewing again in six months.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 22 2006

“…DRM systems are more effective at restricting consumers’ rights than they are at preventing illegal distribution…”

Published by under Simple Security

Over at Securosis there’s a long article explaining to non-geeks what Digital Rights Management is really all about.  He goes about it the long way, but in the end he comes down to the real reason companies are pushing so hard for DRM:  they want to control how we experience content.  The content companies are trying to erode the concept of fair use because they want us to buy new copies of the content for each piece of equipment, each place we consume the content and eventually ever single time we consume the content.  I couldn’t find the quote, but at least one of the music execs eventually wants each and every use of a song to be a new revenue stream for the company. 

Windows Media Player 11 is a great example of how DRM is being used to limit our rights.  Backing up your media, not allowed.  Moving it to a different computer, verbotten.  Importing your content to a non-Windows player?  Yeah, right.  The worst violation of the new DRM contracts is that the companies, Apple and Amazon, as well as Microsoft, is that the companies retain the right to change the contract without any notice or recourse from the users.  How many contracts have you ever entered into that can be changed on the fly without notification or recourse?  I can only imagine that the insurance industry is drooling at the thought:  “We hearby revoke the hurricane clause for all homes in the New Orleans are for 14 days”.  Oh, wait, they do some of that already.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Sep 22 2006

Freedom of Information Act and Privacy Act

Published by under Government

I blog a lot about privacy, which I’m sure a lot of you know.  And sometimes I’m a little critical of the government.  I’ve been wondering for a while if any of my activities have been bringing me to the attention of anyone in the federal government, and if so what they might be collecting about me.  Now, thanks to the Security Monkey, I might be able to find out.  But the chance is apparently pretty slim if they’re actively watching you now.  If I get anything back, I’ll share anything that I don’t find too embarassing with you.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Next »

7ads6x98y