Man, I love Halloween; it is the ultimate hacker holiday. When else do we have an excuse to build home animatronics, scare the pants off people, and pretend to be someone else (outside of a penetration test)? Last year I built something I called “The Hanging Man” using a microcontroller, some windshield wiper motors, wireless sensors, my (basic) home automation system, and streaming audio. When trick or treaters walked up to the house it would trigger a sensor, black out the front of the house, spotlight a hooded pirate hanging from a gallows, push out some audio of a screaming guy, drop him 15 feet so he was right over the visitors, and then slowly hoist him back up for the next group.
This year Adrian and I were pretty slammed so I not only didn’t build anything new, I barely managed to pull the old stuff out. Heck, both of us have big parties, but due to overlapping travel we can’t even make it to each other’s events. But next year… next year I have plans. Diabolical plans…
It was a relatively quiet week on the security front, with no major disasters or announcements. On the election front we’re already hearing reports of various voting machine failures, and some states are looking at pulling them altogether. Personally, I stick with mail in ballots. This year election day will be a bit surreal since I’ll be in Moscow for a speaking engagement, and likely won’t stay up to see who won (or whose lawyers start attacking first). While I’m in Moscow, Adrian will be speaking on the Information Centric Security Lifecycle in Chicago for the Information Security Magazine/TechTarget Information Security Decisions conference. I’m a bit sad I won’t be up there to see everyone, but it was impossible to turn down a trip to Moscow.
So don’t forget to vote, please don’t hack the vote, and hopefully I won’t be kidnapped by the Russian Mafia next week…
Webcasts, Podcasts, and Conferences:
- The Network Security Podcast, Episode 125. David Mortman joins us to talk about his new gig at Debix and a recent study they released on identity theft and children.
- I posted a pre-release draft of my next Dark Reading column The Security Pro’s Guide to Thriving in a Down Economy up on the Hackers for Charity Informer site. This is a subscription site many of us are supporting with exclusive and early content to help generate funds for HFC. And by posting, I helped feed a child in an underdeveloped country for a month…
Favorite Securosis Posts:
- Rich: The Five Stage of Cloud Computing Grief. Seriously, this cloud stuff is getting over the top.
- Adrian: Seems that the people behind Arizona proposition 200 should be hauled in front of the FTC for misleading advertising; this is the most grotesque example I have seen on a state ballot measure.
Favorite Outside Posts:
- Adrian: The Hoff has been on a roll lately, but the post that caught my attention was his discussion of the security and compliance shell game of avoidance through SaaS and ‘Cloud’ services. I mean, it doesn’t count if my sensitive data is in the cloud, right?
- Rich: Martin asks a simple and profound question. What the hell are you doing with those credit card numbers in the first place?!? (He used nicer words, but you get the point).
- What a shock, there’s a worm taking advantage of last week’s RPC flaw in Microsoft Windows.
- ICANN is going after a fraud-supporting domain name registrar in Estonia. Heck, I think we should go after criminal hosts more often.
- Maryland and Virginia are dropping electronic voting and going back to paper.
- Amrit on the 10th anniversary of the Digital Millennium Copyright Act. The DMCA has done more to stifle our rights than to actually protect content. On the positive side, the DMCA has actually somewhat helped website operators and hosts by offering some protection when they host infringing materials, since they have to respond to takedown notices, but aren’t otherwise penalized.
- A Facebook worm uses Google to get around Facebook security. Most of these sites are a mess because preventing user generated content from abusing other users is a very hard problem. Even when they bother to try.
- More voting machine idiocy. And here. Look folks, it isn’t like we don’t know how to manage these things. Walk into any casino and you’ll see highly secure interactive systems. Can you imagine how much fun Vegas would be if they treated the slots like we treat voting machines?
Blog Comment of the Week:
Dryden on The Five Stages of Cloud Computing Grief:
Denial: We can”t secure the cloud.
Anger: Why the f&*k is my CIO telling me to secure the cloud?
Bargaining: Can you please just tell me how you think we can secure the cloud?Depression: They”re deploying the cloud.Acceptance: We can”t secure the cloud.
Disclaimer: “Cloud” can be replace with virtually (pun intended) any technology.
See you all in 2 weeks…