Posts Tagged ‘security

21
May
10

Diaspora & Facebook

I’ve got this personal blog now that I’m using for things that aren’t quite related to all things Drink Tank.  And it’s been a while since I’ve posted here, so i’ll start off short and sweet.

Did a quick post on some thoughts surrounding Diaspora and Facebook/iPhone integration.

Thought you should know.

Advertisements
14
Jan
09

Lessons learned?

Dan Kaminsky said something during a discussion panel at defcon last year that still haunts me. To paraphrase:

We need to fundamentally change the way we develop software.

During the panel, I tried to raise the point that the issue is realistically just a people problem. Now it seems that I’m not the only one saying it. This article tackles the issue from an angle that argues that the issue is an age old one: we don’t learn from our history of mistakes.

Something to think about.

23
Dec
08

Airline Suckurity

Why ship the checked bags with the plane? Why not send them next day to wherever the passenger is going? Drop it off at the curb with an address and ship it. No screening, no worries, take advantage of an existing infrastructure. Fed Ex, UPS, and the USPS have been doing this reliably and cheaply for years. I suspect when all the redundancy is eliminated from the system, and all the extra security measures are dropped, the cost difference would be negligible. This would also cut down on theft. If the bags are sealed up, as the don’t need to be opened to be inspected, it makes it much more difficult to pilfer items from them. Perhaps an industry that isn’t on the ropes may be able to profit by assisting a vital industry that has been in trouble for years.

01
May
08

White House Email Horrorshow

The White House started using Lotus Notes about 15 years ago for email. Since a ruling determined that electronic communication needed to be archived, there was an automated system in place to capture, sort, and store all the email to or from the White House and senior executive staff officials.

Early in the GW Bush administration they migrated to Exchange. Not a big deal. Lots of places use it. Even as much as I try to avoid Microsoft products when possible, it’s pretty tough to argue against using Exchange. The problem is, when they migrated email systems, they did not bring along the processes to archive the mail. What they did instead was have people manually go through all the email, sort it, and save it in .pst files. This is not good.

On top of that, the use of outside email was widespread. This is the executive branch of the US government. Office of the President. Commander-in-Chief. During wartime. Shouldn’t those systems be locked down more than anything else in the country? Do I want a computer sitting next to the big, red, blow up the world button to have Hotmail access? Should it be that easy for the people with the highest clearances to transmit documents to the entire world?

This issue will probably be revisited as it is so wrong on so many levels.

More details can be found here http://arstechnica.com/articles/culture/bush-lost-e-mails.ars

27
Apr
08

Quick post on corporate suckurity

If these big corporations with tons of resources can’t do the easy stuff properly, how can we expect them to manage the hard stuff?

 

1) Myspace

Where’s the secure login? If they had SSL and certificates it would cut down on phishing and stolen accounts. I’m at a loss. Maybe someone out there can tell me why they haven’t done it.

 

2) Yahoo

They have SSL implemented, but the certificate was expired for quite a while, weeks, if not months. Also, they are cheap. login.yahoo.com has a proper cert attached, but mail.yahoo.com has a cert for login.yahoo.com, too. Come on guys, pony up a couple bucks for another certificate.