In short order I’ll be flying out of Denver airport bound for Bellingham, WA to present this weekend at Linuxfest Northwest. My presentation is called The Converging Network and I’ll be on stage at 10:00 on Saturday and 11:00 on Sunday. There are a couple of presentations that are happening at the same time as mine, which is too bad. But the good news is I’m being followed by by Dana Epp, author of SilverSTR’s blog. This is one of the few security-related blogs I know of that’s been around longer than mine, and one of the reason’s I started blogging. This promises to be a fun weekend.
Oh, and when I’m not presenting, I’ll be somewhere near the StillSecure table. Most of the time. Probably. Ooops, I almost forgot my boss reads this stuff once in a while. On second thought, I’ll be at the table at all times, not even a potty break for me. Yeah, right.
Technorati Tags: security, linux, LinuxFest
My friend, Michael Farnum, wonders “Why do blinking lights look better behind glass??“ I think the answer is “It covers up all the unsightly mess.” I think it’s really that simple. If you’re looking through smoked glass, which most entertainment centers I’ve seen have, you can’t see the equipment, with all it’s warts, all you can see is the blinking lights. None of the scratches or the conflicting colors of the equipment can be seen, just the lights.
I think the glass gives you a sense of abstraction from the equipment.
Even though you know the tangle of network cables and wall warts (aka
power supplies) are back there, you can’t see them. It makes it all
look much better from the outside. More importantly for Michael, at
least in my opinion, is not the fact that he feels better about the
networking equipment but rather the impression it’s going to give his
customers when they walk into his office. After all, which makes you
feel better about your consultant: a rack of neatly organized equipment
behind a pane of glass or a stack of networking equipment in the corner?
Late last year I had a chance to go down to visit Symantec’s offices in Santa Monica, CA. I got a chance to talk to several of their engineers, but before hand the very nice PR lady took me into the interview room. She made a big deal of slowly drawing back to curtain to reveal rack after rack of the computers Symantec is using in their malware research. I was unimpressed, since as server rooms go, it was fair size, but much smaller than several I’ve worked in before. She was disappointed, because most of the press people she normally works with are very impressed, never having seen a server room and all the pretty blinking lights before. She hadn’t realized that I’m a security professional first, a blogger second, so this wasn’t just something I was familiar with, it was something I dealt with on a daily basis.
I don’t think the glass makes the equipment look any better, I think it just covers up mess that is your networking equipment. I’ve seen too many network rooms where you open the rack and cables come spilling out. I guess I’m more of a cynic than Michael; I think the glass is just a cover for the mess. I know the mess is under there, which ruins the effect of pretty lights for me.
Technorati Tags: security, Michael Farnum, lights
Lubricant maker Astroglide accidentally released 250,000 names on one of there web servers, which Google diligently spidered and indexed. If you were one of the people who asked for a free sample of their product between 2003 and 2007, your name was quite likely on the list. Embarrassing in some situations, but hardly in the same league as a credit card database compromise.
There’s a lot of detail in the article, especially in some of the updates from both Google and Astroglide. I guess it’s not all that easy to get Google to remove something like this from their database. I don’t blame Google; their system was doing exactly as it’s designed. It’s the responsibility of the site owner to not publish sensitive information on a publicly accessible server. As Ryan points out, the files should never have been there in the first place. If Google made it easy to take information out of the database, they’d be swamped by such requests.
This is a good example of unintended consequences. Someone had to have made the data publicly accessible for Google to have found it. I’d guess someone put it there for a salesperson to use and didn’t remove it afterwards, or some other equally legitimate excuse. They never realized that Google would discover the files and index them. Goes to show you, be careful what you put on your publicly exposed servers, someone will find it.
To me, this incident is more funny than newsworthy. The value of the Astroglide database is minimal and lies mainly in the embarrassment factor. As pointed out in the article, many people made up names for use in the database, so even that value is minimal. If you’re name turns up on the list, just say someone else entered your information. Astroglide loses out in the PR department, but otherwise I don’t think this will have any affect on the rest of the world.
Technorati Tags: security, astroglide, database, compromise, Google