In a brief analysis/link to my privacy post Mike Rothman states we have a right to privacy in the Constitution, but the problem is enforcement. Thing is, I’m not sure the Constitution explicitly provides for any right to privacy. I’m not a Constitutional lawyer, but I’m going to toss this one to the comments. Anyone know for sure? And if we don’t have that right, what are the implications for society in a digital age? Without explicit constitutional protection lawmakers have incredible amounts of wiggle room to legislate away our privacy on any whim, perhaps
Amrit Williams is a coworker over at Gartner and he’s obsessed with cowbell and security tools that go to 11. Let’s just say this post isn’t the first time he’s brought it up. Seriously, Amrit is a great analyst and welcome addition to the security blogging world. Unlike many of us he worked his way through the trenches of the vendor world, including stints at McAfee and NCircle. And, in this case, he’s right. A dirty secret of security is that if you do your job too well, people stop buying new product. Remember when AV
I swear, every time I think this thing is dead, its pale desiccated hand reaches from the grave, grabbing at our innocent ankles. Lynn Fox at Apple responded to some very direct questions from George Ou at ZDNet. At this point I’m surprised Apple is letting this drag on; all it does is bring the black spotlight of security on them which, as Microsoft and Oracle will attest to, isn’t necessarily a good thing. Fox’s response seems risky unless she is absolutely certain Maynor and Ellch have nothing, and are basically, you know, suicidal. That doesn’t
If someone ever tells you something like the following: “We defend against all zero day attacks using a holistic solution that integrates the end-to-end synergies in security infrastructure with no false positives.” Run away.
I hate to admit it, but someone will probably hack this site at some point. And they may even use it to hack your computer. And there’s not a darn thing I can do about it. Security, and hacking, are kind of trendy. Both the good guys and the bad guys have a habit of focusing on certain attacks and defenses based on what’s “hot”. We’re kind of the fashion whores of the IT world. I mean I just can’t believe Johnny calls himself a 1337 hax0r for finding a buffer overflow in RPC. I mean
An article just posted by the New York Times reveals that the latest National Intelligence Estimate on terrorism concludes that our involvement in Iraq has increased the global terror threat. Most of the time I make fun of security pundits that think because they stopped a few hackers they’re qualified to discuss issues of national security, but this time I just can’t help myself. I’ve become what I loathe. Edited- I take that back, and the rest of the post. There are people losing their lives over this; I deleted my initial comments. Just go read the
In a post titled “Access of Access + Audit” Dr. Anton Chuvakin discusses the importance of logging, well pretty much everything. When it comes to working in the enterprise environment I tend to agree- audit logs are some of the most useful security, troubleshooting, and performance management tools we have. Back when I was operational I had two kinds of bad log days- those hair pulling, neurotic-in-a-here’s-johnny-way days spent combing, manually, through massive logs, and (even worse) those really I’m-so-screwed days where we didn’t have the logs at all. Since, thanks to better search and analysis tools, those
There’s a lot going on in the world of Digital Rights Management (DRM) these days and I realized not everyone understands exactly what DRM is, how it works, and what the implications are. This has popped up a few times recently among friends and family as (being the alpha geek) I’ve been asked to explain why certain music or movie files don’t work on various players. Before digging into some of the security issues around DRM I thought it would be good to post a (relatively) brief overview. I’ll be honest – as objective as I try
So Apple issued an update for the Mac wireless drivers to prevent a buffer overflow, but denies SecureWorks provided them anything useful. Right. We believe you. Got it. You “just happened” to discover exactly the kind of vulnerability that Maynor and Ellch demoed, but they were evil, uncooperative bad guys for hinting they might be there. Considering SecureWorks works responsibly with all sorts of other vendors in the market I suspect the anger may be a tad misplaced. Come on Apple; all software has vulnerabilities. It’s time to stop putting PR in charge of vulnerability management. To quote the
New IE Flaw Exploited on Porn Sites Now we did warn you, and I quote: Especially if you go to “those” sites. Yes, you. Stop pretending you don’t know what I’m talking about. For the record “those sites” are porn and gambling. So you poker addicts are next. And you file sharers- don’t start thinking you’re all safe or something. Those torrent trackers are web pages you know. Of course Disney World fingerprints everyone these days, so maybe they’ll pick this up.