Archive for Security

460 results.
Jan19

A lesson to security vendors: check your PowerPoint slides

by Michael Farnum on January 19, 2007 at 12:56 am
Posted In: Security

I have been in Denver all week for Accuvant’s annual sales kick-off.  Today the SE’s and consultants were in a bunch of vendor mini-trainings for the SE’s.  Can you say death by PowerPoint???

Anyway, one of the vendors presenting is a well-known security vendor that has some products around web app security.  Up pops their obligatory reference slide of companies who use their products, and guess who is on the list?  Yep, you guessed it: TJX (read about TJX here is you are not aware of the story).

It was weird because the reference slide was all text and must have had about 30-40 companies listed, but my eyes were immediately drawn to TJX.  The presenter had paused to take a breath, and I said quickly commented, “I don’t think I would have TJX on my reference list.” 

Now understand that almost everybody in the room were SE’s, security consultants, security assessment people (pen tests, social engineering, etc.), and compliance people.  These people, including me, take pride in being up on current security issues.  The room went silent, and just about everyone looked at the slide.  The presenter just kind of froze.  Then a couple of chuckles were heard, and everyone was kind of like, “Holy crap.”  The presenter, after he unfroze, said that TJX probably had some of their other products and not their web app stuff.  Good recovery, dude.

Truthfully, the vendor in question has some great stuff, and they are one of our top partners.  But if they would have used this slide at a customer that was knowledgeable and up on events, they probably would have been screwed.

Vet

Comments Off
Jan18

5,4,3,2,1…LIFT OFF!!!

by Michael Farnum on January 18, 2007 at 6:59 pm
Posted In: Catalyst, Security

Michael Santarcangelo posted here about the launch of the Catalyst Community forums (I kissed Michael’s ass the other day,… uhhh, I mean I wrote about Michael the other day here). This is a small step in a much bigger project. Go see and join the forums if you are interested in security.

Martin wrote about it as well. Pay attention to his edit about the naming conventions.

Vet

Comments Off
Jan15

One way to avoid copyright laws…start your own nation!

by Michael Farnum on January 15, 2007 at 10:44 am
Posted In: Security

Looks like PirateBay.org is trying to buy a man-made island and start their own nation to avoid copyright laws.  That’s plenty clever.

 

 

 

 

 

 

 

Vet

Comments Off
Jan14

A response to Mr. Hoff’s comments to my 3com post

by Michael Farnum on January 14, 2007 at 4:18 pm
Posted In: Convergence, Security

Here’s Chris’ comment:

You are both way off-base! The reason Brian Smith was quoted in this article within this context is because Tippingpoint/3com are showing their honking M60 Security SWITCH at RSA! I think you guys are more interested in knocking the 3Com/Tippingpoint relationship than understanding what Brian was saying.

Chris,

I see what you are saying (from reading your post), and I agree that I may have read that wrong. But when I read “bump-in-the-wire”, I think hardware device. Even if it is super fast and doesn’t introduce any noticable latency, it is still a device to be managed.

Also, I am not really interested in knocking the relationship. Did I like the relationship when it started? No, I didn’t. I thought it made sense for 3com, but I did not like my IPS vendor being bought by 3com because I thought they would possibly screw up TippingPoint. I thought of (and still think of) 3com as a sub par enterprise switch company that is entering the game late and will probably not be able to make up the ground they have lost. And I BS you not when I talk about their attitude.

And as far as the switch they have coming out, you point out in your article that it is a year late. I spoke of “too late” in my post. That just makes me think again of their reputation.

BTW, it is good to hear from you again. I was wondering where you had disappeared to.

Vet

Comments Off
Jan13

A possible reason TippingPoint is not focusing on security in the switch

by Michael Farnum on January 13, 2007 at 11:00 am
Posted In: Acquisitions, Convergence, Security

Alan Shimel posted about something said by Brian Smith, co-founder of TippingPoint and chief architect of 3Com, in an SC Magazine article. Here’s part of the excerpt Alan used:

Smith says he also plans to emphasize the benefits of
the bump-in-the-wire network approach to deploying security solutions.
Rather than embedding solutions into switchers and routers, Smith plans
to suggest overlaying solutions to allow for a more converged, cheaper
way to add intelligence to the network.”

Alan rightly points out that Mr. Smith may be smoking a big crack pipe. Alan then ponders the mystery by asking, “Do the Tipping Point people resent and hate their 3Com overlords so much that they refuse to see the natural evolution of converging security and network gear?” Alan, I may have an inkling to why Smith thinks this is the best approach. And if my suspicion is correct, then you are on the right track, but their resentment is not the reason. Let me ‘splain.

When I was an infosec manager, I was a TippingPoint customer. When I bought the TippingPoint box, stand-alone devices were still all the rage. UTM and NAC were pretty much still new terms. But right about the time TippingPoint was bought by 3com, the convergence track had started to emerge. Cisco was really getting into putting different devices in their switches. Things were really starting to move in that direction, and 3com probably thought they should do the same.

But just in case things were not what they seemed, 3com decided to test the waters (conjecture on my part, but plausible conjecture nonetheless). So they surveyed their customers (or TippingPoint customers, at least). I received one of these surveys. Among other things, it asked if I would buy a 3com enterpise switch with a TippingPoint IPS blade integrated into it. Understand that I come from the network engineering world. I have installed and configured many a switch and router. And for the immediate 4-5 years before this survey hit my inbox, 3com had been about as present in the enterprise switch space as a woman at an ISSA chapter meeting. The biggest place you saw 3com was on a NIC or a little white 8-port hub in a room full of cubicles. So, I answered a definitive “not no, but hell no”.

To clarify (if the above didn’t explain it well enough), it was the 3com switch that threw me. I wasn’t unhappy with TippingPoint (except that they had been bought by 3com). I liked the box. It served me well. If I could get a TippingPoint blade for the 4506, I would have seriously considered it. But there was no way I was going to replace my Catalyst 4506 with a 3com switch, no way, now how.

Of course, I cannot answer for every TippingPoint customer who received the survey, but I can guess that many of them answered the same way. And this makes me wonder if 3com and TippingPoint are sitting in ivory towers and ignoring the trends because it doesn’t compute that people don’t like their switches.

And to add one more thing that may add some credence to my hypothesis: I also had a couple of 3com reps come out to visit me during the final months of my tenure as an infosec manager. When my boss and I told the 3com guys that we would not consider in any way replacing our current switching infrastructure with 3com because of our impression of 3com as a serious player, they were completely surprised by our attitude. Now maybe they had never received that reaction before because we were just a little more harsh and up front with our opinions. But my immediate opinion was that they really didn’t know they had that kind of reputation. Maybe it is just me that thinks this about them, but I don’t think so.

Vet

4 Comments
Jan12

A man with vision

by Michael Farnum on January 12, 2007 at 10:16 am
Posted In: Blogging Buddies, Friends, Security

It is rare these days to meet a person with true vision. I mean a person who can just look at a topic and instinctively know what it would take to succeed in that arena. It is even more rare to find a person that is also passionate about the topic to which they are applying their vision. And the rarest find is a person who has all of the above AND the nerve and the fortitude to do actually try to do something with that vison and passion, all the while inspiring others to join up and do the same.

Well, my faithful readers, I have found one of these rare people. Many of you know Michael J. Santarcangelo, II. Known affectionately as Santa to some (play on the name for you thinking he’s fat and jolly and has a white beard and rosy cheeks and… you get the idea), Michael is founder of The Security Catalyst blog and podcast. Instead of writing a bunch of stuff about him, here’s his bio from the above site:

One of the top rated and most requested speakers on security issues and certification training, Michael is a coach, consultant, professional speaker, and leader active in reshaping the future of information security. His rare approach of blending multiple disciplines together allows him to connect with audiences around the world as he invites people to think differently. He brings this passion and energy to podcasting as the Security Catalyst and works to explain and demystify security so everyone is able to protect themselves.

Michael is the catalyst behind Security 2.0. In addition, he is the founder of the Catalyst Community, The Trusted Catalysts, Security School House (announced September 2006) and was the founding President of the Tech Valley (New York) ISSA Chapter. Michael holds a Bachelor of Science Degree in Policy Analysis from Cornell University.

Now, before you people start wondering if I have some unnatural attraction to Michael, let me state that I am writing this (and will be writing more) because I believe Michael knows the sad state security is in now days and really wants, even needs, to do something about it. How do I know? I’ll tell you how!

Michael has brought together a group of security professionals (including yours truly) to form a group called The Trusted Catalysts and the Catalyst Community. In joining The Trusted Catalysts, I have conversed with Michael via email and chat, and I thought he had a good vision. But then I actually got to talk to Michael on the phone yesterday, and it truly struck home just what Michael is all about. The guy had so much to talk about he seemed about to burst at the seams (I don’t mean that in a bad way – I asked him to explain what all he had in mind for the Catalysts, and I got it). He is a wealth of information and experience, and he wants to give that away. He’s not a selfish person who wants to be the one guy who knows it all and people have to come to. He wants to genuinely help the security community. I guess I stand corrected. That is the rarest kind of person.

I am saying all this because I want to give you a heads up if you don’t know about Michael and the Catalyst Community. You need to watch the Catalyst Community over the next year and the years to come. I think this community will grow, and I think it will become a tremendous force in the security industry within a few years. And with Michael’s vision and inspiration, it will be a truly positive force, unlike what one security focused organization has become – I won’t name names, but it starts with “(” and end s with “2″.

Thanks to Michael for his passion, vision, energy, candor, and unselfishness. I hope I didn’t embarrass you too much. And I like the hair (or lack thereof).

Vet

1 Comment
Jan11

Update on the phishing post below

by Michael Farnum on January 11, 2007 at 12:05 pm
Posted In: Security

Update on the phishing email post below.  From Yahoo:

Thank you for informing us of possible abuse on Yahoo! Domains. We have investigated the site and taken the necessary action. We appreciate your concern and thank you for reporting this incident to Yahoo!.

The site is dead, so there ya’ go.  One down, with only 654 appearing in its place every second!  That’s not a real stat, BTW.
Vet

Comments Off
Jan10

Looks like a new phishing email

by Michael Farnum on January 10, 2007 at 11:50 pm
Posted In: Phishing, Security

I received a phishing email via my blog email today. I haven’t seen this one. Be on the lookout:

I didn’t download the pictures. The link is pointed to http://customercarealert.com/bankofamerica.com.

Here’s what that site looks like:

Here’s what Bank of America’s site looked like when I pulled it up this afternoon:

Fairly similar.

Here’s what I came up with on the domain after a quick dns lookup:

and a quick whois:

I sent an email to the abuse addresses and I also forwarded it to antiphishing.org for the heck of it.

Vet

1 Comment
Jan09

To study or not to study?

by Michael Farnum on January 9, 2007 at 3:13 pm
Posted In: Security

Tim Wilson asks whether it just would have been easier to study than go through all the pain of hacking into the school’s grading system and trying change your grade (or someone else’s grade).

Here’s a quote from Tim:

I’m betting that these cases of grade-changing are only the tip of the iceberg.

If your bet is solid, Tim, then I would say it is probably easier to change your grade.  These idiots that caught seem like low-hanging fruit.  Even the class prez, who should have been smart enough not to do something so stupid, went about it all wrong.

A quote from this Dark Reading article:

A police report indicates that several witnesses saw Shrouder making the changes or heard him say he had done so.

Why in the world would he make changes in front of people or talk about it?  Maybe the witnesses were students whose grades he changed.  That could be the case, but he is still dumb.  Intelligence must be coupled with common sense in order for a hacker to be successful.  Book knowledge does not equal street smarts!

Vet

Comments Off
Jan08

Phishing your own users?

by Michael Farnum on January 8, 2007 at 11:12 am
Posted In: Security

I found this post by Terry Sweeney, Editor in Chief, over at Dark Reading.  He is discussing whether or not you should send out fake phishing emails to your own users to find weaknesses in your security awareness training and anti-phishing methods (he is specifically talking about Core Systems’ product).  

Here’s a quote:

What the vendor doesn’t say is what you do once you’ve ensnared such users in your phishing net. Do you hoist them upside down like fresh caught marlin, then get your dockside souvenir photo snapped? Maybe feature the phished users in the company newsletter? Issue them a warning or something more draconian?

First off, security awareness testing has to be done.  How else can you figure out whether or not it is working?  And Mr. Sweeney, the argument of, “You cannot manage what you cannot measure” is still valid, no matter if you attempt to head it off by putting it in your blog post and sneering at it.

Second, as I said in my latest CW post, any security manager worth his salt is not going to use security awareness testing to incriminate users (unless the results uncover behavior that is unlawful or purposefully going against company policy).  It is simply there to test effectiveness of the training.  Employees should be coddled to some degree while this testing is going on (meaning, you should be there to hold there hand when they screw up during testing – you shouldn’t warn them ahead of time).

Third, what the security manager does with the product is not Core System’s concern.  I know that can be taken to the nth degree (hacking tools, etc.), but Core System’s is provinding a commercial product that has a legitmate purpose.  It is not there fault if ABC, Inc. uses it to fire all their stupid users.

Vet

2 Comments
Jan05

A damn good security ranting post

by Michael Farnum on January 5, 2007 at 2:19 pm
Posted In: Security

Go read this over at Security Ripcord.  You won’t be sorry (thanks to Martin for pointing it out to me). 

Not sure why I didn’t have Cutaway on my RSS feed list, but that has been rectified.  Some good stuff over there.

Vet

Comments Off
Jan04

Cisco gobbles IronPort for $830 million

by Michael Farnum on January 4, 2007 at 5:18 pm
Posted In: Security

 

I usually don’t post about these things just because everyone else does.  Plus, everyone who is not under a security / IT rock knows about it.  But this is a big deal in the world of convergence and deserves my attention is some form.

Like Alan said here, I think this just means some of the other guys are going to get sucked up soon.  Barracuda has always seemed like an acquisition target to me.  And now that they have a pretty big database themselves, you might want to keep an eye out for that soon (just my opinion – I have no insider information on this, and I do not own any anti-spam vendor’s stock).  And the others are going to go soon as well.

Mitchell, keep up that blog!

 

Vet 

Comments Off
Jan04

One Laptop Per Child post at CW

by Michael Farnum on January 4, 2007 at 1:10 am
Posted In: Security

I wrote about the OLPC initiative over at CW.  I think there may be some serious security concerns with this project.  I am doing some more research to see what I can find.

Check out the post and let me know what you think.  If you know some stuff that I don’t , please fill me in.

Vet

Comments Off
Jan02

Browser stats of visitors to An information Security Place

by Michael Farnum on January 2, 2007 at 5:18 pm
Posted In: Security

 

Found it kind of interesting that Firefox 2.0 is beating out IE7.  Guess it makes sense with this being a security blog.

 

I also found it interesting that there are a high number of Firefox 2.0.0.1 users, and very few 2.0 users, which tells me that the people who have jumped to 2.0 are good about updating.  There are still a few on 1.5, but there are also still a lot on IE 6.

These are Jan 1-2 numbers, BTW.

Vet

2 Comments
Jan02

Mike Rothman launches the Pragmatic CSO

by Michael Farnum on January 2, 2007 at 10:00 am
Posted In: Security

Congratulations to my friend Mike Rothman at Security Incite for launching his new book and site, the Pragmatic CSO.

I highly recommend this book to CSO’s and security managers of any type.  It gives a good feel for the business side of securing a network.  I wish I had this before I decided to get out of security management.

Vet

Comments Off
Jan02

On the End of the year podcast at SSAATY

by Michael Farnum on January 2, 2007 at 8:51 am
Posted In: Security

Alan Shimel asked me and several security pros to record a quick one minute opinion on what we thought were the biggest security stories of 2006.  Then he got together with Mitchell Ashley and Mike Rothman to laugh at us, er… I mean, talk about our ideas.

Go check it out here.

The other gurus he had taking a whack at this are below:

 

  1. Martin McKeay from Network Security Podcast and blog
  2. Perry Carpenter from Security Rennessance blog
  3. Ravi Char from Musings on Information Security
  4. Larry Pesce from Paul Dot Com
  5. AndyIT Guy
  6. Michael from MCW Research
  7. Mike Murray from epistome.ca blog
  8. Dan York from Blue Box VOIP podcast and blog

Vet

Comments Off
Jan01

Apple Bugs

by Michael Farnum on January 1, 2007 at 6:21 pm
Posted In: Security

The month of Apple Bugs has started.  Enjoy.

 

 

 

 

 

 

 

 

 

 

Vet

Comments Off
Dec28

F5 iRules lunch n’ learn

by Michael Farnum on December 28, 2006 at 8:33 pm
Posted In: Security

Did a day trip to Dallas today for a lunch n’ learn on F5 iRules.  Looks pretty powerful.  I don’t have any real experience with their products, but they look pretty good.  They are definitely growing their South-Central team.  I think they are trying to grow the whole team to something like 8 or 9, which is up from 4.  They have a dedicated sales rep and engineer down here in Houston now, where before they were all in and around Dallas.

Let me know what you think about them.

Vet

1 Comment
Dec26

Whatis.com has me listed as one of their favorite security blogs

by Michael Farnum on December 26, 2006 at 11:59 am
Posted In: Security

I have to admit that I do perform the occasional vanity Google.  I usually just like to see what else pops up out there and how quickly things get indexed when I am on a podcast or comment on a blog post.  I ususally don’t dig deeper than a couple or three pages, but today I dug all the way to page 9, and I found this from Whatis.com.

It looks like I am on the favorite security blog list, along with Bruce Schneier and my friend Martin McKeay (of course and of course) and a few others.  This seems like a fairly obscure article since it is titled “Our Favorite Technology Blogs” and is under the “O” section in their database where I doubt anyone would really look.  You also have to go down to the table of contents and click “Security” to find me.  But hey, I’m honored!  Thanks Whatis.com people!

 

Vet

1 Comment
Dec26

Good SANS article / case study

by Michael Farnum on December 26, 2006 at 11:31 am
Posted In: Security

I enjoyed this little case study from SANS.  It talks about doing security inspections on some old laptops that all came from a company.  Mostly typical findings, but it demonstrated some points that we don’t need to forget.

Vet

Comments Off
Dec24

Winsnort issue

by Michael Farnum on December 24, 2006 at 8:34 am
Posted In: Security

Getting ready for church on Christmas-eve morning, so I don’t have time to write much. But if you are reading blogs on this holiday weekend, go check out the comments on my post about the Winsnort site being defaced back in August. Let me know what you think.

Vet

Comments Off
Dec21

Some certifications that saw decreasing salary

by Michael Farnum on December 21, 2006 at 3:57 pm
Posted In: Security

From Computerworld Career Watch page:

Troubled Certs
Pay for some certifications plummeted in the six months from April 1 to Oct. 1, according to a wide-ranging Foote Partners LLC survey covering 129 certification categories and 124 noncertified skills. The following are some particularly hard-hit certs:

  • CompTIA Linux: -43%
  • CompTIA Network Technician: -36%
  • CompTIA Security+: -33%
  • Cisco Certified Design Associate: -22%
  • Cisco Certified Network Professional: -22%
  • CompTIA Certified Technical Trainer: -22%
  • Certified MySQL 4.0 Professional: -22%
  • Citrix Certified Enterprise Administrator: -20%
  • Microsoft Certified Trainer: -20%
  • Microsoft Certified Database Administrator: -20%
  • Cisco Certified Design Professional: -18%
  • Microsoft Certified Systems Admin: Security: -13%
  • Linux Professional Institute certification: -13%
  • Cisco Certified Network Associate: -12%

Honestly, is this list very surprising?  The top three are CompTIA certs (I happen to hold the Security +).  How many people are roaring for those (except for A+, which is still respected in the nech tech world). 

CCNA has long been a joke, even though I heard it had been revamped and was tougher.  I have seen personally the interest for the CCNP drop quite a bit (I don’t know everyone, but most of the people I knew that were looking at it decided not to pursue it).

Now, where’s the list where it shows the CISSP cert causing 100% increase in salary?  Yea, right.

And here’s a certification that we all had in the 90′s and early 00′s:

Vet

Comments Off
Dec21

Who else wants to Photoshop me?

by Michael Farnum on December 21, 2006 at 10:58 am
Posted In: Security

First it was Alan Shimel on his blog turning me into the Grinch.  Now Misha at AlertLogic has a picture of me Warhol-style.  I think this may be the start of a trend.  Anyone else want to have fun with my mugshot?

Here it is.  Have fun!

Vet

1 Comment
Dec20

Websense buying PortAuthority

by Michael Farnum on December 20, 2006 at 8:10 pm
Posted In: Acquisitions, Business of Security, Security

Websense is buying PortAuthority for $90 million. If you are not familiar with them, PortAuthority makes a leak prevention security product. This makes sense in the Websense model, but I like the deal for another reason. This tells me that Websense may be seeing the light finally and is trying to diversify a little so they don’t implode.

Of course, we’ll see if they have learned anything at all by watching what they do to the pricing model of PortAuthority. If they follow their current structure, current PortAuthority customers might find themselves paying 100% maintenance every year.

By the way, has Websense ever bought anyone before? I need to do some research.

Vet

1 Comment
Dec19

Interviewed for the SSAATY Podcast

by Michael Farnum on December 19, 2006 at 2:37 pm
Posted In: Blogging Buddies, Friends, Fun, Me, podcasting, Security

Alan and Mitchell at the StillSecure After All These Years podcast interviewed me last week for their podcast. It is up here at Alan’s site and here at Mitchell’s site.  I gave an update on my move to the channel, about honesty in selling security, the converging of the security professional and the general IT professional article I wrote at CW, and some other stuff.  It was fun.
Thanks to Alan and Mitchell for having me on again. I really enjoy talking about myself, as anyone can plainly see, and Alan and Mitchell actually seem to genuinely be interested in the people they interview. They are two great guys that I hope to meet soon at the RSA Conference security blogger gathering (not sure if Mitchell is going to be there, but I know Alan is going to show).

Thanks for the kind words, guys. You are two class acts.

And Alan, notice that I did not alter the picture in any way!  Or did I?
Vet

Comments Off
Dec19

I’m getting cynical with age

by Michael Farnum on December 19, 2006 at 12:25 pm
Posted In: Business of Security, Musings, Security

I was reading through my many newsletters I receive daily, and I ran across a couple of articles about security vendors warning about spam, spyware, phishing, the mob and hackers teaming up, etc. As I was reading those headlines, I found myself quickly sneering and thinking these were nothing but more FUD from people trying to make another buck.

Then I thought, Wow, I sure am getting cynical. Though it is obvious that there can be a lot of FUD coming from these guys, that doesn’t mean that I shouldn’t read their stuff. I’m sure there are people in those companies that are sincerely trying to help the security industry. It just comes out as FUD when those dang “marketeers” get their claws into it.

Maybe I’m a little gloomy because it has been raining down here for the last couple of days. I need to take a happy pill!

Vet

2 Comments
Dec14

Latest Proventia update breaks stuff

by Michael Farnum on December 14, 2006 at 4:52 pm
Posted In: Security

Looks like the latest IBM ISS Proventia update is causing some havoc on networks.  Go see here

 

 

Thanks to SamVR for pointing me to the article.

Vet

Comments Off
Dec12

Citrix NetScaler training

by Michael Farnum on December 12, 2006 at 11:32 am
Posted In: Security, Training

I am in Citrix NetScaler training for most of this week.  I have heard good stuff about this product, but I am interested to hear about anyone else’s opinion.

Another interesting thought.  Now that I am not responsible for the security of a network, I have no issue posting on my blog what I am going to be doing for the next couple of days.  I feel so free! 

Vet

4 Comments
Dec11

EXTRA! EXTRA! READ ALL ABOUT IT!!! NEW SECURITY VENDOR BLOG!!!!!

by Michael Farnum on December 11, 2006 at 7:35 pm
Posted In: Blogging, Security

I posted a couple of weeks ago about me doing a talk at Alert Logic. Misha Govshteyn is the founder and CTO of AlertLogic was in the group as well, and we talked for a bit about various things. If you have not talked to Misha, he is a very informed person, and he is clearly intelligent with clear cut and well thought out opinions about security.

By the way, I WAS NOT PAID FOR THE TALK, AND I DO NOT HAVE ANY STOCK OR INVESTMENT IN ALERT LOGIC.

Anyway, one of the issues that came up was the possibility of Misha starting a blog. To my knowledge, he has not started one yet. However, Alert Logic has a blog that has been kept under wraps. Until now, that is. I have been given the honor of revealing their blog to the world (they chose me because of my thousands and thousands of readers and fans – **HACK, COUGH** – sorry, hairball).

But in all seriousness, I have read some of the stuff on the blog, and it looks good. The writing is often very witty and well though out (this Jeremy Hewlett guy has some great skills with the written word). And I have found them to be very informative as well. Go check ‘em out here.

Of course, now that you Alert Logic guys have been exposed to the world, be prepared for comments and criticisms. I hope you have some thick skin. It ain’t easy out here sometimes!

Vet

1 Comment
Dec07

Requiring sex offenders to register IM names and email addresses

by Michael Farnum on December 7, 2006 at 4:35 pm
Posted In: Crime, Government, Laws, Rant, Security

I just wrote a post over at Computerworld entitled The Security of Web 2.0 – an Oxymoron. Then I find this story about Senators McCain and Schumer proposing legislation that will require sex offenders to register their IM names and email addresses. I need to read more about this bill. Like typical security legislation passed by our government, this one appears on the surface to be nothing but security theater and something else to boost Schumer and McCain’s appeal before the presidential elections.

Think about it. How difficult is it to create a different IM name or email address?

The registration provisions would make failure to notify the authorities of all e-mail addresses a felony punishable by up to 10 years in prison.

Uhhh, so? These perverts are already breaking the law and facing jail time and some serious nastiness in the big house (child molesters supposedly don’t fair well in prison – though I have no proof of that). What makes anyone think they are going to change their ways because of another law?

Don’t get me wrong. I am fully on board for catching these “people”. I have children and would unleash all hell if one of these sick, twisted individuals even came close to one of my kids. But another law on the books that effectively does nothing to help the situation is just words on paper. Just make the behavior illegal (which it is) and make the punishment such that if the perv is caught he never sees the light of day again (there are a couple of punishments that would fit that description – you decide which one is right for you).

Vet

Comments Off