Off the Top: Security Entries
Showing posts: 1-15 of 30 total posts
Oddities on an Odd Day
There were three things from today's White House and Capitol evacuations that were a little more than bothersome.
First it was reported that a couple weeks ago there were evacuations, but the cause of the radar blips were clouds. It sounds like the system is not quite ready for prime time and our lives depend on it.
Second, the only way those of us not working in the Capitol nor White House knew something was up was people calling them or they caught something in the media. The city government of Washington, DC was not informed until after the all clear was sounded. After September 11, 2001 this Government seems to have learn little and changed their planning very little and they prove they lack competence at every turn.
Lastly, our President was out in the country-side on a bike ride. Oh, it was the middle of the day on a Wednesday and the President of the United States is out with an old school chum for a bike ride? You have got to be out of your mind. Not only did people elect this guy, he is getting paid for leading not bike riding and playing hooky, and he is allowed to keep his job?
Cyber Hole
One element of Homeland Security that gets little coverage, but could be be one area that is the most vulnerable is the cyber front. It does not bode well when the U.S. Cyberterrorism Czar resigns. This makes at least three in three years, not to count those that have had the job offered and turned down. The word on the ground is one of the nation's greatest vulnerabilities is also tied to one of the party in the White House's largest donors. Every Czar left out of frustration. This one gave less than one day's notice. Amit was also considered by most of the industry to be a very influential person and to listen to what industry needed to provide a safe digital environment in the U.S.
Is it most important to protect donors to your political party or to protect America and its infrastructure? My job is reliant on a safe infrastructure. If you are reading this you are using the infrastructure.
One Less Browser Option?
The talk on Metro this evening between a few folks was whether they would be able to use Internet Explorer the following day at work. The security hole in the browsers have been very problematic over the years, with this past year being particularly bad. This newest security hole permits your keystrokes to be copied by another party with out the user ever knowing. The warnings have been for banks, but it has spread to any log on, password, credit card number, or any information imaginable secure or wide-open, it does not matter.
Molly's WaSP Buzz entry outlining mainstream publications advising user to stop using the browser and Slate's "Are the Browser Wars Back? How Mozilla's Firefox trumps Internet Explorer" article frame the problems and options well.
My personal favorite browser on Windows is Firefox, which is one of the Mozilla browsers (it is the makers of the guts of the newest Netscape browser. On Mac I am a fan of Safari and Firefox and have both running at all times. You have options for browsing. Hopefully your bank and other purveyors of information were not foolish enough to build to just one browser.
Closing the Vulnerability
As mentioned elsewhere the URL vulnerabilities on Mac OS X can be closed very easily with RCDefaulApp, which allows you to turn off telnet called from the URL. The free application also allows turning off many other function calls from the URL as well as mapping file extensions to applications.
SixApart's TypeKey Coming Soon
SixApart's TypeKey looks to be a good resource to help authenticate those making comments on Web sites. I have been very happy with SixApart's TypePad, not that I am ready to move off my own system. Actually it sounds like TypeKey will have an open
Mac OS X is secure
Richard Forno sets the record straight on Mac OS X security compared to Windows. Forno is the former Chief Security Officer at Network Solutions. The technical overview from Forno shows that Apple's Mac OS X is far and away more secure than Windows.
Public disclosure of Microsoft usage
In an article from the New York Times regarding software oversight needed because some large companies don't check their own software for vulnerabilities, I ran across the following:
Proposals for government action being discussed by policy makers and computer security experts include strengthening the Department of Homeland Security's cybersecurity division and offering tax incentives to businesses for spending on security. Another proposal would require public companies to disclose potential computer security risks in Securities and Exchange Commission filings.
and the double standard for Microsoft
"There's a reason this kind of thing doesn't happen with automobiles," says Bruce Schneier, chief technical officer at Counterpane Internet Security in Cupertino, Calif. "When Firestone produces a tire with a systemic flaw, they're liable. When Microsoft produces an operating system with two systemic flaws per week, they're not liable."
I can just see it now the SEC requiring companies to divulge on their filings that their security threat is using the Microsoft OS. But, this would explain the day or two of lost productivity each quarter. I know of more than a handful of major firms (through friends that work at them) that had whole divisions (200 to 1,000 people) that were knocked off-line or completely out because of the last vulnerabilities. These did not show up in the news and their investors most likely were not informed.
At work I lose two to four hours per week of productivity to software bugs, security vulnerability patching, or operating system issues on the Windows platform we have to use. At home I do similar tasks on a Mac OS X based system and use Linux servers and I have a half an hour per month lost for the same things. Given I do more rigorous work at home and spend about an equal amount of time on the computer at home as I do at work I don't see why folks use Microsoft.
Microsoft gets an F for security and consumers pay
Security experts give Microsoft an 'F' CNN reports, but some experts are pointing to Apple as being more secure. One of the experts will be switching to Mac as he finds his wife's never gets viruses Mac.
I was supprised when Bank of America embraced Microsoft OS for its ATMs and services. My first thought was that they did not understand security or care about their customer's digital information. When I was changing banks my first consideration was digital security. I seem to have been thinking correctly this time as it seems the Slammer virus hit major company's resources using Microsoft OS and Bank of America had serious problems. As our society moves more toward digital interactions we need a secure framework and Microsoft has never provided that and appears it never will. The regular people who depend on the digital systems are the ones who suffer and the economy takes a huge hit with every Microsoft failure. We really need to stop the reliance on Microsoft now.