Blog

Enterprise DRM- Not Dead, Just in Suspended Animation

By Rich
I just finished up my last of 4 presentations here in Orlando and am enjoying a nice PB&J and merlot here in my room. Too much travel really kills the taste buds for hotel food. Today’s presentation was on data security; the area I’ve been focusing on during my 5 years as an analyst. And when you talk about data security you have to talk about DRM. Enterprise DRM is quite different from consumer DRM, even if they both follow the same basic principles. One of the biggest differences being enterprise DRM is focused on reducing the risk

There’s a Reason We Have Security (or any) Experts

By Rich
I’m on a break here in Orlando and made the mistake of checking my work email. A coworker from another team is pushing a prediction around data security that, depending on how you interpret it, is either: Already in multiple commercial products No harder to break than existing technologies I won’t name names or even the specific proposal, but now we’re in a big internal debate since I’m fighting publication of a prediction that I think could embarrass us among security professionals. Unfortunately this person’s team is backing him/her and are really excited about

IE7 Coming This Month (Maybe as a Security Update?)- If You’re Staying on MS, Better Get It

By Rich
Over at the Washington Post, Krebs is reporting that Microsoft is releasing Internet Explorer 7 this month. At first it sounded like it might be released as a security update (part of Patch Tuesday, when Microsoft releases all their security patches every month). Now it looks like it might just be released as a regular old update. I’ve heard IE7 is pretty good, although some of the best security sauce won’t work until Windows Vista ships this year/next year/next decade/centruy/whatever. The usual advantage of IE is that it won’t break all those sites coded

SCADA- It’s Probably Cheaper to Keep Those Networks Separate

By Rich
Thanks to a missing arrival I’m blogging live from the “Analyst Hamster Maze” at Symposium in Orlando. That’s how we refer to the One-on-One area in the Swan hotel- there’s really no other way to describe about 100 temporary booths in a big conference room filled with poorly fed and watered analysts. If you’ve never been to a Gartner conference, any paying attendee can sign up for a 30 minute face to face analyst meeting for Q&A on pretty much anything. I like to call it “Stump the Analyst”, and it’s a good way for

Speaking at the Gartner Symposium

By Rich
I’m packing up my bags and heading down to Orlando for the Gartner Symposium and IT Expo. It’s a busy year, with 3 presentations and a panel: Tuesday, 8 am: Oracle, SAP, and Beyond: Securing Major Enterprise Applications Tuesday, 3:15 pm: Enterprise Risk Management, the Benefits of Risk (panel) Wednesday, 8:30 am: Content Monitoring and Filtering: Vendor Choices, User Issues Wednesday, 3:15 pm: Keeping Regulators and Customers Happy with Data Security The data and application security pitches are getting a bit stuffed and should keep you geeks happy. I think this might be my 6th Orlando Symposium, which is a bit frightening. If

Fox News, Information Warfare, and Public Perception

By Rich
Despite living in Boulder Colorado for 16 years I’m neither a hippie nor a conspiracy theorist. I don’t use patchouli oil, wear a beanie, or ingest any mood-altering substances you can’t buy in a grocery store. I don’t think the Masons control our destiny, black helicopters molest cattle, or the NSA monitors all our communications. Oh, really? Okay, but the cattle thing definitely isn’t real. Except maybe in Nebraska, but that’s not the CIA, not that there’s anything wrong with it… Anyway, what I’m saying is that I’m fairly skeptical, if a

How To: Clone a VeriChip

By Rich
For those that don’t know, VeriChips are implantable RFID tags “for people”. That way you can be tagged and tracked like cattle or Gillette razors. Convenient, I guess. Anyway, here’s a great article on the Make blog on cloning VeriChips. So much for using these to separate identical twins. I see this as one of those “good news/bad news” kind of things. The good news is the bad guys don’t have to chop your arm off to steal your identity. The bad news is VeriChips totally blow. Or is that the good news? I’m easily

A Unique Problem with Password Aging

By Rich
This is just too good. A friend who recently moved from the business side to the IT side just reported this. They work at a large hospital. A significant portion of the clinical staff never changed their default passwords, which just happened to be the same as their login. Convenient, eh? Nice to see HIPAA at work. But this is the best part. Someone in IT “made a configuration mistake” and everyone was forced to update their passwords. The help desk has been taking calls all week. Seems most of the users remember their new password, but still can’t

Maynor Pulled from ToorCon

By Rich
Statement from SecureWorks: SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC , that it is appropriate. I’ve been told Maynor is no longer speaking at ToorCon. I’m disappointed, but it’s obvious there’s now something going on with CERT. I stand by my statements that Maynor and Ellch are responsible security researchers that helped advance Mac security. At this point, I don’t have any other comments, this has

Bad Policy vs. Bad Decisions and the Role of Individual Judgement

By Rich
Pete Lindstrom just posted a missive in support of the TSA. Pete makes some good points about the limitations of policy- while you always need hard rules, you also always need exceptions and judgement. In the information security world, we talk about the difference between “policy decision points” and “policy enforcement points” to express the different functions. In most computing environments, the PDP and PEP start off combined in a small set of instances but then get separated as networks grow while some central authority still wants to coordinate security efforts. The good news for security folks is that systems
Page 323 of 327 pages ‹ First  < 321 322 323 324 325 >  Last ›