[SecurityRatty] tag: all-in-one

Mafiaboy grows up; a hacker seeks redemption

Mon, 13 Oct 2008 00:00:00 +0000

Notorious for knocking offline sites such as Yahoo, Amazaon, Dell and CNN at the age of 15, hacker has served his time and is working as a legitimate security consultant while publicizing a tell-all book about his exploits.

Presenting from SANS Webcast on Logging , Security and Virtualization

Thu, 09 Oct 2008 10:08:00 +0000

I am sharing another presentation that I did earlier this year at this SANS webcast "Security is Not Virtual". Enjoy! If you would like to see all slides, not just my part AND voice, then go to SANS site.

Trick or Treat

Wed, 08 Oct 2008 20:00:00 +0000

October's here, and you can't escape the coming onslaught of Halloween. Children (and quite a few adults) dressed up as vampires, ghosts, goblins and other scary creatures, going around asking people for treats and threatening them with tricks if they don't provide them. A cynical person might boil it down to a a combination of scare tactics and extortion. So what does this have to do with IT security and compliance? Unfortunately, the way security and compliance professionals have traditonally gone about obtaining funds and resources for tools and projects necessary to do their jobs all too closely parallels what happens on Halloween. We frequently use scare tactics such as new threats (the trick) to get management to cough up the funding and resources (the treats) we need to accomplish what we view as our jobs...

University sets up a campus warning network for free

Mon, 06 Oct 2008 20:00:00 +0000

Elon University needed to come up with a campus-wide emergency notification system that integrated with all the possible warning-delivery systems already installed on campus, and managed to pull it off for free.

Goliath Beats Davids for Pentagon Power Prize

Mon, 06 Oct 2008 15:25:00 +0000

The Pentagon set up a million-dollar prize to get entrepreneurs and tinkerers to come up with radically new ways to supply power to the all those gadgets a soldier has to lug around. But the winner, the Pentagon declared today, is as traditional as it comes: DuPont, the chemical giant -- and military supplier, since 1802.

A Few Fun Bits, While I Am Preparing for My Speech at SANS

Fri, 03 Oct 2008 08:04:00 +0000

A few more things, that qualify as fun reads, with - hopefully just as fun! - comments.

Love, love, love this piece :-) Remember the "robotic gun rampage" stories from last year? How does this sound: "The gun can track 360 degress, but there is a software-driven safety zone that makes sure rounds don't blow the rotors off. If the Osprey has to maneuver away from the target and the crew chief can't hold the gun on the bad guys manually, the system slaves the gun to the point of the last shot, slewing it as the plane moves." (watch the fun video there too)
"Security idiot" meme lives on - go here. BTW, the post is a follow-up to this
A fun follow-up to my post on compliance approaches titled Is PCI DSS "Too Prescriptive"?
Finally, my fave post: "Increase Your Logging." I am sooooo happy that logging evangelism is spreading far and wide! A quote from the paper: ”Logs are interesting, logs are fun, logs should be done by EVERYONE…..get to logging!!!” (I promise that specific case was not my quote, even though I do say that very thing all the time!)

Enjoy! Time for me to run and do my preso ... about logs of course!

Money meltdown, Ozzie's cloud, security worries

Thu, 02 Oct 2008 20:00:00 +0000

At least those of us who are fans of professional baseball have the playoffs to take our minds off the grim news this week (at least that's the case for fans of the teams that are winning). The U.S. financial system meltdown smacked world markets and set off a whole lot of worry, which tended to overshadow all the other news.

IBM vets ID management, access control technologies on own systems

Wed, 01 Oct 2008 20:00:00 +0000

Rather than selling only stand-alone security tools, IBM is working to embed antivirus, firewall and other security features into all of its software products, software chief Steve Mills says.

Dedicated to All PMs Out There

Wed, 01 Oct 2008 10:54:00 +0000

A must read on product management... funny as life :-)

"You Might be a PM if…

· … someone asks about your weekend plans and your answer consists of a list of Pri ones, twos, and threes.

· … you’ve ever ended a relationship using a PowerPoint presentation."

(more)

Really Good Point From Schneier ...

Wed, 01 Oct 2008 10:36:00 +0000

Read all here; the key point is: "The same is true for knitting needles [...] and whatever else the airport screeners are confiscating this week. If there's no consequence to getting caught with it, then confiscating it only hurts innocent people. At best, it mildly annoys the terrorists.

To fix this, airport security has to make a choice. If something is dangerous, treat it as dangerous and treat anyone who tries to bring it on as potentially dangerous. If it's not dangerous, then stop trying to keep it off airplanes. Trying to have it both ways just distracts the screeners from actually making us safer."

Doesn't it just make sense?!