Wednesday, May 31, 2006

More on Log Management Summit

Go and sign up if you have ever dealt with logs... Here is some more info on the event (including my quote): Logblog: LogLogic and the SANS Institute Sponsor Industry’s First Log Management Summit: "This promises to be a great event with more than 20 speakers - mostly users - speaking to best practices and leading-edge approaches. Moreover, it will go beyond security and network intelligence to look at more complete approaches to LMI spanning operations, IT controls, compliance and SLAs."

The event agenda is here: "What Works in Log Management for Compliance, Operations and Security"

A fun read - "How to Be Silicon Valley"

Its reading pieces like this makes me happy that I am escaping the mushy Edison, NJ and moving to such an inspiring place ....

How to Be Silicon Valley: "Could you reproduce Silicon Valley elsewhere, or is there something unique about it?"

Tuesday, May 30, 2006

On Symantec AV remote vulnerability

Wow! I am sure its a mis-quote, but still ....

iWon News - Researchers: Antivirus Software Has Flaw: "'People shouldn't panic,' Maiffret said. 'There shouldn't be any exploits until a patch is produced.'"

There shouldn't, should there? :-)

On Sony DRM rootkit settlement

The truly amazing part of it is that there are reports that they still sell it! :-)

Sony DRM settlement passes final legal hurdle - Security Strategy - Breaking Business and Technology News at "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after 1 August, 2003. Those customers can file a claim and receive certain benefits, such as a non-protected replacement CD, free downloads of music from that CD and additional cash payments."

Thursday, May 25, 2006

On "Security Absurdity; The Complete, Unquestionable, And Total Failure of Information Security"


Security > Security Absurdity; The Complete, Unquestionable, And Total Failure of Information Security: "Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security."

As you can see, I am balefully late commenting on this. So, first, I am supposed to call this guy an "idiot." I don't think he is, all his facts are reasonable. And having all this bad stuff happen, as he points out, while still having "Condition: Green" is somewhat bizarre.

IMHO, he just uses the term "fail" liberally... In addition, he has a few very good points:

- "Cybercriminals are simply out innovating us."
- "Cybercriminals are simply out innovating us AND Security isn't accessible." (not sure I fully agree with this one though)
- "Complexity is the enemy of security."

Marcus Ranum also has a few good points, mostly agreeing with this guy.

Fun Security Contest

This is from a book that I contributed to ("HC3") so I figured I'd highlight it here...

Challenge 9: The Root of the Problem: "This chapter presents a situation in which the security of an organization has been compromised. At the end of the excerpt there are four security-related questions. Be the first to answer those questions correctly and you will win a free copy of Hacker Challenge 3. Good luck!"

"Blasting away security myths" and Creating Better Ones...

Wow, how can folks be so dumb?

Blasting away security myths InfoWorld Column 2006-05-12 By Roger A. Grimes: "Too many computer defenses and books concentrate on the wrong problem -- the hackers instead of the malware. "

Exactly the opposite is true: way too many defenses focus on the worms instead of human attackers...

But it goes further into the "dumbyss" (from "dumb" + "abyss" :-)): "But the fact of the matter is that security by obscurity works, and works well." This statement is indeed correct and accepted IF (and only IF) it is used in addition to other defenses, so that a better way to phrase it is:

* "Security by obscurity" doesn't work when it is the ONLY defense
* "Security by obscurity" works great in combination with other, more reliable, mechanisms than hoping that attackers wouldn't know...

Treading the VC waters: Security investments - Any hope for VCs?

Here is an interesting and some say depressing point of view: VCs are supposedly losing interest in infosec investments...

Treading the VC waters: Security investments - Any hope for VCs?: "The reasons for this are many, including -
* A maturing industry (that's consolidating)
* No IPO activity in security (only 3 IPOs in NASDAQ the last 5(!) years)
* The fact that the startups end up as 'point' solutions which large companies like to view as 'off balance sheet R&D' acquisitions
* And the fact that many segments are considered overfunded..."

I kinda doubt some of the above points, but then again, I am not a VC :-(

Also, note this quote that kinda proves that the guy knows what he is talking about (i.e. he is not into this silly 'staying aheads of the hackers' crap): "But I guess it boils down to the fact that we don't know what the next big security threat will be."

TaoSecurity on Security = Police

I kinda collect "informatiion security is just like X" statements where X = insurance, risk management, armed guards, etc.

Here is a new and fun one from Richard Bejtlich: security is [getting to be] just like the police.

TaoSecurity: "I call it the 'local police model.'"


Word 0-day Attack Case

This is a pretty good account of the now-famous Word 0-day attack on the "unnamed" government agency.... enjoy.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System: "That user detected an email coming in that originated from a domain that looked like their own, but wasn't their own (actually only had an MX record in it). The email was written to look like an internal email, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software. "

Also, dailydave has some fun discussion about it titled (he-he!) 'We got owned by the Chinese and didn't even get a "lessons learned"'

Wednesday, May 17, 2006

Blue Security Affair Concludes... With a Defeat

All I can say is "Wow" - spammers has won this one...

Blue Security: "After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations. "

Thursday, May 11, 2006

On "Google moves into virtual worlds"

Fun bit with some pretty peculiar implications for infosecurity.... just think about it and go reread Stephenson :-)

Future Boy: Google moves into virtual worlds - May. 11, 2006: "Google moves into virtual worlds"

More CISSP Jokes ...

I love CISSP jokes (well, some say it actually IS a joke), and here is one:

Opinion: 'Student' CISSPs put cert's value in jeopardy: "Is the CISSP going the way of the MCSE?" (Why isn't he asking - when did you notice that CISSP went the way of the MCSE?) The issue is that a college started offering CISSP with its undegrad courses. It says "offering the CISSP to undergraduates devalues the credential for those with decades of experience."

The only reasonable response to this would be "he-he" :-) What devalued CISSP is certifying people who only used computers for AOL email (I knew a couple myself...) and folks can barely spell "s-e-c-u-r-i-t-y." For instance, I know of a few of a major equipment company salespeople (!) who went and got the cert after reading "CISSP for Dummies" (check the above link on the no-nonsense site :-))

It further goes "it may not be long before just about anyone lacking experience in the field can be "coached up" to pass the exam." How about "minus 3 years"? Is that "long"?

Wednesday, May 10, 2006

Oh, horror, evil USB sticks attack! :-)

Here is a fun one on USB threat

BBC NEWS Technology Warnings over USB memory sticks: "Smart phones, iPods and USB memory sticks are posing a real risk for businesses, warn security experts. "

Companies like Safend do aim at mitigating that threat and I do see many environments where those areally are a major risk factor.

So, do you care about those evil USB sticks? Is the battle lost and users can always steal the content (even withou the analog hole)?

On "Life Beyond Code :: Distinguish yourself"

Here is a - guess what? - fun site on life in general. I enjoyed reading so I am sure that you will too :-)

Life Beyond Code :: Distinguish yourself: "Ways to distinguish yourself- #116 Aim to become a transformer "

On authenticity of computer records (again!)

Here is some fun stuff on logs and law, again.

EventTracker ~ Newsletter ~ April 2006: "Establishing the authenticity of computer records

Have the records been altered, manipulated, or damaged after they were created?
The mere possibility of tampering does not affect the authenticity of a computer record. Absent specific evidence of tampering, allegations that computer records have been altered go to their weight, not their admissibility.

Establish the reliability of the computer programs that create the records .
In most cases, the reliability of a computer program can be established by showing that users of the program actually do rely on it on a regular basis, such as in the ordinary course of business. Once a minimum standard of trustworthiness has been established, questions as to the accuracy of computer records affect only the weight of the evidence, not its admissibility.

Establish the identity of its author .

Circumstantial evidence generally provides the key to establishing the authorship and authenticity of a computer record. "

Tuesday, May 09, 2006

Growing Team LogLogic...

LogLogic, my employer, is hiring - check it out:

Logblog: Growing Team LogLogic: "There are also plenty of other opportunities to join the log management and intelligence leader."

It is an awesome company to work for and I am pretty excited ever since I joined more than a month ago....

Friday, May 05, 2006

Congress readies broad new digital copyright bill, stricter than DMCA

That sounds like a joke, but it looks like it ain't...

[print version] Congress readies broad new digital copyright bill CNET "For the last few years, a coalition of technology companies, academics and computer programmers has been trying to persuade Congress to scale back the Digital Millennium Copyright Act.
Now Congress is preparing to do precisely the opposite. "

Monday, May 01, 2006

ACLU Pizza Parlor...

Is that really the future?

Store All ISP Logs Forever? Petabytes Anyone?

Some pretty awesome news for us in the log management business - just think HUGE volume of log data to store for a few years...

Congress may consider mandatory ISP snooping CNET "Colorado Rep. Diana DeGette's proposal (click for PDF) says that any Internet service that 'enables users to access content' must permanently retain records that would permit police to identify each user. The records could not be discarded until at least one year after the user's account was closed. "

Dr Anton Chuvakin