[SecurityRatty] Lattest Articles

Dreamhost Review Updated

Fri, 04 Jul 2008 13:39:49 +0000

It came to my attention that my Dreamhost review was a bit dated and had wrong information based on changes that Dreamhost has made over the last year. I've updated it to reflect some of Dreamhost's new polices, my experiences and how the discount codes differ from when I last updated it (1/31/2007). I've also have five limited discount codes to give away that grant the following: 2TB disk and 20TB bandwidth, gives $150 off a 5-year signup or $200 off a 10-year signup. Contact me if you want one of my five one time use codes.

This Fourth of July I will be a patriot because to be anything else is unthinkable.

Fri, 04 Jul 2008 12:56:11 +0000

Well said!
There is much wrong in this country, however, we have much to be thankful for because of those who wanted to make this country great and were willing to give their lives to make it so.
Thanks to all of you who make this country worth loving.

clipped from www.cnn.com

What’s patriotism? Definitions differ

Patriotism is loving your country. Patriotism is standing when the national anthem plays. Patriotism is putting your hand on your heart to recite the Pledge of Allegiance.

Some say it is unpatriotic to oppose the war, but hear me out: Say if your kid brings home a bad report card. Are you proud of him? Probably not. But do you still love him? Yes.

Time Bomb Neckties

Fri, 04 Jul 2008 10:18:37 +0000

Not recommended to wear at the airport.

Encrypting Disks

Fri, 04 Jul 2008 09:10:18 +0000

The UK is learning:

The Scottish Ambulance Service confirmed today that a package containing contact information from its Paisley Emergency Medical Dispatch Centre (EMDC) has been lost by the courier, TNT, while in transit to one of its IT suppliers. The portable data disk contained a copy of records of 894,629 calls to the ambulance service's Paisley EMDC since February 2006. It was fully encrypted and password protected and includes the addresses of incidents, some phone numbers and some patient names. Given the security measures and the complex structure of the database it would be extremely difficult to gain access to any meaningful information.

News story here. That's what you want to do. There is no problem if encrypted disks are lost. You can mail them directly to your worst enemy and there's no problem. Well, assuming you've implemented the encryption properly and chosen a good key. This is much better than what the HM Revenue & Customs office did in November. I wrote about disk and laptop encryption previously.

Lithuania: Attacks focused on hosting company

Fri, 04 Jul 2008 09:00:00 +0000

A vulnerability in a Web server contributed to attacks on some 300 Web sites in Lithuania earlier this week, a ...

The Antivirus Industry in 2008

Fri, 04 Jul 2008 07:38:43 +0000

The folks at Ikarus Security Software seem to have enjoyed drinking of the truth serum, to come up with such a realistic retrospective of the antivirus industry for the past 10 years, summarized in a single cartoon. Congrats, keeping it realistic means taking the issues seriously, compared to living in a self-serving twisted reality on their own. There's no such thing as cat and mouse game anymore, since the mouse has gotten bigger than the cat.

Hundreds of Thousands of Laptops Lost at U.S. Airports Annually

Fri, 04 Jul 2008 04:20:38 +0000

This is a weird statistic:

Some of the largest and medium-sized U.S. airports report close to 637,000 laptops lost each year, according to the Ponemon Institute survey released Monday. Laptops are most commonly lost at security checkpoints, according to the survey. Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports, and 65 percent of those laptops are not reclaimed, the survey said. Around 2,000 laptops are recorded lost at the medium-sized airports, and 69 percent are not reclaimed. Travelers seem to lack confidence that they will recover lost laptops. About 77 percent of people surveyed said they had no hope of recovering a lost laptop at the airport, with 16 percent saying they wouldn't do anything if they lost their laptop during business travel. About 53 percent said that laptops contain confidential company information, with 65 percent taking no steps to protect the information.

I don't know how to generalize that to a total number of lost laptops in the U.S.; let's call it 750,000. At $1,000 per laptop -- a very conservative estimate -- that's $750 million in lost laptops annually. Most are lost at security checkpoints, and I'm sure the numbers went up considerably since those checkpoints got more annoying after 9/11. There aren't a lot of real numbers about the costs of increased airport security. We pay in time, in anxiety, in inconvenience. But we also pay in goods. TSA employees steal out of suitcases. And opportunists steal hundreds of millions of dollars of laptops annually.

Data Breach At Benefits Company Affects Google Employees

Fri, 04 Jul 2008 00:53:03 +0000

Google employees hired before 2006 have been warned to watch out for possible attempts to steal their identities. InformationWeek reports that in a letter last month, Google attorney Lewis A. Segall alerted New Hampshire Attorney General Kelly A. Ayotte that computers had been stolen from Colt Express Outsourcing Services, a third-party employee benefits administrator for Google [...]

Links for 2008-07-03 [del.icio.us]

Thu, 03 Jul 2008 20:00:00 +0000

A thin line between blog theft and promotion - another opinion

Thu, 03 Jul 2008 18:24:36 +0000

Rich Mogull has been writing a bit about his disagreement with a the SecurityRatty site posting his content (original posts here and here). These posts have set off a rash of comments and other articles on both sides of this issue. Finally Rich wrote his defining post on this topic here. Rich's position is that he owns his words. Ratty took them without his permission, ads nothing to the conversation or commentary at all and actually hosts the content rather than just linking to it. Now for those who don't know, SecurityRatty is a site allegedly owned and operated by some Russian CISSP dude. Basically, they claim they are an RSS aggregator and they just republish blog posts in their entirety. A couple of things to note though:

1. SecurityRatty does not usually add any content of their own or edit the posts in any way
2. They link back to the blogs or articles which are aggregated
3. They do appear to sell some advertising on the site
4. You can search their aggregated content on their site
5. At least recently they are removing content and feeds from their site if you request it.
6. They did not ask anyones permission that I know of before posting content

OK, now that the groundwork is laid, let me give my Shimel view on this. I disagree with Rich. Hey it is a big world and I think there is room for a dissenting opinion here. The reasons I disagree with Rich are:

1. Though Ratty plainly posts up others content, he does not hold it out as his own. He plainly gives credit to those who actually created the words and in fact links back to their sites.
2. Rich is publishing his data under a creative commons license, I am not sure if the meager ad on Ratty would qualify this as a commercial site.
3. Rich distinguishes what Ratty does from Google and other search engines (who clearly profit from Rich's content) by the fact that they just point to it. Not all together true. They also keep a cached copy of the content that you can go to as well.
4. The fact is that I have a tough time seeing any harm to Rich here. In fact if Ratty were not pointing back to Rich's site, if he did not make it as easy to see that it is just an aggregate feed or if Ratty were adding his own comments and not clearly delineating his from Rich's, I would feel differently. Some of this is directly in contrast to Rich who says that if Ratty did add his own views to Rich's, that would make it right by him.
5. Finally, I would go even further than Rich not being harmed by Ratty. I think Rich actually benefits from Ratty. It is yet another outlet for Rich's content and though not everyone reading it at Ratty may go back to Rich's site, they do know it is him and can go back easily. In fact if Rich did advertise at his site, I could understand him losing hits at his site. Otherwise if Ratty just pointed back, one could say the more hits Ratty generates, it could cost Rich more money. Much like people who link to graphics hosted elsewhere.

So, Rich I see that Ratty has stopped aggregating your content so that should be enough of a victory for you. In the long run though I think it is a Pyrrhic victory and you would have been better off with Ratty publicizing your words.