What’s really great about having a diverse skill set, is that I can jump from one specialty within Information Technology to another rather easily. Switching gears is easy, I just need to roll up my sleeves and dive right in. All I need are some good books, some resources that I can tap into when I need some help and I’m good to go. I’ve been operating like this for over 20 years, so new challenges are always welcomed.
My roots are in application development and it is still the number one thing I enjoy doing in this field more than anything else – including computer security. When I can develop network security apps, it’s icing on the cake. I can write apps eight hours a day, seven days a week at work, and then go home and write apps and develop Web sites for fun. It’s just something that’s in my blood.
I’ve decided to take a break from all of this security stuff and devote my spare time to developing free and pay applications for Android – at least for the next few months. As a result, I’ll be spending less time here, and surfing other blogs and Websites. Developing quality software requires my undivided attention and I find all of this too distracting to be able to focus my thoughts and efforts. I’ll still be moderating comments and checking email.
If this is your first time here, take a look around. You might find some useful information to help keep your computers secure – and if you really want to learn something about computer security, read my book!
There used to be a time when people touted how secure Firefox was over Internet Explorer. Not any more! At least the folks over at Mozilla are kind enough about checking the status of your plug-ins. [ Go to their separate plug-in check page ]
If you’re interested in some of the vulnerabilities that are fixed in the recent Firefox update to version 3.6.9, head on over the Firefox Security Advisories page. Of critical note are the 10 critical vulnerabilities.
Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
Note: After being advised that my Flash plug-in was out of date, Flash didn’t update properly when I went to the Adobe site. I jumped over to IE, and downloaded and installed in the plug-in for Firefox manually. Make sure to read the Adobe install message before installing, as Adobe always wants to trick you into installing some type of additional product that you don’t want, by automatically selecting the check box option for installing one of its partner’s products. Keep in mind that IE and Firefox updates are not packaged together and need to be updated separately.
Do you ever get the feeling that the competition is one up on you? Are you always losing to the same competitor? Are you questioning how someone can possibly outbid you when you’re already submitting the lowest bid reasonably possible? If you answered yes to these questions, you might want to consider the computer security implications, including insider threat.
With the amount of information about hacking and social engineering available on the Web, it’s quite easy for an unscrupulous competitor or one of its employees to compromise one or more of your company’s computer systems for the sole purpose of gather information to under bid your company on contracts. This can be accomplished by hacking into your Web servers, sending employees email that will install Trojans, directing employees to Websites that will install Trojans or obtaining physical access to your computer systems or network. With access to databases, emails, spreadsheets, documents and even contents stored on copier hard drives, it’s easy to understand how a competitor might be able to take advantage of the situation and put you out of business.
As every computer security professional will tell you, user awareness is the key. Make a video, enter the contest and get a chance to win some cool prizes:
- Two (2) tickets to see Snoop Dogg in concert
- Opportunity to meet with Snoop’s management or agent
- A $1,000 travel stipend, awarded in the form of airline vouchers
- Hotel accommodations for two days and one night
- A super cool Toshiba laptop
Visit the site: http://www.hackiswack.com/
The most important concept to understand in computer security is compromise vector. It is the key concept to understanding everything there is know about computer security and hacking. Once you get your mind wrapped around the concept, you will view computer security from a completely different perspective.
Simply put, compromise vectors are the various avenues of attack that can be used to compromise systems, information and credentials. When a vulnerability is announced, the most important thing for people to ask themselves (or a computer security professional) is how the exploit associated with the vulnerability applies to the hardware, operating systems and applications they use or manage, or to other system to which they connect. Some compromise vectors are obvious, others are not so obvious, but know that there are no “secret” compromise vectors – just variations and combinations of known techniques that tend to surprise those who don’t think like the most devious of hackers. In some cases, a vulnerability may be of no significance because it’s technically impossible to exploit the vulnerability given the compromise vector requirements.
Anthony M. Freed posted an interesting discussion he had with Larry Clinton, Internet Security Alliance (ISA) President and CEO. This is probably the most intelligent and grounded perspective on computer security I’ve read in a long time.
We are extremely fortunate Mr. Clinton has set aside some time from his very busy schedule to offer some insight into the critical role ISA plays in shaping the future of cybersecurity.
via Infosec Island
There are a lot of really smart people in Internet land and I think it’s important to understand everyone’s perspective on computer security to see the big picture. Each of us has something to contribute to the discussion. No single person can have enough knowledge to solve the world’s computer security crisis by himself, but by sharing ideas and working together, we can collectively make a difference to make computing secure.
Mac users like to say their computers are more secure than Windows-based computers. I’m not saying all Mac users say OS X is more secure than Windows, but I’m sure everyone knows somebody that does. I usually keep my mouth zipped when someone states it, because it’s pointless to argue with someone that believes their operating system is less exploitable just because another operating system is more exploitable. Apple’s Security Update 2010-005 provides all the evidence that’s needed to set the record straight once and for all.
Mainstream media is filled with stories that cybersecurity personnel are in demand these days, which is convincing some people to consider a career in computer security. But what type of jobs are available and what might interest someone like you? Computer security jobs can be broadly categorized into these general areas:
Securing systems. A person is responsible for implementing security check lists, applying security patches, managing permissions to specific resources and checking log files. System and network administrators typically do this as part of their regular duties for the equipment they manage.
If you answered “no” to this question, you’re in good company. Pretty much everyone that knows anything about computer security shares this view as well. And as we all know, if everyone (95-99%) believes something is true, it must be true, right?
As you might have already guessed, I’m in the minority that says that it is possible. I don’t hold it against you that you don’t believe it’s possible. Being quite honest, I expect you to not believe it’s possible. Why? Because given current computer technology and security paradigms, it’s impossible. But I’m not talking about making current computing technology secure, I’m talking about starting from scratch with a clean sheet of paper. If you’re interested in how it might be possible to engineer a computer that is 100% secure, please read on.
There is a classic tale that originated in India about a number of blind men that wanted to know what an elephant looks like. Each man touched a different part of the elephant’s body and therefore had a different mental image of the elephant. (Wikipedia: Blind Men and the Elephant) What does this tale have to do with computer security? Not all computer professionals have the same perspective or knowledge when it comes to computer security.
When people choose a computer profession, they usually specialize in a one or two areas – system administration, networking, programming, database management, security, etc. While it’s possible for someone to have a good working knowledge of other areas, to truly master one particular area means that a person has to sacrifice their knowledge in other areas. This includes specializing in certain vendor specific operating systems and/or applications. Not only that, some people have no interest in one or more of the other areas or vendor products, and as a result, have little or no knowledge about certain areas or products.