Archive for November, 2010

Nov 30 2010

Network Security Podcast, Episode 223

Published by under Podcast

Rich is busy battling The Sickness, so Martin and Zach are running the show. Coming off of the post-Thanksgiving food comas, and nearly (but not quite) avoiding all of the hullaballoo around Wikileaks, tonight’s show clocks in at a modest time.

Network Security Podcast, Episode 223, November 30, 2010
Time:  29:31

Show notes:

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Network Security Podcast, Episode 223

Nov 23 2010

Network Security Podcast, Episode 222

Published by under Podcast

We say at the start of tonight’s podcast that it’d be short and we’re all out of energy.  Well, we were half right.  Sometimes I think having less to to say makes us say it in many more words than we’d normally use. We did have a chance to talk about the Boston OWASP conference that Zach attended over the weekend and the cloud conference Rich presented at last week.  We did not talk about writing PCI Reports on Compliance however, since no one, not even Martin, considers that to be something to be talked about in polite company.

Network Security Podcast, Episode 222
Time:  40:21

Show Notes:

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Network Security Podcast, Episode 222

Nov 23 2010

Important Contact #’s (and a good story)

Published by under Government,Privacy,Risk

I urge you to read “So…I got detained by the TSA at the airport today“.  There are no federal laws and few state laws that prohibit you from recording a TSO(transport security officer) in the pursuit of their duties.  In fact the TSA actually encourages it.  But many TSO’s and supporting law enforcement agents never got the memo, so you may end up getting harassed if they think you’re doing something wrong.  Flying Fish has a good story about how to deal with the issue and how to deal with the TSA and law enforcement in a reasonable, calm manner and come out okay.  Not everyone has his contacts, but that’s not really the point of the post.

But more important than the post itself was one of the comments, with all the contact information you need to get in touch directly with the TSA offices of Civil Liberties and the Ombudsman .  I now have this information entered into my cell phone and will use it next time if I have to.  I have a funny feeling if it gets to the point of my having to make the call, things will have already gone beyond my comfort point, but better to have them and not need them than the other way around.



TSA Public Affairs
(571) 227-2829

Members of the traveling public who believe that they have been
unlawfully discriminated against by a TSA employee may contact the
External Compliance Division in the Office of Civil Rights to have their
concerns addressed, by sending an E-mail to TSA.OCR or by calling the Office of Civil Rights.

The Office of Civil Rights can be reached toll free at
1-877-EEO-4-TSA (1-877-336-4872) or (800) 877-8339 (TTY), or by E-mail

contact the Ombudsman, phone 1-571-227-2383 or 1-877-266-2837 toll-free.



[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Important Contact #’s (and a good story)

Nov 21 2010

Who should you complain to?

I’m not going to weigh in on the whole TSA whine fest that’s going on; I agree that the TSA has gone too far and needs to have their collar yanked on to settle them down.  But a whole bunch of us complaining on Twitter isn’t going to do much, neither are lengthy blog posts.  Quite frankly most of us have too little exposure to be taken seriously on the national stage.  I got my own whining in early, so now I’m trying to gather some information on how to be effective.

But we do have people we can contact who do have some pull, starting with our federal legislators, who are easy enough to find and monitor on the Project Vote Smart site.  I didn’t notice a political slant either way to the site, it appears to just be reporting the facts and is easy to use.  Writing to your Senator (mine is Barbara Boxer) will be slightly more effective than Twitter, at least an intern somewhere will tally your complaint.  Two other places that you can write that I’ve been told will have slightly more impact is your airline and their lobbying firm.  Explain your position in terms of how it impacts your business and how it will impact their bottom line.  The SourceWatch wiki supplied me with contact information for United Airlines and their lobbyist firms.  I’ll let you know if I hear anything back from them.  I had a friend on Twitter explain this, basically you want to start any emails you send by talking about the money, then end with little side notes like ‘protection from unreasonable search and seizure.’  It’s easier for many people to understand money issues than those of Constitutional rights.

The TSA does have a way to report a complaint, though I don’t know of anyone who’s done it so far and what the results have been.  Personally I’d be afraid of getting added to a watch list.  What might be more helpful is to read the official TSA Blog.  For instance, did you know it’s actually allowable by TSA rules to photograph a TSO in pursuit of their duties?  That is if the state and local laws allow it, which they don’t in many states.  So far California appears to.

The current pat downs and back scatter x-ray’s are both issues that need to be addressed.  As is the over-reach of the TSA to grab power at airports.  But observing and talking about them don’t do much good unless we follow up with some sort of action.  If you have some better ideas of who to contact, please leave a comment.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Nov 16 2010

Network Security Podcast, Episode 221

Published by under Podcast

Martin and Zach take the stage tonight, Rich has tagged off to have
some quality time with some cloud folks down in Florida.  Which is too
bad, since tonight’s interview is with Alex Hutton, Martin’s co-worker
at Verizon Business.  Alex is introducing the VERIS Application,
designed to anonymously collect information about security breaches and
provide the user with metrics comparing their situation to those
presented in the DBIR earlier this year.  Rich and crew at Securosis
contributed to this effort, so maybe he’ll be willing to talk next
week.  Just maybe.

Network Security Podcast, Episode 221, November 16, 2010
Time:  37:01

Show notes:

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

Nov 11 2010

Nailing the new TSA process

‘Nuff said!

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Nailing the new TSA process

Nov 09 2010

Network Security Podcast, Episode 220

November marks five years of the Network Security Podcast.  Think about that for a moment: five years of Martin mouthing off into a microphone, nearly three years of Rich and over 18 months of Zach.  A little scary when you think about, or at lease when we think about it.  We’re probably going to put off celebrating much until hit episode 250, but we’re still going to talk about how things have changed in that time.  And we also want to make sure that everyone who’s listening knows how much all three of us appreciate that people still download the podcast week after week.

It’s just Martin and Rich this week.  Zach is off somewhere getting paid real money while Martin is sick at home and Rich is saying “Can we hurry up so I can take my daughter to swim class.”  In other words, pretty much situation normal.

Network Security Podcast, Episode 220, November 9, 2010
Time: 36:33

Show Notes:

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

Comments Off on Network Security Podcast, Episode 220