Jan 09 2012
Still feels a little funny to be putting the ’12’ in the year column, doesn’t it? I’m sure the feeling will go away by March or April. And it’s getting started as an interesting year already, with Symantec’s source code and courts approving warrantless GPS monitoring. I bet neither of those were captured in the “Top 11 Predictions for 2012” so many pundits and bloggers put out at the end of the year.
Personally, I’m starting the new year with a ton of writing to do. Despite my best efforts, I didn’t blog as much as I would have liked to in the last few months, but I know that has to change. I have to start writing for the Akamai blog, I’ve got information for the Security Bloggers Meetup to post and I get several offers a month to write for other publications. Then there’s the internal projects that are in motion, at least one of which is requiring me to think in new and interesting ways in order to get concepts on a page properly. Plus I’ve got lots of interesting toys at work to play with; what questions would you be looking for answers for if you had access to the logs for a significant portion of the Internet? That’s actually a serious question I have to blog about some day soon. I’d like to hear what people want to see in a report.
And speaking of the Security Bloggers Meetup, I was nominated for two Social Security Awards last week. Rich Mogull, Zach Lanier and I were nominated for the work we do on the Network Security Blog and I was nominated for Best Post for my “Curing the Credit Card Cancer” post. Rich and I both sit on the committee that puts together the Security Bloggers Meetup, though neither of us works on the Social Security Awards, so before this year, we’d ruled that everyone on the committee was not eligible to be nominated. Alan Shimel changed the rule this year; he felt that since we had nothing to do with the SSA’s, it was unfair to exclude us. So, go vote for us. I’d love a chance to beat PauldotCom and the other contenders for Best Security Podcast. I’ve read the other blog posts, I don’t have much of a chance for the Single Best Post.
Open Tabs 01/09/12
- Lax security exposes voice mail to hacking, study says – Yes, using an easily spoofed phone # as your single method of authentication sucks.
- Kuwait wants to put an end to anonymous accounts on twitter – So they can put dissenting voices in prison. I wonder if our politicians will follow?
- 440,783 “Silent SMS” used to track German suspect in 2010 – There may be a common thread to what I find interesting lately.
- Boot Hezbollah from Twitter or we sue, group says – Wha?? It would be censorship if it was the government asking for this.
- Stuxnet weapon has at least 4 cousins: Researchers – Who would have suspected that Stuxnet was only the first wave? (Hint: think everyone)
- No warrant needed for GPS monitoring, judge rules – This one worries me a lot. You’re home may still be your castle, but your car definitely isn’t.
- Why Twitter’s “verified account” failure matters – Because, no matter what they do, identity is malleable and hard to prove.
- Defensive search-and-destroy ‘virus’ delivered to Japanese government – Maybe not directly related to Stuxnet, but the same general idea.
- Lilupophilupop SQL injections attack top 1 million infected URLs – Don’t try to pronounce the name of this attack.
- Symantec confirms hackers accessed source code of two enterprise security products – Two older products, but still in use in some locations, I’m sure.