InfoSecPodcast.com

A friend of mine is works in the financial services market. His company has a need to record Instant Messenger video sessions (think AOL and MSN webcam ) and archive them. They need to do this on the network as opposed to having client software do it locally on the desktop. This is due to the varied desktop systems, only half are Windows based.

Anyone know of a commercial solution or open source libraries that could do this? I know many IPS’ can detect IM video but he needs to record. Is IM video even encrypted? Before you start with the privacy concerns this is done with full knowledge of both parties who are also employees of the same company. It is a pilot program at this point.

–Chris

Technorati Tags: AIM video, record, MSN Messenger

Popularity: 100% [?]

World of Warcraft creator Blizzard Entertainment is selling hardware security devices. These small devices can fit on a key ring and provide a second form factor for authentication using something similar to a one time pad. The cost…..6 EUR. Robert over at Errata Security has a pretty good write up on it.

Now if only my bank could figure this out. Wait a minute….don’t they have to under PCI??

–Chris

Technorati Tags: WoW, World of Warcraft, Blizzard Entertainment, 2 form factor

Popularity: 84% [?]

I’ve been working on a new theme for the blog. Please let me know what you think of the new theme!

Thanks!

–Chris

Popularity: 81% [?]

When I first read about Twitter I didn’t see much value in it for me. It wasn’t until I started using it last year when I saw the usefulness for me. Twitter is an interesting communicaiton tool. I call it a cross between an IM client and a Bulletin Board. There are a lot of informal groups that use twitter. One of them is the Security Twits.

Security Twits are people in security related jobs, companies, etc that use Twitter. We can thank Jennifer, aka Mediaphyter, for the name and the original blog post on the Twits. It’s actually a pretty impressive list of security folks using it.

If you have not tried Twitter you should. You may just find it useful if not downright addictive.

– Chris

Technorati Tags: Twitter, Security, Security Twits

Popularity: 75% [?]

I am seeing an increased need and proliferation of web based collaboration tools. WebEx, GoToMeeting, MS LiveMeeting, etc. While these tools are necessary as we see people and organizations looking for collaboration, how secure are they? A couple concerns come to mind. NOTE: I have not done any research into this nor read much of the product literature.

What can these services see?
In a hosted model these companies act a the middle man between the person giving a PowerPoint presentation and the ones viewing it, as an example. Can WebEx or GoToMeeting see the presentation? If so, is it done overtly or covertly? Any audit trail? Is the presentation stored on their servers?

Sharing of desktops?
I know some of these services have the ability to share their desktops or applications. Some can even give control of their entire PC over to another person in the meeting. That could have some significant security implications in certain environments.

How do you handle these technologies? Do you block them? Have an approved one and block the rest?

I would love to hear what you do.

–Chris

Technorati Tags: GoToMeeting, WebEx, Web Meeting

Popularity: 67% [?]

I saw this today on Slashdot. There is an ICANN registrar in China who is apparently not living up to its obligations to verify proper contact information for people registering domain names. The registrar is Xinnet Bei Gong Da Software. How bad is it you ask?

• Of 11,000 suspected spam domains registered through them, NONE were taken down in a 6 month period.

• Approximately 100 new spam sites per day being registered.

• A “significant” number of those domain registrations have apparent bogus contact information

What makes matters worse is that there appears to be some interesting langauge in the ICANN agreement that registrars are supposed to comply with:

“Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy.”

Reasonable steps? A little vague don’t you think? It will be interesting to see if ICANN does something here. Why does the prhase “Stop or I’ll yell Stop again!!!” come to my mind here?

–Chris

Technorati Tags: ICANN, Spammer, Xinnet

Popularity: 63% [?]

Yup….I’m still around. For the record, working for a VAR is NOT for me. It has taken a couple of them to make me realize that if I am going to sell / represent a product it needs to be my product. Both of the VAR’s I worked for recently, GreenPages and Focus Technology Solutions were good companies to work for….it just wasn’t for me.

So I am working in an Information Security position at MIT Lincoln Laboratory. It’s a very interesting mix of Academia and Military. We have a new CIO (as of last fall) and he really seems to be shaking things up and making some improvements. The environment is similar in feel to the NSA which is no surprise given the classified research that is done there. So far I am enjoying it. I do not enjoy the commute…about 60 miles each way with 12 of it being on 128. Those in the Boston area know all too well what I am talking about.

I’ve got a couple of posts in the works to try and freshen things up around here. The site is also going to get a fresh look and feel. Who knows, I might even get a podcast or two up

–Chris

Popularity: 44% [?]

I am doing some housecleaning (in more ways than one) and came across this comment awaiting approval from yesterday.

 ”Your previous posts were real rubbish, but this is good. This one is brilliant. Your blog is getting really better.”
The email address was a fake and the URL they left was to a porn site. Made my morning.

And yes,  I am still alive.

–Chris

Popularity: 42% [?]