Archive for October, 2008

Oct 31 2008

Tell me your Security or IT horror story and win a pass to CSI

Published by under General

Come on, we all have them; horror stories of IT and security disasters we’d rather rather forget.  But rather than forget them, I’d like you to share them and tell everyone what you learned from the experience.  And in return, I have a free three day pass to CSI 2008 in Maryland, November 15-21, that I’ll give out on next Friday, November 7th.  If you’re in the same boat I am and don’t have a budget for training, this can go a long way towards getting management approval for the event. 

The rules are going to be pretty simple:

  1. Post a comment on this post telling us your horror story and, more importantly, what you learned from it.  If you’ve already written your story on a blog, you can leave a short description and a link to the post. 
  2. You must leave a valid email address.
  3. The story must be original, no plagiarism please.
  4. Stories will be judged on originality, entertainment value and what was learned from the incident.  I’m the sole judge.  

If you’re not the lucky winner, there’s still the CSI 2008 discount code you can use.  There’s already a lot of the Security Twits that planning on attending and I’ve even heard rumblings of a blogger meetup or twitter meetup. 

Good luck!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

5 responses so far

Oct 31 2008

Want to go to CSI? Here’s a discount code

Published by under General

The chances of me making it to the CSI 2008 conference are so slim as to be non-existent.  Like many companies, mine has told us not to plan on attending any events we’re not speaking at for the foreseeable future.  Which is not to be unexpected in these turbulent financial times.  Plus, I don’t really want to take a cross-country flight at the moment, even if it meant I could see some of my friends who’ll be there.  I’ll have to wait for RSA next year I guess, since Shmoocon is also out right now.

On the other hand, if you’re on the East coast and still have some budget to spend on training, here’s a little something to help you out:  Alan Shimel worked with the folks at CSI and they’ve given the Security Bloggers Network a discount code to get you 25% off the entry fee.  Simply type in ‘BLOG25‘ when it asks for a discount code and you’ll save your company 1/4 of the cost of entry.  I’ve always found my bosses more willing to approve training when they think I’m getting it at a discount.  Of course, press passes have helped a lot in the past too.

I suspect my employer isn’t the only one who’s put the kabosh on training, at least temporarily.  And I would also hazard a guess that a lot of conventions are going to have a hard time filling seats while companies are bracing themselves for the financial impact of a slowing economy.  It’s too bad that so many bosses don’t realize how critical training is to our profession and that training such as CSI can often end up saving the company money in the long run. 

Keep your eyes open, I may have a bit more to say about CSI in the not so distant future. 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Oct 30 2008

Scareware pays … and pays well

Published by under Malware

I figured that scareware (software that creates pop-ups telling you your computer is infected and can be cleaned for just $49.95) paid, otherwise organized crime wouldn’t be involved.  But I hadn’t realized how well; according to the NYT, Bakasoftware made over $5 million last year selling their own software.  Two things I thought was interesting is that the software uninstalls itself if the owner of the computer is a Russian speaker (Bakasoftware is a Russian company).  The second thing, which may just be coincidence, is that ‘baka’ is Japanese for fool or idiot.  It’d make sense for a scareware company to name itself “Idiot Software”.  And yes, I’ve been watching too much anime lately.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 29 2008

Network Security Podcast, Episode 125

Published by under Podcast

I had to run out the door immediately after recording, but despite technical difficulties, Rich and I recorded a short interview with David Mortman, ‘blogger-in-residence’ for Debix. 

Network Security Podcast, Episode 125, October 28, 2008

Show Notes

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 27 2008

Monday morning reading

Published by under Blogging

Once again, not a ton of time to blog this week.  So instead I’ll post a few of the articles I’ve found this morning.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Oct 26 2008

My Sunday Morning Reading

Published by under General

I haven’t had the time to blog much lately, but I still try to keep up on my reading.  Here are a few of the articles that are open in a Firefox tab on my right screen.  Meanwhile Spore is patching on my left screen so I can get back to vital Sunday morning projects like building a civilization.

  • MS08-067 – An out of band update is always a big deal.  I’ve read a number of rumors about why this update was pushed, but nothing I’d call 100% reliable yet.
  • More on the Sequoia e-voting machines –  No surprise, I’m reading more on direct-recording electronic (DRE) voting machines.  This election has the potential to explode if the vote is close anywhere and DRE’s were involved.   I can already hear the lawyer’s sharpening their claws.
  • Speaking of surprises – They found problems with DRE’s already in some precincts during early voting.  This will probably be hushed up by a judge or blown off as human error.
  • Be careful what you tweet – A vulnerability has been found in Twitter that may allow your protected tweets to be seen.  Not that you should be tweeting anything that sensitive anyways.
  • Oh noes!  The terrorists will use Twitter too! – So what?  Does that mean we should leap to our default stance of bugging all of Twitter on the off chance a terrorists might be using it?
  • The big data aggregators agree to a code of conduct – But will they stick to it?  Only time will tell.
  • From the “Terminator” files – The Army is looking for someone to develop hunter bots.  Have they read any popular sci-fi in the last 30 years?  This is how the world ends!

Back to relaxing for the weekend. 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 23 2008

List of problems with Sequoia machines

Published by under Government

I’m sure this list is by no means comprehensive, but even what’s being revealed by Andrew Appel is pretty damning.  And the worst part is that most of the problems found with the Sequoia e-voting machines have been reported in one form or another for years.  Why can’t these companies learn to secure their systems rather than try to cover up their deficiencies? 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Oct 22 2008

Security Roundtable for October 11, 2008

Published by under Blogging,General,Podcast

It took a little while due to technical difficulties, but the latest episode of the Security Roundtable is available for download.  Michael and I talked to Jennifer Leggio, aka mediaphyter, who writes for ZDNet amongst other things.  We talked about blogging and the responsibility of a blogger.  I don’t think we came to any clear cut conclusions, but one thing we all agree on is that security bloggers have more responsibility than the average blogger, due to our area of expertise.  We have more riding on what we write being factual and true than someone who writes a gossip column does. 

You can find the show notes on the Security Roundable site.  We’ll be recording another live show if I can get the software running on my computer again.  I was recently shutting down some services on the computer and may have gone a little overboard.  On the other hand, I seem to have a lot more free memory than I’ve had in a while.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Oct 21 2008

Network Security Podcast, Episode 124

Want to talk about electronic voting?  We did.  So we invited Jacob West from Fortify
to talk with us about a paper he just published with a couple of
engineers at Fortify.  Guess what, they found electronic voting using
DRE voting machines are the least secure way to vote.  Makes me feel
good going into the election.  It’s a good thing we’re fairly
self-policing when it comes to time, this is a conversation that could
have gone on for a couple of hours.

We had a number of technical issues tonight, so be glad we’ve got a podcast up at all.

Network Security Podcast, Episode 124, October 21, 2008 

Show Notes:

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

Oct 21 2008

I hate paywalls

Published by under Blogging,Hacking

The New York Times has a decent article about botnets, but I can’t link to it because it’s behind a paywall.  I guess the NYT still doesn’t understand how linking can increase traffic to their own site.  The article is titled “A Robot Network Seeks to Enlist Your Computer” if you happen to have an NYT account.  Or use BugMeNot, if you’re so inclined.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

Next »