InfoSecPodcast.com

I’ve been working on a new theme for the blog. Please let me know what you think of the new theme!

Thanks!

–Chris

Popularity: 85% [?]

When I first read about Twitter I didn’t see much value in it for me. It wasn’t until I started using it last year when I saw the usefulness for me. Twitter is an interesting communicaiton tool. I call it a cross between an IM client and a Bulletin Board. There are a lot of informal groups that use twitter. One of them is the Security Twits.

Security Twits are people in security related jobs, companies, etc that use Twitter. We can thank Jennifer, aka Mediaphyter, for the name and the original blog post on the Twits. It’s actually a pretty impressive list of security folks using it.

If you have not tried Twitter you should. You may just find it useful if not downright addictive.

– Chris

Technorati Tags: Twitter, Security, Security Twits

Popularity: 79% [?]

I am seeing an increased need and proliferation of web based collaboration tools. WebEx, GoToMeeting, MS LiveMeeting, etc. While these tools are necessary as we see people and organizations looking for collaboration, how secure are they? A couple concerns come to mind. NOTE: I have not done any research into this nor read much of the product literature.

What can these services see?
In a hosted model these companies act a the middle man between the person giving a PowerPoint presentation and the ones viewing it, as an example. Can WebEx or GoToMeeting see the presentation? If so, is it done overtly or covertly? Any audit trail? Is the presentation stored on their servers?

Sharing of desktops?
I know some of these services have the ability to share their desktops or applications. Some can even give control of their entire PC over to another person in the meeting. That could have some significant security implications in certain environments.

How do you handle these technologies? Do you block them? Have an approved one and block the rest?

I would love to hear what you do.

–Chris

Technorati Tags: GoToMeeting, WebEx, Web Meeting

Popularity: 72% [?]

I saw this today on Slashdot. There is an ICANN registrar in China who is apparently not living up to its obligations to verify proper contact information for people registering domain names. The registrar is Xinnet Bei Gong Da Software. How bad is it you ask?

• Of 11,000 suspected spam domains registered through them, NONE were taken down in a 6 month period.

• Approximately 100 new spam sites per day being registered.

• A “significant” number of those domain registrations have apparent bogus contact information

What makes matters worse is that there appears to be some interesting langauge in the ICANN agreement that registrars are supposed to comply with:

“Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy.”

Reasonable steps? A little vague don’t you think? It will be interesting to see if ICANN does something here. Why does the prhase “Stop or I’ll yell Stop again!!!” come to my mind here?

–Chris

Technorati Tags: ICANN, Spammer, Xinnet

Popularity: 67% [?]

Yup….I’m still around. For the record, working for a VAR is NOT for me. It has taken a couple of them to make me realize that if I am going to sell / represent a product it needs to be my product. Both of the VAR’s I worked for recently, GreenPages and Focus Technology Solutions were good companies to work for….it just wasn’t for me.

So I am working in an Information Security position at MIT Lincoln Laboratory. It’s a very interesting mix of Academia and Military. We have a new CIO (as of last fall) and he really seems to be shaking things up and making some improvements. The environment is similar in feel to the NSA which is no surprise given the classified research that is done there. So far I am enjoying it. I do not enjoy the commute…about 60 miles each way with 12 of it being on 128. Those in the Boston area know all too well what I am talking about.

I’ve got a couple of posts in the works to try and freshen things up around here. The site is also going to get a fresh look and feel. Who knows, I might even get a podcast or two up

–Chris

Popularity: 47% [?]

I am doing some housecleaning (in more ways than one) and came across this comment awaiting approval from yesterday.

 ”Your previous posts were real rubbish, but this is good. This one is brilliant. Your blog is getting really better.”
The email address was a fake and the URL they left was to a porn site. Made my morning.

And yes,  I am still alive.

–Chris

Popularity: 45% [?]

I saw this press release today from my Savant Protection. According to the release Savant’s Protection has been ported over to the Google Android platform. Savant Protection is very interesting technology in the fight to prevent the spread of malware. It’s not AntiVirus in the traditional sense and it is not really white listing either. I’ve seen the demo and have run the app myself. It definitely improves on the current state of malware protection. Good job Ken!

I am curious to see what other security systems will be running on Android in the future. Is there a list of security type applications that run on it? Admittedly I am not that familiar with Android.

–Chris

Technorati Tags: Savant Protection, Malware, Google Android

Popularity: 26% [?]

I will be in Orlando tonight and tomorrow night, Atlanta on Wednesday and Raleigh-Durham on Thursday. If anyone is around and wants to grab some food / drink let me know.

–Chris

Popularity: 19% [?]