Network Security Blog

I really look forward to the RSA Conference in San Francisco every year.  It was fun when it was just another security conference, but since we’ve started doing the Security Blogger Meetup, it’s become one of the main conventions I look forward to. This year will be even better, since the Meetup will be bigger and better than it’s ever been before!  We’ve got a lot of big plans forming, so even if we’re only able to half of what we imagine, it’ll still be a great event.

We’ve already started planning for this year’s Meetup and I’ve been invited to write on the RSA Conference 365 site, so I’ll keep the majority of my writing and enthusiasm for the event there.  Alan, Rich, Jen and Jeanne will be writing about the Security Blogger Meetup and all the things surrounding it on the site as well, so it’ll be a good site to add to your RSS feeds.  Keep the week of April 20th through 24th free or you’ll miss one heck of an event!

This last weekend Michael Santarcangelo and I were joined by Zach, aka SecurityTwits to talk about security, the community and how we’ve adopted and adapted to social media.  This was another great example of how we just twittered that we needed a third on the show and got a great addition to the podcast. 

Security Roundtable for September 27, 2008

Twitter: www.twitter.com

Zach: http://twitter.com/quine

Michael: http://twitter.com/catalyst

Martin: http://twitter.com/mckeay

Security Twits: http://n0where.org/security-twits/

I’ve avoided using StumpleUpon and most of it’s ilk for a long time.  I’ve preferred to keep up to date on the news by using sites like Techmeme or by reading the long list of RSS feeds I have in Bloglines.  But as of late I have been encouraged to branch out a little and start trying a few sites I wouldn’t normally use, like FriendFeed and StumbleUpon.  I haven’t gotten too far into FriendFeed, but even cursory usage of StumbleUpon has left me with a bad taste in my mouth.

First off, there’s the whole dependence on the StumbleUpon toolbar.  When I created the account, I told them I didn’t want the toolbar.  The first time I logged in, I had to tell them again, no, I don’t want the toolbar.  A couple of days later, I got an email, once again encouraging me to download and install the toolbar.  I still wouldn’t have installed the toolbar if not for one simple thing:  I wanted to change my password from the default they gave me.  And guess what, the only way to change your password in StumbleUpon is through the toolbar.  I thought that I was just being obtuse, but upon doing a Google search I found that the toolbar really is the only way to change your password.  Dumb, StumbleUpon, really, really dumb.  I should be able to change my password without installing the toolbar, even if you won’t let me use the majority of your features without the toolbar. 

Then there’s the password itself:  the password that was originally created for me by StumbleUpon was only five characters long, and they were all alphas.  No numbers, no symbols, nothing.  And given that there’s already big news about social engineering passwords and cracking accounts in the news this week, it shouldn’t surprise me to find one more site with a really poor password policy.  And guess what, when I finally did install the toolbar and change my password, it only let’s me use letters and numbers, no symbols or special characters.  And I have to wonder if it’s not changing all the letters to lowercase behind the scenes.  Strike two, StumbleUpon.

I’m going to give the toolbar a week, just to find out what the draw is for StumbleUpon.  It’s brought be a lot of traffic in the last couple of weeks, so I figured I needed to at least know about the tool.  But I’m not happy and one more strike is all it’s going to take to make me change my password to something 20 characters long and uninstall the toolbar.  But I did give the Wassup Blog the thumbs up for telling me how to change my password.