Robust McManlyPants on Average Display

The subject says it all.  Recent logs indicate I’ve got someone
reading from Portland (hello to you) and someone in or around Chicago
(hello to you), someone in Philadelphia (hello to you) and someone in
Taiwan (what the fuck?, unless it’s Casey, in which case I’m waving to you
right now, as I type this, because I’m that talented).

The most interesting new visitor I’ve noted, though, is someone or something at Cyveillance,
an “Online Risk Monitoring & Management Service.”  I haven’t
been able to suss out exactly what it is they do, other than apparently
provide a very comprehensive, very private search engine that covers
more than just websites, and provide information to their clients
regarding a broad swath of potential risks inherent to the
Internet.  I’m quite accustomed to seeing search engines plow
through on occasion, but given I’ve had more than one visit from a
Cyveillance IP address, and given at least one visit from a client
coming through on what I imagine may be an anonymizer/proxy, I’m
intrigued.  Given that they’re also located in Arlington, VA, I
figure it’s probably best to go ahead and nod.  I’ll not be so
gauche as to ask if you’re hiring remote employees, and I’ll not be so
freakishly paranoid as to also file this post under “conspiracy
theories,” though that category is right there, looking at me, arms
crossed over its chest and its eyebrows raised a little as if to say,
“Oh?  You aren’t?”

At any rate, welcome to all.  As always, I am reachable from the
mailto: link constituted by my name at the bottom of every post. 
If you’ve got any, you know, questions for me, email away. (more…)

Securityfocus.com is running another top-notch story – this one about the CEO of a web-based satellite TV equipment retailer
hiring out the buddy who ran his webhosting to launch distributed
denial-of-service attacks against the competition.  What I find
funniest about the whole deal is how quickly corporate it became, as
the CEO first hired one gun to take care of it, who then hired other
guns, one of whom in turn further sub-sub-contracted out the work to
another guy entirely.  Eventually, the CEO bought the webhosting
company outright so that everyone allegedly worked for him on paper as
well as in spirit – and there you have it, corporate culture overtakes
an electronic crime and the whole thing falls apart.  Imagine Lumbergh from “Office Space” asking for a report on that DDoS attack, and you’ve got exactly what the atmosphere must have been like.

From the CEO’s “welcome message” page linked above, I take the following true – almost visionary – statement:

Technology is changing rapidly. Even as you read this message, breakthroughs are being
made every day that will make life easier for us all.

(more…)

Securityfocus.com has a great column
up by a security consultant and former Air Force officer discussing the
ease with which one’s personal data gets released into commercial fora,
and the exploited but largely unknown value of personal data, both to
businesses and governments.  His analysis is of a pretty everyday
example:  a Virginian renting a car from Hertz and using an AmEx
card to do it.  We’re all pretty savvy folks, but I for one had no
idea how valuable personal data could be, in a very tangible way, to
someone like, say, the DMV.  It’s a good illustration of how
little we really know about how much others know about us.

He very importantly makes clear that it’s not about conspiracies to
manipulate us by our information – it’s about who’s going to get rich
(or merely fair compensation) off that information: the people who buy
& sell the information, or the subjects of that information.

I think I’m most intrigued by his comparison of the transition to the
Information Age with the transitions to the Agrarian or Industrial
ages:  things change, new things become valuable, and someone is going to make a truckload of money in the process – probably running over several other someones in the process. (more…)

I’m willing to bet that someone out there already has figured out the
method to turn this into subtle, anonymous warflying, a la wi-fi
wardriving.

Epson has developed a small, short-flight robotic helicopter.  We’re talking really small.  It weighs a few grams, and it can carry a few pounds for a few minutes.  Perfect for a little good-natured mayhem. (more…)

Even more cool stuff:  the first transmission on the Mars-Earth interplanetary network
happened the other day, and we hardly even noticed.  It even got
pretty good throughput.  I love technology.  Maybe in fifty
years they’ll need to bring old firewall admins out of retirement to
work on it…?  Ah well. (more…)

New Scientist is reporting that there’s now Wi-Fi blocking wallpaper
that’s been developed in the UK.  I’ll be honest – although this
is my profession, I don’t know the physics of broadcast signals well
enough to understand exactly how it’s done, but it makes sense in a general way, and I can definitely tell that this is very, very clever. 

The best thing?  Someone will figure out a way around this. 
Given that it can be configured to allow specific frequencies but
absorb others, I have to imagine that there is (a) an absorption
maximum that could be exceeded with a strong-enough signal, though
that’s me talking out my ass entirely and I would not at
all be surprised to be wrong on that and (b) a way to passively scan it
across a wide range of frequencies to detect which ones are allowed and
which aren’t.  And of course, a clever enough person will just use
a 3G phone with networking capabilities in some very clever fashion to
get past it right away. 

I love my field. (more…)

The Internet is like that friend you had in high school who collected
and re-distributed gossip like the county recycling center or,
alternately, the creepy old guy down the street whose front yard always
looks like it’s halfway through a depressing yard sale, cluttered with
things he bought yesterday to sell tomorrow.  The Internet leans
in to let you whisper something juicy and by the time you’re back from
the bathroom it’s told everyone else at the party.

Those are some really strained metaphors.  Ah well.

Anyway, the reason I bring this up is because of an absolutely fascinating new blog:  See What You Share. 
It’s one guy’s effort to demonstrate just how easy it is to let you
personal information slip through the cracks and into the hands of
anyone who wants it.  He posts pictures and scrubbed versions of
documents he finds on P2P networks like Kazaa. 

The math on this is so simple, the concept so obvious, that I don’t
know of anyone else who’s thought of it yet.  It’s like Found Magazine for the Internet if you pretend Found doesn’t already have a website. (more…)

Passed my Checkpoint Certified Security Administrator exam this morning
with relatively flying colors – needed a 70 and I got an 81.

AW YEAH.

Now, the videogames. (more…)

So, I just took an exam to be certified in Websense
administration.  It’s a product we use with our clients. 
It’s the best of a bad lot, to be honest – no filtering software is any
good, in my experience, but this one’s usable, and that puts it way
ahead of the rest of the pack.

I just took the exam cold – no studying.  I just flipped open my
laptop, fired up the exam site and took the test with a cig hanging a
la Bogart – from the corner of my mouth.

I passed.  First try.

AW.  YEAH.

It’s not much, but it beats nothing.  I’d been afraid I’d be
chained to my study materials tonight and tomorrow during the day, but
as it turns out, there will be Prince of Persia this night. (more…)

This isn’t really news to anyone whose browser habits I know – you’re all on Mozilla or Firefox, AFAIK.  However, it’s interesting to see a respected body back us up on it. 

It’s true that part of the problem with Internet Explorer is simply its
lowest-common-denominator status; it’s vulnerable by its very dominance
of the market.  However, there are real, technical reasons to view
Mozilla/Firefox as more secure. 

ActiveX, we hate you. (more…)