Commentary on Information Technology and Security in the new millenium.

Tuesday, March 15, 2005

Paper: Know Your Enemy

An excellent paper has been published by the HoneyNet Project that describes monitoring networks of infected PC's, or BotNets. This paper shows what happens when PC's are infected with software that allows them to be controlled remotely then grouped together into army's that propagate spam or do worse.

Some Cookies Not So Tasty

Some cookies just need to be thrown away -- Internet cookies, that is. Be sure to delete your Internet cookies at least every month and more frequently if possible.

ChoicePoint Apologizes

I'm not quite sure an apology from ChoicePoint will be sufficient restitution of those whose identities were stolen recently, but it does provide an good start in making things right. Law suits will be keeping them busy while they revisit internal procedures for verifying who is asking to buy or lease data.

NextGen Laptops

The next laptop for the Digerati: leather & wood appointments. This will sure look nice when visting an important client. :-)

Top 5 Internet Scams

Here is a good article on the top 5 Internet scams. The article gives a brief description on how the unwary are lured in then fleeced. The bottom line: if it sounds too good to be true, it is probably a scam!

Wednesday, January 12, 2005

Email Encryption for Everyone

New Scientist has an article about Ciphire, a public key encryption tool for email that runs transparently for the user. This class of tool takes into account the need for crypto ease of use for the non-technical user. I hope we see more products like this.

Tuesday, January 11, 2005

Funny Wireless SSID's

If you manage a wireless network, one of the parameters you must deal with is the Service Set Identifier (SSID), a name for your wireless network. Broadband Reports forums has a listing of some humorous SSID's. Have a look.

Microsoft DRM as Spyware and Adware Tool

It appears that spyware is being installed by using Microsoft DRM functionality. Two new Trojans, Trj/WmvDownloader.A and Trj/WmvDownloader.B have been detected in video files circulating on the Internet. When the user attempts to play the infected files, a notice that a valid license is required is presented. Then a redirect is made to download the required license, however the web site destination then installs spyware and adware.

Yet Another Reason to Use Firefox

Secunia finds yet another critical IE vulnerability!

Wednesday, January 05, 2005

Drastic (But Effective) Spyware Eradication

Sometimes the only sure way to rid a machine infested with spyware and adware is to erase the hard disk and reinstall the operating system from scratch.

Management Ethics: Chief Espionage Officer

An interesting article at Baseline magazine talks about IT executives and managers hacking into competitor systems. How would you feel if your management team participated in such activity? Do you have written policies that deal with this behavior? This may be a good time to review your policies and management practices.

Tuesday, December 28, 2004

Wireless Security by the Gallon

$69 per gallon can provide your office with wireless security. A new paint developed by Force Filed Wireless contains copper filings and an aluminum compound the reflect RF signals in the 100MHz to 5GHz range. You would need to pint all walls, ceilings and floors, an possibly doors to enclose a room completely in a virtual Faraday Cage. You will also need RF screens to prevent signal leakage from windows. Just don’t open those windows when the office gets stuffy!

Thursday, December 23, 2004

Holiday Email Control

Email has become an important part of Silicon Valley life. Many companies shut down, people take vacation, and return in January. Unfortunately, email continues to flow while we’re gone. It is not appealing to think about the mountain of email that will be in the Inbox in January. An article at CNET discusses several strategies for Inbox management while on vacation – from totally ignoring it to brining a laptop and staying in contact as well as some in between tactics. All have consequences, so chose your solution carefully.

Wednesday, December 22, 2004

Management: ITIL for Information Security

An excellent article at Security Focus covers how the Information Technology Information Library (ITIL) can improve information security. ITIL can also provide a framework for regulatory compliance, such as SOX, HIPPA, and GLBA. The article provides a comprehensive summary of ITIL and shows where information security can play a key role in IT Service Delivery and IT Service Support. Highly recommended reading.