Network Security Blog

After some of the interesting conversations we had about booth babes at a huge event like RSA, it was interesting to see one at Linuxfest Northwest this weekend.  The event is aimed at all levels of Linux user, but most of the people I’ve met aren’t business decision makers.   The funniest part is that the people who hired the nice young lady apparently only gave her a five minute outline and then expected her to talk to all the folks at the event intelligently.  Is this really the level the IT field has gotten to?  Have we become so mainstream that it’s now normal to have pretty young women selling technology, just like at an auto show?  I’m not complaining, it just feels strange to me to see this type of sales technique becoming more common.  And it makes me wonder what Interop in Vegas will look like next month.

Technorati Tags: linuxfest northwest, booth babe

Technorati Tags: security, RSA, David Grant, Watchfire

In short order I’ll be flying out of Denver airport bound for Bellingham, WA to present this weekend at Linuxfest Northwest.  My presentation is called The Converging Network and I’ll be on stage at 10:00 on Saturday and 11:00 on Sunday.  There are a couple of presentations that are happening at the same time as mine, which is too bad.  But the good news is I’m being followed by by Dana Epp, author of SilverSTR’s blog.  This is one of the few security-related blogs I know of that’s been around longer than mine, and one of the reason’s I started blogging.   This promises to be a fun weekend.

Oh, and when I’m not presenting, I’ll be somewhere near the StillSecure table.  Most of the time.  Probably.  Ooops, I almost forgot my boss reads this stuff once in a while.  On second thought, I’ll be at the table at all times, not even a potty break for me.  Yeah, right. 

Technorati Tags: security, linux, LinuxFest

My friend, Michael Farnum, wonders “Why do blinking lights look better behind glass??“  I think the answer is “It covers up all the unsightly mess.”  I think it’s really that simple.  If you’re looking through smoked glass, which most entertainment centers I’ve seen have, you can’t see the equipment, with all it’s warts, all you can see is the blinking lights.  None of the scratches or the conflicting colors of the equipment can be seen, just the lights.

I think the glass gives you a sense of abstraction from the equipment. 
Even though you know the tangle of network cables and wall warts (aka
power supplies) are back there, you can’t see them.  It makes it all
look much better from the outside.  More importantly for Michael, at
least in my opinion, is not the fact that he feels better about the
networking equipment but rather the impression it’s going to give his
customers when they walk into his office.  After all, which makes you
feel better about your consultant: a rack of neatly organized equipment
behind a pane of glass or a stack of networking equipment in the corner?

Late last year I had a chance to go down to visit Symantec’s offices in Santa Monica, CA.  I got a chance to talk to several of their engineers, but before hand the very nice PR lady took me into the interview room.  She made a big deal of slowly drawing back to curtain to reveal rack after rack of the computers Symantec is using in their malware research.  I was unimpressed, since as server rooms go, it was fair size, but much smaller than several I’ve worked in before.  She was disappointed, because most of the press people she normally works with are very impressed, never having seen a server room and all the pretty blinking lights before.  She hadn’t realized that I’m a security professional first, a blogger second, so this wasn’t just something I was familiar with, it was something I dealt with on a daily basis.

I don’t think the glass makes the equipment look any better, I think it just covers up mess that is your networking equipment.  I’ve seen too many network rooms where you open the rack and cables come spilling out.  I guess I’m more of a cynic than Michael; I think the glass is just a cover for the mess.  I know the mess is under there, which ruins the effect of pretty lights for me.

Technorati Tags: security, Michael Farnum, lights

I’m in Denver today and tomorrow and I’m going to be spending an hour or two at the Walnut Brewery in downtown Boulder tonight.  If you’re in the area and happen to read this before 7:30 tonight, stop by for a beer or two.  I’ll be talking about Cobia for a little while, but I’m also interested in meeting any security professionals in the area. 

It’s entirely possible that my memory is going, but if I remember right, the Microsoft Jet database engine is the same engine used by Access.  I’ve heard of people running successful Access databases, but I’ve never personally seen one that could handle more than half a dozen concurrent users without data corruption.  So why was Diebold using Jet as the database engine for their electronic voting machines?  Because they still don’t know a thing about building a bulletproof database for tabulating ballots!  Ballots are more important than counting widgets coming off an assembly line, but Diebold doesn’t have the basic checks and balances your average manufacturing robot has.  It’s obvious from this article that Diebold hasn’t overcome the inherent weaknesses of the Jet database engine.

Something as basic as the database engine choice would have been immediately obvious if electronic voting machines were subject to proper review.  But it’s not in the interest of companies like Diebold to have someone look over their shoulder.  Maybe they’ll follow through on their previous hints get out of the e-voting machine business.

Technorati Tags: security, electronic voting, Diebold, Access, voting

Lubricant maker Astroglide accidentally released 250,000 names on one of there web servers, which Google diligently spidered and indexed.  If you were one of the people who asked for a free sample of their product between 2003 and 2007, your name was quite likely on the list.  Embarrassing in some situations, but hardly in the same league as a credit card database compromise.

There’s a lot of detail in the article, especially in some of the updates from both Google and Astroglide.  I guess it’s not all that easy to get Google to remove something like this from their database.  I don’t blame Google; their system was doing exactly as it’s designed.  It’s the responsibility of the site owner to not publish sensitive information on a publicly accessible server.  As Ryan points out, the files should never have been there in the first place.  If Google made it easy to take information out of the database, they’d be swamped by such requests.

This is a good example of unintended consequences.  Someone had to have made the data publicly accessible for Google to have found it.  I’d guess someone put it there for a salesperson to use and didn’t remove it afterwards, or some other equally legitimate excuse.  They never realized that Google would discover the files and index them.  Goes to show you, be careful what you put on your publicly exposed servers, someone will find it.

To me, this incident is more funny than newsworthy.  The value of the Astroglide database is minimal and lies mainly in the embarrassment factor.  As pointed out in the article, many people made up names for use in the database, so even that value is minimal.  If you’re name turns up on the list, just say someone else entered your information.  Astroglide loses out in the PR department, but otherwise I don’t think this will have any affect on the rest of the world.

Technorati Tags: security, astroglide, database, compromise, Google

This time my victim was Matt Miller from CounterStorm. It sounds like CounterStorm has some interesting ideas in intrusion analysis involving statistical payload analysis. 

Adam at Emergent Chaos brings to light some interesting information on when customers have had enough with data breaches.  Turns out you need three successive breaches to come close to a 100% alienation rate.  What I doubt most people realize is that this isn’t the end of the risk from that company, since banks are required to keep your information for a number of years by law.   PCI is only going to help if businesses learn enough to protect their networks, rather than just marking off check boxes on a list.

So even though you may have already canceled your TJX credit cards, you’ll be vulnerable to compromises of their network for at least 7 years, probably more.  I can’t imagine it’ll be fun the receive a mail stating that your data has been compromised from a card you canceled long ago.  Guess it can’t be any worse than learning about your records being lost by the Veterans Administration.

Technorati Tags: security, PCI, breach, credit card

I’m the sort of person who finds a wallpaper when I first set up a computer and almost never change it again.  Now, the art department at StillSecure created three sets of Cobia-themed wallpaper, which I want to use as my background.  I figured out how to get the Mac Book Pro to cycle through all the pictures in a folder, though it took me nearly half an hour.  I’m over two months in to having a Mac and still find out how to do new things on a daily basis so I take my small victories over the UI of the MBP very seriously. 

As you might guess, I’m not a rabid Mac fan yet; I’m still more comfortable in Windows.  Gimme another 6 months and we’ll see.

Technorati Tags: mac, cobia, mac book pr