An Information Security Place

I have heard some good things about Safari for Windows, so I am going to try it out.  And since they are pushing it with the new version of iTunes (not quite as heavy handed as the push out to Mac users - I had a choice to decline it), I figured what the heck.

The first load was pretty slow, but that is to be expected the first time it comes up on a new system.  It loaded much quicker the second time around.  I’ll play around and let you know what I think later on.

Update.  I said later, but here are a couple of thoughts / impressions right now:

• The load status of webpages is in the address bar, which is different for me (maybe that is standard for Mac users). 
• Intense Debate (the new blog comment system that I am beta testing) seems to work fine with it.  Intense Debate also works great with Firefox on my system, but IE seems to choke on it quite a bit.
• The fonts seem to be a tad hazy.  Not as crisp maybe
• iGoogle looks pretty good on it
• The redlines under suspected misspelled words is much more noticeable
• I still like IE7’s new tab feature rather than needing to hit CTRL-T
• I don’t like that there is not a history arrow in the address field.  Instead you have to click the history menu.  Maybe that is just because I am used to it, but I like that feature on IE and Firefox

Maybe some more later.

OK, more:  Where is the area that gives you a preview of the link you are about to click on?  I can’t see where I am going!!  Oops… OK, found it.  You have to choose View > Show Status Bar.  This is becoming more like a twit post than a blog post.

Vet

I hate when I do stupid stuff.  And it is even more embarrassing when it is a rookie mistake in front of a customer.  A client of ours bought a new Juniper SSG 320 firewall and a new Juniper SA2000 (SSL VPN).  One of our consultants has the firewall in place and working, but he didn’t know how to configure the SA.  So, I jumped in to help.  The only problem is that the client is in Dallas, and I am in Houston.  So, we got the basic config on the box, and I connected remotely and started configuring away with the client on the other line (he was watching via the remote meeting feature the SA has - kinda like Webex).

So the client wanted the administrators to authenticate through their active directory.  I said fine and started modifying the admin realm and role to authenticate back to AD.  Well, Mr. Brilliant here (that’s me) didn’t think about the fact that I was modifying the very realm and role that I had authenticated through, which was pointing at a local user database.  I modified the rule, save the changes, and BAM!  I lost contact.  DUH!

OK, well, it disconnected me, but we should be able to get in using the client’s AD creds, right?  Well, no.  That wasn’t working for some reason (still working on that).  So the client had to go to the console and create a temporary super-admin user to reset the stupid stuff I had done (luckily Juniper anticipated idiots like me and created a way around the problem - but it is through the console, so you have to have physical access to the box).

Dang it!  Just smack me!

Vet

I just read this story over at Computerworld Outback (it’s not actually called that, but it IS in Australia).  It looks like there is another initiative for vote by their shareholders to get Google to quit censoring the Internet at the request of pinko-commie regimes like China.  There was a similar initiative last year that was voted down by shareholders.  Basically, this comes down to the simple fact that Google and the shareholders will do anything to make money, even if that means doing the bidding of the evil Chinese government.  I think I am finally going to switch search engines.  This makes me sick.

Something else I noticed the other day when I was at a product demonstration of Palo Alto Networks.  Part of the functionality is showing top traffic origins and from what countries those came from.  Pretty standard.  But Taiwan was shown as "Taiwan Province of China".   Hmmmm….  One of the Accuvant account managers is from Taiwan, and she also thinks China’s government is evil.  She raised a stink before I could (we waited until the clients had left).  Of course,  one of the guys was a simple local SE and the other a simple local AM.  But the other guy was a product manager.  He really didn’t have much of an explanation other than it came from some database.  We urged them to move that up their chain, but my guess is that it won’t happen.  I like their products, but this is just not right.

People, I know this is a security blog, but I think this falls in line pretty well.  China is a threat to our security, both in the physical and the cyber world.  They don’t keep their people from wreaking havoc across the world by cyber attacks, but they won’t let their people express themselves in any way counter to the Chinese dictatorial, malicious, abhorrent, evil regime.  But are spending money, so no one gives a crap.  It truly makes me ill.

Vet

I have noticed something lately that I am not sure means anything.  Basically, almost every security device and product manufacturer today have started settling on a similar management interface.  If it is a policy-driven device such as a firewall or IPS, many products have settled on the Checkpoint look and feel.  If they have a command line, they tend to settle on Cisco’s terminology.

I remember seeing this trend back when I was getting my Enterasys certifications in 2001-2002.  They actually had their own CLI "language", but they also put in a command that allowed you to switch over to what they called "standard command line".  Yep, that standard was Cisco.

I understand this concept from a manufacturer’s POV.  If you have a new product, why make the learning curve harder?  If everyone is used to the look and feel of Checkpoint and Cisco, then it makes sense to go that route.

But does that also stifle creativity in some small way?  I mean, if your box is going to be policy-driven, then it makes sense to do this.  But what if policy is not the best way to get to where you are going, but your product manager ends up taking that route because of the learning curve and fails to see other means to the end?  No, I don’t have examples.  Just wondering.

Vet

Go take a look at Brian Krebs’ latest Security Fix post about Network Solutions censoring an anti-Islam website.  This issue is very controversial on both ends.

If you don’t remember, it was about a year ago when a bunch of cartoons depicting Muhammad in a bad light were published in Danish and Norwegian newspapers.  Many Muslims were offended, and there were many acts of violence following the publication of the cartoons.  Citing a fear of resurgence of violence, Network Solutions shuttered the website fitnathemovie.com.  The website was registered to Geert Wilders, the leader of a Dutch political party.  Mr. Wilders is leading a movement to ban the Koran in Holland, and this website would have hosted a movie that he was goign to use to rally support for the movement.

First, censorship is not ONLY performed by government.  Yes, freedom of speech is a concept that applies only to the protection of censorship by government.  However, censorship can be performed by any entity with the power to do so.  And Network Solutions without a doubt has that power.  And it has exercised that power in this case.  Therefore, Mr. Wilders has been censored.

Second, NS is a business.  It has the right to close down a site it views as violating its terms of use. 

Third, NS is an AMERICAN business that is using its censorship power throughout the world.

Fourth, Mr. Wilders may have caused violence with this movie.

Fifth, Mr. Wilders is encouraging of censorship by a governmental body by asking for the banishment of the Koran.

Sixth, seventh, eighth…

There are a bunch of points that can be made here, but it all comes down to which side of the fence you fall on (or which fence you are riding).  NS is stopping a website from being displayed because it is afraid of offending Muslims.  That is censorship, and many view that as wrong no matter what.  Many people see a world-wide anti-Muslim campaign becoming popular, and they want to head it off.  And many simply worry about their companies or countries becoming targets for terrorism and other violence.

It is hard for me to take sides here.  I am somewhat conflicted.  I don’t believe NS should censor the site.  At the same time, I am a believer in freedom of religion as well as freedom of speech.  And of course, that brings up fifteen hundred other arguments.  And the Army veteran in me wants to just blow ‘em all to hell (the radical terrorists, not mainstream Muslims).  So, I guess consider this post as informative rather than argumentative.

Vet

I was contacted today by someone from this blog at virtualhosting.com.  They asked me to link to one of their posts, which  I normally don’t do if I don’t know the blogger.  However, I got to looking through the blog, and I think it is worth reading.  Basically, they have a list of links for just about everything geeky in nature.  The particular post they pointed out to me was about privacy and keeping personal information safe, so they have some security minded people posting there.

If they keep this up (which they have since last September), they could turn into a great reference resource.  Go see what you think.

Vet

If you are reading this post, then chances are that you have some interest in information security.  If so, then you will also have an interest in the Security Catalyst forums.  This is a treasure trove of information security discussions and the like. 

One of the interesting questions posted yesterday was also linked by Michael Santarcangelo over at his blog.  It was a question on what you do if you are discover a large amount of PII (personally identifiable information) on a hacked server at your company (assuming they mean PII from outside your organization).  it is a great question, and it has inspired some great arguments.  Go check it out if you have not done so.  Great stuff.

Vet

Looks like this Sweetbay supermarket credit card issue is starting to pop up all over the wire.  From the article:

They say they are aware of about 1,800 cases of fraud related to the data intrusion and about 4.2 million unique account numbers were exposed.

Wow.  Here’s a Sweetbay Google news search.  All the stories are still pretty new, but Hannaford (parent company) says they have been aware of it since late February.

Here’s a graphic from Hannaford’s front page:

Think that kid is going to be as happy when he can’t get any new toys for a while because his parent’s have to clean up a credit mess?  Sorry, couldn’t resist.

Vet

This is the kinda crap that makes people not want to trust the Internet at all.  Really, if you can’t trust an anti-malware company’s website, who can you trust?

It’s really about being skeptical about the content you visit…

That comes from Craig Schmugar, a threat researcher for McAfee Avert Labs.  I understand the sentiment.  But if you look at it, the Internet has not changed much from its original model of trust.  Yes, there are some more security measures built in now.  There are more warnings that everyone ignores.  But the Internet still relies on that trusted model.  And that trust is getting more and more eroded everyday.  What happens when people just say "screw it" and quit using the Internet? 

Maybe I am being melodramatic, but these damn bad guys are like viruses.  You kill the host, you don’t survive.  Of course, bad guys mutate quickly.  Good guys are getting better at it, but we still don’t change quickly enough.

Vet

Found this compilation story of a lot of the infected computer products coming from China and Taiwan.   I have not done any confirmation of the details, but I believe all of these have been openly published in the media.

This kinda stuff makes you want to break out the conspiracy theories big time.  But on second thought, why is it so unbelievable that China is not putting malware on its devices on purpose?  Hmmmm…. (cue X-Files music).

Vet

Here’s a heads up for those in and around Texas (I know that covers a lot of area).  The Texas Regional Infrastructure Security Conference (better known as TRISC) is almost here again.  The dates are April 21-23, and it is being held in beautiful and historic San Antonio.  Also, Fiesta San Antonio is happening during that time.  I have been to San Antonio during that event, and it is awesome.  Lots of events.  The Riverwalk is very cool during that time.  Here’s a description of it from here:

Fiesta San Antonio is a 10-day citywide celebration, which includes exciting carnivals, spectacular sports, fantastic fireworks, lively entertainment, ethnic feasts, art exhibits and sparkling parades that glide down San Antonio’s River Walk and streets. More than 100 unique events satisfy every taste and interest, drawing spectators from around the city, nation and world. Since 1891 when the first Fiesta event, the Battle of Flowers, honored the memory of our Texas heroes, Fiesta has expanded the initial commemoration to include the recognition and celebration of San Antonio’s rich and diverse cultures. Come celebrate Fiesta San Antonio! (210) 227-5191 www.fiesta-sa.org

Looks like some good keynote speakers are going to be there, and there are going to be some good speakers as well.  Dr. Anton Chuvakin is going to be there, and Simple Nomad is showing back up as well.

Looks like it is going to be good stuff.  Sign up soon.

Vet

Here’s the story.

I haven’t looked at all the business logic here, but, I can speak to Encentuate as a product.  Their management was horrible, but they had VERY good stuff.  I tried and tried and tried to get them into my last job, but political crap got in the way.  I was working in a psychiatric clinic, and Encentuate was perfect for medical environments.  The SSO was very easy to setup, and they also melded with RFID card readers and biometric devices for multi-factor authentication. 

If IBM doesn’t screw this up, they will end up with a good product.

Vet

I went out to see one of our customers this week who had their web app pwned a while back.  This is the second client since I have been with Accuvant that we were trying to help via our security assessment services who got smacked around before they could make up their mind to spend the money or not.  It has been several weeks since they were attacked, and they are still running around like school girls with their hair on fire. 

Yes, they are making a lot of progress (much of it due to us having a couple of guys helping them out for the last 4 weeks).  But the point is that they could have avoided all this craziness and stress if they would have made the right choice in the first place.  Like I have said in the past, business decisions have to be made.  But when you are a financial company that serves a lot of customers, you need to make sure due diligence is performed.  Sitting on your hands is not an option.

Vet

I am getting all the usual invites for every security company that exists in the world right now, asking me to meet with them at RSA (I have a press badge via the blog).  But what amazes me is how many of these companies want to talk about their new DLP product.  Websense bought Port Authority.  Symantec bought Vontu.  RSA/EMC bought Tablus.  Those are your normal convergence things, I guess.  And now Trend Micro is now billing itself as a DLP company. 

But let’s back up.  I said a while back in another post that compliance is not a product.  And so now I want to say the same thing about data protection.   Data protection is a process.  Yes, product can be a part of the process, but it is not THE process.  And that is how Accuvant is handling it.  We now have a data security practice area with several consultants offering services to help companies protect their data.  We stay vendor neutral and help companies with processes and data identification and classification.  I think this is the way to handle it.

Products will always have a fit, and we will recommend products based on the organizations needs.  But don’t expect the product to take away all your pain.  It ain’t gonna happen.

Vet

OK, to be honest, the first BayouSec had more people than BayouSec II.  But I think this one was more of a success by far for a few reasons.

1. We added two more members ("membership" is used loosely in CitySec gatherings, but you get my meaning)
2. We had good security geek discussions instead of just sitting around and drinking beer (we plan on combining the two next time)
3. We made some good plans for future BayouSec’s
4. The group seems to be intent on the success of the event

We have decided to make this a more educational event.  We would like to have discussion topics and speakers so we can draw people into the event instead of just relying on beer and food.  Those things only get you so far, and it seems like the geek route will draw more people in.  It remains to be seen, but I think it is a good strategy. 

We have a good core group now, and they are inviting their friends to come in as well.  And now we have a good conference room to hold the event (thanks to Sam at Alert Logic for getting that setup, and thanks to Alert Logic management for helping us out).

Vet

Some of my fondest memories were when I was playing Dungeons and Dragons as a kid and, believe it or not, when I was in the Army serving in the first Gulf War.  D&D was how I and 5 or 6 of my buddies passed the time while we either waiting for things to start or waiting for our plane ride home (that was between the times when we were either practicing shooting stuff or actually doing the real thing).

So when I learned that Gary Gygax had passed away yesterday, I was sore wroth.  Those games required so much invention and imagination for the creators and the players.  I still have my Dungeon Master’s Guide, and I look at it with a smile and a recollection of an easier and more imaginative time (even if that time was in a desert a few thousand miles from home).  Gary made life tolerable by helping me and my friends escape from our reality and enter a world of our minds.  I believe D&D was a huge catalyst for my mind in the developing years (and I also believe those years go WAY beyond early childhood - and you can form your own opinions on whether that was a positive or negative).

For a VERY good article on Mr. Gygax’s passing, go read here.

Thanks for all the memories, Gary.

Vet

If you actually visit my site to read my thoughts (instead of just reading via a feed reader), you will notice some changes to the layout.  Actually, it is a big change.  I am one of those people who likes change (in certain aspects of my life anyway), and I was growing tired of the old theme.  Plus, the old theme was just that - old.  It didn’t support some of the newer features in the newer versions of Wordpress, and I was noticing little quirks every time I upgraded to a new version of Wordpress.  So, I changed.

It is a simple and very readable theme.  It is not complete yet, but I am not goign to go crazy on it.  Just wanted something different and simple, yet flexible.  So enjoy.

Vet

OK people.  This is your final reminder.  BayouSec II is TONIGHT!!!  Don;t miss the fun and all the action!!  It will be a geek thrill ride!!!  Well, probably not a thrill ride, but food and drinks are good.  And some security talk to wash it all down.

It is located at 1776 Yorktown, 7th floor, just south of the Marathon Oil tower on San Felipe.  I have it on good authority that the parking is plentiful and free.  And since we do live in Texas (and because a buddy of mine drives a dual cab F250), I checked to make sure the garage can take trucks.  It can.

Vet

My oldest son is a Lego freak.  He absolutely loves the stuff. So my wife goes out on the Internet (usually Amazon) from time to time to look for some good deals on the latest Lego sets.  One that my son has been looking at is the Mars Mission MT-51 Claw-Tank Ambush.  So my wife went to Amazon, and as a smart shopper, she looked at the reviews.  Below is one of the actual reviews. 

My son turned six last week and he has been excited about the new Mars Mission Lego sets since he first spotted them in the magazine. I, however, have been struggling with the themes of the set. First of all, if humans are exploring Mars, that makes US the “aliens,” not them. Second, why is there the assumption that “aliens” are automatically on the attack? I don’t like the human-centric assumptions and the explore-attack-conquer approach to learning about the rest of our universe. Maybe I’m being too sensitive but it seems like a slightly more balanced view of space exploration could have been presented with this set. Sure, they’re just toys; but they help children build a foundational understanding of our culture, our world, our universe.

This is taking political correctness to the extreme, I gotta tell ya’!  Worrying about people on Earth is one thing, but freaking out about aliens?  And you know what else is scary?  TWELVE PEOPLE FOUND THE REVIEW HELPFUL!!!!

All I can say is that I hope this person was just having fun.  Sheesh…

Vet

I recently posted on my Computerworld blog about a task force being created to help child Internet safety.  One of the respondents to my post was from The Kristin Helms Internet Safety Foundation (or at least linked to the foundation in their response).  I have some recollection of that case, and it made me sick then, as it does now two years later.  This is why we need this task force.  This is why we need parents to step up.  This is why we need laws (though I think too many laws won’t help).  This is why we need more awareness.

My prayers go out to this family and other families who have suffered through this type of occurrence.

Vet