[SecurityRatty] tag: lawrence

McIrony: An unexpected response from McAfee

Sat, 30 Aug 2008 09:04:00 +0000

Irony: incongruity between what might be expected and what actually occurs.

Right before Black Hat, I put together what I believed was a pretty strong arguement against McAfee Secure - Hacker Safe, at a level heretofore unexplored. I believe it was more damaging than anything I've said to date, and as such, presented potential risk for me. So I ran it by some friends before publishing it. Then a most extraordinary thing happened. I had a long chat with Nate McFeters, who described an awakening he'd recently experienced. He shared with me the belief that a better approach to potentially negative security research might be to try to create a positive outcome, and worry less about press cycles or exposure, the 15 minutes of fame if you will. He pointed to people like Mark Dowd as an example of people who conduct crushingly good research, and steer clear of the petty, ego driven bulls**t.
There I sat, repose like the thinking man, frozen for minutes. "Nate", I said, "I think you're right."
What do I aspire to as an information security professional; more readership or street cred than the next guy, or the respect of my peers for contributing to the greater good? Attention, press cycles, 15 minutes...it all has its allure, trust me on this.
But at the end of the day, I really do want to contribute to the greater good.
So I did something different. I sent my findings to McAfee and offered them an opportunity to respond, rather than publish first, ask questions later.
Here's the real kicker.
They responded.
I had a three hour lunch this past Thursday with two gentlemen from McAfee, who flew up from the Bay Area to Seattle to have a face to face with me. This, all by itself, speaks volumes to me. In addition to meeting with Kirk Lawrence, the new Director of Product Management for McAfee Secure, there I sat with, of all people, Joe Pierini, the very guy who has suffered more than his share of abuse, up to and including the Pwnie. As I have been a direct contributor and participant in heckling Joe, you can imagine our meeting could have been uncomfortable. It was not.
I have had expectations of McAfee and Scan Alert that to date have not been met, or my (your) perception has been that they have not been met.
This meeting was designed as an opportunity to voice some of these expectations, and see if McAfee, in turn, believed there was any merit to them.
Surprisingly, at least as spoken, we weren't all that far apart.
While, as a naive idealist, I believe that security should come before conversions, I am also grounded enough of a realize that the most attainable goal can be a marriage of both. This premise frames my expectations of McAfee.
Can they not be more of a "thought leader" for all the Ma & Pa websites who rely on McAfee Secure, first for a higher conversion rate, then security?
Can they not hold merchants to a higher standard, without alienating them and losing business?
Can they not embrace the security research community in a fashion that McAfee, the security community, the merchants, and consumers can all benefit from?
Can they not be more transparent in their approach, providing more details and feedback about their methods, their findings, and their vision?
I know McAfee Secure - Hacker Safe scans can find vulnerabilities.
I know they report the vulnerabilities to merchants.
What happens thereafter is where things begin to break down.
Can the scan engine be improved to find more vulns? Sure. That's really not that big a deal; technology can always be improved.
But, regarding holding merchants to a higher standard; therein is the whole point of this debate.
Anyone can throw a badge on a site.
But what happens when the site proves vulnerable is the key. I'll be candid here: I don't give a damn about the merchant at that point; it's the consumer who is at risk and needs something better from McAfee and their peers.
So, here begins a different approach. I know that making changes at a company the size of McAfee can be likened to the three miles it takes to turn around an aircraft carrier. I'm willing to work with them, and allow for a positive outcome.
I have been told that, in two or three weeks, we can expect a published standard, that clearly defines exactly what the McAfee Secure product offering adheres to, inclusive of their expectations for merchant remediation timelines, potential badge downgrades for unresolved vulnerabilities, and hopefully even a more clear stance on XSS.
I have been told that I will have the opportunity to discuss this standard, and invite feedback. Any standard is better than no standard.
I have also been told that this is just the beginning of changes that will lead to more of what I have hoped for in my expectations, over the next 6 months or so.
I am hopeful that we can take McAfee at their word, and even if slowly, see a positive outcome.

del.icio.us | digg

TV news anchor admits to hacking, leaking colleague's e-mail

Fri, 22 Aug 2008 09:00:00 +0000

Philadelphia TV news anchor Lawrence Mendte pleaded guilty to to one count of accessing a protected computer that involved breaking into his co-anchor's e-mail accounts more than 500 times.

Fake Porn Sites Serving Malware - Part Two

Mon, 07 Jul 2008 23:24:00 +0000

What we've go here is the same malware gang using the very same malicious ISP among the ones you rarely see in any report, continuing to crunch out domain redirectors using the same templates for fake porn sites. And since some of the fake sites are actual redirectors, periodically revisting them leads to more fake codecs and even more actionable intelligence into the nature of their practices, and which are the ISPs proving them with hosting services for several consecutive years.

The main redirector in this campaign popular-adult.com is also responding to :

basic-adult .com
business-adult .com
center-adult .com
comp-adult .com
compadult .com
controladult .com
cruiseporn .com
drive-adult .com
ebony-adult-video .com

ebony-pornmovie .com

ebony-video-xxx .com
engine-adult .com
fat-adult-video .com
fat-pornmovie .com
fat-video-xxx .com
global-adult .com
inc-adult .com
name-adult .com
nameadult .com
other-adult .com
partadult .com
pleasureadult .com
porn-abc .com
porn-contact .com
porn-global .net
porn-go .net
porn-group .net
porn-party .net
porn-play .net
porn-plus .net
porn-power .net
porn-room .net
pornabout .com
porndrive .net
pornhelp .net
pornname .net
pornstar-adult-video .com
pornstar-pornmovie .com
pornstar-video-xxx .com
room-adult .com
scan-adult .com
seek-adult .com
u-adult .com

The secondary redirectors going out of popular-adult.com :

pornname .net/ted/382634557/1/
porn-abc .com/ike/1666520193/1/
pornhelp .net/dense/876421348/1/
porn-play .net/cristina/1970565499/1/
porn-global .net/percival/330780624/1/
porn-contact .com/cisse/854714304/1/
porn-play .net/honora/888715608/1/
pornname .net/deidre/1964468519/1/
pornhelp .net/pip/1977382266/1/
porndrive .net/shelton/767217618/1/
pornhelp .net/mat/354381578/1/
pornabout .com/tobe/1436617289/1/
porn-go .net/samson/7633197/1/
porn-contact .com/teresa/409084583/1/
porn-party .net/basil/1305549820/1/
porn-contact .com/ed/1067772053/1/
porn-contact .com/frish/1287341391/1/
pornname .net/mariah/53967973/1/
pornname .net/jacobus/291129748/1/
porn-plus .net/beverly/2122167311/1/
porn-party .net/lulu/917088357/1/
pornabout .com/boetius/1991451664/1/
cruiseporn .com/padde/1296397392/1/
porn-power .net/arch/334137732/1/
cruiseporn .com/meta/377489795/1/
porn-room .net/lynette/1518855371/1/
porn-play .net/link/1975737157/1/
hporn-global .net/vin/1241430020/1/
porndrive .net/dunk/1245242641/1/
porn-go .net/louisa/1685718172/1/
pornhelp .net/dunk/1859215260/1/
porn-contact .com/celia/1805798677/1/
porn-play .net/anabelle/987641695/1/
porn-room .net/rille/815076192/1/
pornabout.com/hodge/1040019816/1/
porn-abc .com/claes/1130748100/1/
pornabout .com/frederick/1987458246/1/
porn-go .net/fredde/1153431432/1/
porn-party .net/felicity/705720374/1/
porndrive .net/ginne/1183690031/1/
porn-group .net/kimberle/706468800/1/
porn-room .net/helen/565953612/1/
porn-party .net/arche/1387111363/1/
porn-contact .com/kingston/232354071/1/
pornhelp .net/mima/1024064014/1/
porn-power .net/gretchen/152347961/1/
porn-contact .com/ophelia/840853119/1/
porn-play .net/eleanor/88926029/1/
porn-power .net/bella/1712681771/1/
porn-global .net/melchizedek/1823498218/1/
pornabout .com/gabbe/1478560492/1/
porn-party .net/obedience/1540587230/1/
porndrive .net/rod/1177331120/1/
porn-play .net/gee/1314369182/1/
pornname .net/phineas/975226015/1/
porn-global .net/reynold/131075998/1/
porndrive .net/bat/1542809624/1/
porn-global .net/hans/400396810/1/
porn-contact .com/mock/1738069316/1/
porn-plus .net/tryphosia/354085313/1/
porn-room .net/bazaleel/1417267786/1/
porn-contact .com/joyce/353938308/1/
porn-power .net/laine/780004499/1/
pornhelp .net/mille/988856007/1/
cruiseporn .com/dare/258399427/1/
porn-global .net/nat/2039108680/1/
pornname .net/eudora/2132399934/1/
porn-go .net/ana/277211595/1/
pornhelp .net/auge/1990287956/1/
porn-contact .com/danial/1195423348/1/
porn-abc .com/teresa/1787982397/1/
porn-go .net/lawrence/1575543567/1/
porn-go .net/sherre/1066718744/1/
porn-contact .com/jack/657185819/1/
porn-abc .com/manda/216390544/1/
porn-party .net/chuck/1533427157/1/
porndrive .net/lucille/215841052/1/
cruiseporn .com/rodney/1024994863/1/
pornname .net/sheldon/669324635/1/
porn-global .net/janet/1677642355/1/
porn-global .net/basil/635902337/1/
porn-party .net/adela/980553444/1/
cruiseporn .com/charles/2038221862/1/
pornabout .com/sid/644600064/1/
porn-abc .com/eloise/1882289515/1/
porndrive .net/bryant/724023427/1/
porn-party .net/bonne/305120344/1/
porn-play .net/susan/826151266/1/
porn-room .net/sheila/439221958/1/
porn-go .net/valere/1498454342/1/
porn-contact .com/asenath/1036530205/1/
porn-plus .net/marcus/51947065/1/
porn-party .net/bridgit/518065759/1/
porn-plus.net/shawn/1427002427/1/
cruiseporn.com/alicia/1252994155/1/
porn-abc.com/arminda/975985679/1/
porn-party.net/lionel/929052416/1/
porn-contact .com/ande/1755833202/1/
porn-power .net/cyrus/732691977/1/
aboutadultsex .com/heloise/1008109638/1/
adultzoneworld .com/barne/506956701/1/
superporncity .com/roberta/1239682918/1/
pornhelp .net/eurydice/1944564451/1/
theadultpost .com/volodia/543769984/1/
porn-play .net/bird/760635633/1/
coolbestporn .com/bradford/578099145/1/
porn-plus .net/delilah/465854735/1/
porn-power .net/pheney/698426424/1/
porn-party .net/cristina/940229631/1/
porn-party .net/justin/1913395886/1/
porn-contact .com/lotte/1794233444/1/
porn-party .net/nowell/850070721/1/
worldbestadult .com/parthenia/1858633626/1/
funpornsite .com/patience/188018581/1/
adultsexpro .com/isse/1981168802/1/
adultsexpro .com/isabelle/683364151/1/
porndrive .net/erne/906935790/1/
porn-power .net/delpha/178727494/1/
porn-plus .net/chesley/1261676752/1/
porn-plus .net/selina/11889629/1/
porntimeguide .com/arnold/1555784224/1/
aboutadultsex .com/doug/1975246767/1/
porn-global .net/clum/1615653087/1/
funxxxporn .com/kym/739810260/1/
porn-plus .net/roxane/2022633909/1/
worldbestadult .com/vicke/955775101/1/
porn-play .net/jane/1396714471/1/
pornname .net/nicole/1695768032/1/
adultvideodot .com/bela/96070992/1/
porn-room .net/carre/1310194786/1/
adultsexpro .com/azubah/141802741/1/
theadulteye .com/pheney/1077328499/1/
porn-party .net/chick/1522449297/1/
aboutadultsex .com/elbert/1300176621/1/
findadultsex .com/lorre/2057361400/1/
teenporntop .com/aristotle/901956477/1/
coolbestporn .com/bartel/94175118/1/
porn-plus .net/deanne/70540201/1/
coolbestporn .com/appe/1679745028/1/
findadultsex .com/asaph/1439353641/1/
pornxxxfilm .com/tone/904077420/1/
funxxxporn .com/india/476477713/1/
adultvideodot .com/ed/879863981/1/
bestpriceporn .com/babbe/1457040435/1/
superliveporn .com/russell/56570486/1/

More fake porn video sites using similar site templates, and using the same redirection infrastructure :

porntubev20 .com
clearpornurlssite .com
mypornmovies .net
getyourfreemovie .com
tubescollection .com
free-best-porn .com/videos/
pornmovieshare .com
clipslab .com
mybestvideosite .com
avwav .com

The fake codecs download locations in this campaign :

aviutility .com
18x-adult2008 .com
2008x-adult-2008 .com
best-codec .com
hq-codec .net
mpegsystem .com
bestsoft-ware08 .com

The registrant and hosting provider :

Cernel Inc, Legal Department (support@cernel.net)
23404 W. Lyons Ave #223, Santa Clarita, Ca,91321
US, Tel. +1.6613470577

Historically, the same gang has been using the same hosting provider for many other fake codecs, which remain parked on the same netblock in a standby mode :

Fire-ticket .com - 64.28.184.162
Fire-codec .com - 64.28.184.163
Light-ticket .com - 64.28.184.163
Braketicket .com - 64.28.184.164
Mooncodec .net - 64.28.184.164
Light-codec .com - 64.28.184.165
Turbo-ticket .com - 64.28.184.165
Space-codec .com - 64.28.184.166
Ultra-ticket .com - 64.28.184.166
Brakecodec .com - 64.28.184.167
Demo-ticket .com - 64.28.184.167
Demoticket .net - 64.28.184.168
Hq-ticket .com - 64.28.184.168
Turbo-codec .com - 64.28.184.168
Hqticket .com - 64.28.184.169
End-ticket .com - 64.28.184.169
Nitro-codec .com - 64.28.184.169
Hqticket .net - 64.28.184.170
Clean-ticket .com - 64.28.184.170
Red-codec .com - 64.28.184.170
Black-codec .com - 64.28.184.171
Viva-ticket .com - 64.28.184.171
Niceticket .net - 64.28.184.171
Endticket .com - 64.28.184.172
Ultra-codec .com - 64.28.184.172
Wot-ticket .com - 64.28.184.172
Mega-codec .net - 64.28.184.173
Storm-ticket .com - 64.28.184.173
Megaz-ticket .com - 64.28.184.174
Vipcodec .net - 64.28.184.174
Democodec .net - 64.28.184.175
Giga-ticket .com - 64.28.184.175
Demo-codec .net - 64.28.184.176
Uin-ticket .com - 64.28.184.176
Hopeticket .com - 64.28.184.177
Hq-codec .net - 64.28.184.177
Best-codec .com - 64.28.184.178
Hope-ticket .com - 64.28.184.178
Endcodec .net - 64.28.184.179
Zero-ticket .com - 64.28.184.179
End-codec .net - 64.28.184.180
Pop-ticket .com - 64.28.184.180
Cleancodec .net - 64.28.184.181
Yupticket .com - 64.28.184.181

The deeper you go the more interesting it gets, malware command and controls located on the same network, fake banks, money mule recruitment sites, pharmaceutical scams and spam hosting - they or their customers if they are to forward the responsibility are definitely multitasking.

Related posts:
Fake Porn Sites Serving Malware
Underground Multitasking in Action
Fake Celebrity Video Sites Serving Malware
Blackhat SEO Redirects to Malware and Rogue Software
Malicious Doorways Redirecting to Malware
A Portfolio of Fake Video Codecs

Eco-Efficient Datacenters: Wheres the Money?

Tue, 10 Jun 2008 11:00:25 +0000

Global warming does not seem to have reached the UK yet this summer judging by my week here, but it has definitely been climbing the IT service provider’s agenda, to the point where The Web Hosting Industry Review dedicated their May edition to the subject (everybody needs their “green edition”).

Actually one of the most entertaining panel discussions at the Hosting Transformation Summit in London this week was titled Eco-Efficient Datacenters: Where’s the Money? Panel members included Jeff Lowenberg (The Planet), Michael Winterson (Equinix), Lex Coors (InterXion BV) and Tony Day (APC). The panel was moderated by Andy Lawrence at the 451 Group.

Judging by the debate, the European hosting companies have a fight on their hands keeping the politicians out of the datacenter. With green issues being even higher on the political agenda than in North America, and the vast energy requirements of modern data centers becoming more widely known, there are some legislators and “Eurocrats” sniffing an opportunity to add to the hoster’s power headaches. Never mind the fact that escalating power hosts are incentive enough for these companies to be as efficient as possible.

The panel discussion ranged widely between big picture green issues, and the technical challenges of retrofitting older data centers to be less power hungry. There are many incremental improvements to be had, but Tony Day pointed out that the biggest and most immediate savings are to be had simply by running our data centers hotter.

The American Society of Heating, Refrigeration and Air-Conditioning Engineers say data centers can operate at 77F. Most modern rack-mounted computers can run happily a long way higher than that, and yet most data centers are cooled to the high sixties (many of our customers now use EM7 to trend the environmental fluctuations across their data centers using environmental probes as well as readings from the servers themselves).

For the hosting companies this is a matter of educating their customers, so that raising the data center temperatures is seen as a welcome green move rather than a lowering of quality of service.

ShareThis

Blogtard or Hero ?

Tue, 27 May 2008 11:30:53 +0000

In a recent The Register article, the firing of a TJX employee who blogged about security deficiencies was noted…

TJX Companies, the mammoth US retailer whose substandard security led to the world’s biggest credit card heist, has fired an employee after he left posts in an online forum that made disturbing claims about security practices at the store where he worked.

Security was so lax at the TJ Maxx outlet located in Lawrence, Kansas, that employees were able to log onto company servers using blank passwords, the fired employee, Nick Benson, told The Register. This policy was in effect as recently as May 8, more than 18 months after company officials learned a massive network breach had leaked the details of more than 94 million customer credit cards. Benson said he was fired on Wednesday after managers said he disclosed confidential company information online.

Other security issues included a store server that was running in administrator mode, making it far more susceptible to attackers. He said he brought the security issues to the attention of a district loss prevention manager name Allen in late 2006, and repeatedly discussed them with store managers. Except for a stretch when IT managers temporarily tightened password policies, the problems went unfixed.

So happy shiny Liquidmatrix Security Digest readership…

Is he a Blogtard or a Hero?

… and do you have a published, communicated, and monitored employee policy on blogging about your company?

Tags: TJX, Blogtard, Whistleblower, Internet Asshattery

700,000 records on stolen CCB server

Tue, 22 Apr 2008 10:57:38 +0000

Technorati Tag: Security Breach

Date Reported:
4/18/08

Organization:
Numerous*

*See Commentary section for list of businesses

Contractor/Consultant/Branch:
Central Collection Bureau ("CCB")

Victims:
Individuals who were referred to CCB for debt collection purposes by Indiana businesses, on or before March 20, 2008

Number Affected:
~700,000

Types of Data:
"personal information, including names, contact information, Social Security numbers, dates of birth, dates of service, and medical procedure codes"

Breach Description:
"Indiana residents are hereby alerted to a security breach at Central Collection Bureau (CCB, located at 7510 South Madison Avenue, Indianapolis, Indiana. This breach potentially exposed the personal information, including names, contact information, Social Security numbers, dates of birth, dates of service, and medical procedure codes."

Reference URL:
Central Collection Bureau
Chicago Sun-Times (Associated Press)
NBC Channel 13 Eyewitness News

Report Credit:
Central Collection Bureau

Response:
From the online sources cited above:

SECURITY BREACH NOTIFICATION ALERT:
CENTRAL COLLECTION BUREAU
Dated April 18, 2008

Indiana residents are hereby alerted to a security breach at Central Collection Bureau (CCB, located at 7510 South Madison Avenue, Indianapolis, Indiana.

This breach potentially exposed the personal information, including names, contact information, Social Security numbers, dates of birth, dates of service, and medical procedure codes.

These individuals were referred to CCB for debt collection purposes by Indiana businesses, on or before March 20, 2008

Approximately 700,000 files may have been breached.

The businesses that engaged CCB for debt collection during that period of time are listed below.

Please note that only a very small percentage of the individuals who were patients or customers of the businesses below—i.e., those who ultimately were referred for debt collection—would have their personal information included in the CCB database.

Some of the information might be outdated. St. Vincent Health System said it had not given any billing business to Central Collection in more than three years, so all of the missing billing information is several years old.
[Evan] This was a question that my colleagues and I were debating about this breach. 700,000 records seems like an awful lot of "active" collection accounts. CCB would need quite a few collection agents to service this many accounts, if in fact they were all active. I think we can assume that only a fraction of the 700,000 records were actually "active" and CCB did not effectively destroy information that they no longer needed to keep.

Other patients and customers of those companies are not affected by this breach.

The theft occurred on Friday, March 21, 2008, at CCB's location in Indianapolis.

On that date, thieves broke into the company's offices and stole 8 computers, as well as one of its servers (databases).

The server was password protected and protected by three locked doors. The 8 computers did not contain personal information.

The information was protected by two passwords but was not encrypted, Klene said.

"Our server was password protected. We have obviously spoken to some IT people who feel that a good computer hacker could get through those passwords," he said.
[Evan] It doesn't even take a "good computer hacker" to get through the passwords.

CCB promptly contacted the police and is working with the Indiana Attorney General's office.

The company also promptly installed additional locks, a security system, and a motion detection system to help minimize the risk of any further unauthorized access to its information.
[Evan] These will help with physical security. Full-disk encryption and a effective data retention policy wouldn't hurt for logical security, eh? Us information security guys would refer to multiple defensive layers as "defense in depth". Brilliant!

CCB apologizes to its clients and all Indiana residents affected by this incident.

"We're obviously heartsick about this," said Chet Klene, Central Collection Bureau president. "We've been in business since 1972, and nothing like this has ever happened before."
[Evan] I don't doubt that CCB is "heartsick" by this incident. I feel bad for them and the fact that they probably did not know any better. Maybe this is partly a failure on the part of the information security profession as a whole.

While the company has no information suggesting that the breach occurred for purposes of identity theft, it nevertheless has contacted the three national credit bureaus to place a fraud alert.

Please go to the CCB website at www.ccbinc.net, call CCB at 317-887-5165 or 1-800-878-5165 or email CCB at theft@ccbinc.net for more information

Commentary:
Clients of CCB with information on the stolen server include:

Academy Animal Hospital, Advanced Interventional Pain, Advanced Physical Therapy, Alternative Care Experience, Anderson General Surgery, Andrew Dick MD, Anesthesia, Aqua Systems, Associated Billing, "Barbara Sturm, MD", Brad Sammons DDS, Brien Grow DO, Buchanan Counseling Services, Campion Barrow & Assoc., Cardiothoracis Surgeons, Cardiovascular Diagnostic Services, Carl Foster MD, Caryn Guba DDS, Center For Orthopaedic Surgery, Central Indiana Phys Medicine & Rehab, Charles Howe Professional Medical Corp, Charles Kelley III DPM, Charles Kerkhove Jr DDS, Charles Tomich DDS, Chiropractic Thereputics, Citizens Gas & Coke, City of Franklin Ambulance, Clarian Radiology, Clinical Laboratory Physicians, Comdent, Comprecare, Culligan Water Conditioning, Cummins Behavioral Health System, D.E. Kelley DDS, Daniel Feeny MD, David Pennington III MD, David Shaw MD, David Szentes MD, Denture By Design, Dermatopathology Lab, Diagnostic Medicine, Dunlap Urgent Care, Edward J Diekhoff MD, Emily Cline MD, Emergency Medical Group Physicians, Forest Creek Family Dental, Friendly Village of Indy, Gary Hunt DDS, Gary Taylor DDS, Generations In Dentistry, George Small Jr MD, Gial Anesthesiology Service, Grandmas House Child Care, Greg Hardin MD, Hamilton Anesthesia Group, Hearing Center, Henderson Drugs & Home Health, House of Kids, Howard Alig MD, Howard Regional Health System, Indiana Radiology Partners, Indiana Spine Group, Indiana General Surgery, Indiana Medical Network, Indpls Neurosurgical Group, Internal Medicine Plus, JCB Anesthesia & Pain Mgt, Jeffrey Stevens DPM, Jennifer Siegel DDS, JMH Health Affiliates, John Jackson DC, John Norris MD, Johnson Co Anesthesia, Johnson County REMC, Johnson Memorial Hospital, Joseph Meek DDS, Julie Chao MD, Kenny Stall MD, Kerry Mays MD, Kevin Macadaeg MD, Khalil Wakim MD, Kidd Pediatrics, Knowledge Learning Corp, Koehring & Sons, Kokomo Sports Center, Larry Buckel MD, Laura Steiner MD, Laura Stitle MD, Laurette Robey MD, Laverne Tubergen MD, Lawrence Falender DDS, Library Park Immediate Care, Lora Overton DO, Madison Anesthesia Group, Madison Avenue Flower Shop, Mark Ellis DDS, Mark Kahn DDS, Mark Ogle MD, Mark Yamanaka MD, Martinsville Dental Center, Memory Maker Studios, Mere Image Sportswear, Meridian Veterinary Clinic, Methodist Arthritis Physicians, Methodist Medical Group, Michael Arnold DDS, Michael Cozzi MD, Michael Harper, Midamerica Surgery Center, Milto Cleaners, Mitchell Foster MD, Muncie Cataract & Laser Center, Nancy Zinni MD, Northside Surgical Specialists, Northside Anesthesia Services, Northwest Medical Pain Control, Nufinity, Orthopaedic Supplies Inc., Panchapakesan Harlan MD, Paul Batties MD, Paul Johnson DDS, Paul Johnson DDS, Paul Strange MD, Philip Borders MD, Pioneer Anesthesia Consultanta, PT Buntin MD, R.D. McQuiston MD, Rebecca De La Rosa DDS, Richard Herd Jr DDS, Rick Stephens Builder, Riley Bennett & Egloff LLP, Robert Smith MD, Robert's Salon & Day Spa, Ronald Wines DDS, RW Armstrong, Sandhya Nanda MD, Sarah Akard DDS, Scot Hagadorn MD, South Emerson Anesthesia Assoc., South Emerson Pain Management, South Emerson Surgery Center, Southeast Family Physicians, Southside Animal Hospital, Southside Family Medical Group, Southside Pediatrics, St. Vincent Health and related entities, Stephen Stitle MD, Stephen Szynal DO, Stonehedge Apartments, Stop 11 Animal Hospital, Sun Medical, Surgical Associates of Madison Co, Susan Wagner DDS, Thomas Eads MD, Thomas Ferrara MD, Tim Schafer DDS, University Family Physicians, University Pediatric Associates, University Surgeons, USF Inc, Valle Vista Guidance Center, Valle Vista Hospital, Walker Family Dentistry, Wells & Marvel PC

Past Breaches:
Unknown

If NAC is an Easter egg hunt, is Cisco the bunny?

Thu, 21 Feb 2008 19:10:54 +0000

Good article by Neil Roiter from Information Security Magazine on NAC moving ahead as the hype subsides. For a change from other articles we have read recently, Neil gives a true to life, no holds barred assessment of where NAC is in the market. I think some of the comments from Lawrence Orans over at Gartner are right on. However, one he misses is in talking about the Cisco-Microsoft NAC partnership. I think the TCG-Microsoft partnership has replaced that one and Cisco is going to join that party through the NEA.

For me though the quote of the article was this one by Brendan O'Connell, Cisco's product line manager for NAC, "NAC is an Easter egg hunt. Policy lives in a lot of different places .." So does that make Cisco the NAC Easter Bunny? Seriously, policy does live in a lot of different places. I think eventually the answer lies in marrying network based admission control policies with endpoint based configuration policies. This is an area that is ripe for interaction and integration. I also think that Symantec talking about customers want a NAC solution, but not another console or another agent was a bit ironic. Just because you lump your agents together doesn't mean you have not added yet more overhead to the equation. Anyone who has used Symantecs new Endpoint Security with all of the mods turned on can talk to you about overhead and resource use. Whether the agent is separate or not, it is what the overhead is that counts.

In any event, though Neil did not mention StillSecure (tsk, tsk) I thought this article was right on, that despite the naysayers and the inflated hype, NAC is being adopted in the market. It is maturing and most of all it is providing value to customers.

If NAC is an Easter egg hunt, is Cisco the bunny?

Thu, 21 Feb 2008 18:34:17 +0000

Lessig considers running for Congress

Wed, 20 Feb 2008 11:00:00 +0000

An online movement to draft Lawrence Lessig to take up the Congressional seat of the late Tom Lantos may yet bear fruit, as the noted cyberlaw author and civil-liberties advocate announced Wednesday that he'll consider a run for the seat.