November 23, 2005
NSA Security Guides
Have you ever wondered what the NSA, one of the most covert federal agencies, does to secure their desktop computers? You can actually find out from the source.
The NSA offers a series of Security Configuration Guides for a range of operating systems, wireless, web servers and browsers, and more.
There is a ton of great info here, but fair warning: some of it isn’t for the faint of heart. It can get very geeky, very fast. But if you’re serious about security, take a look and download some of the documents (all are in PDF format) - you’ll pickup lots of great tips.
Posted by Web Developer at 11:11 PM
September 29, 2005
Counterpoint: User Education Is Not The Answer
Usability expert Jakob Nielsen had an interesting Alertbox article from about a year ago titled User Education Is Not the Answer to Security Problems. He argues that putting the burden of work on computer users to remain secure is a futile effort that hasn’t and won’t work. Instead, he advocates a redesign of security initatives to build them into hardware and software and to make them as transparent and ease to use as possible.
It’s an interesting argument. What do you think?
Posted by Web Developer at 10:53 AM
September 28, 2005
Infoworld Security Articles
The September 26th issue of Infoworld features a couple of great pieces about malware (spyware) and some of the other biggest threats to organizations. Just as John has been saying recently, they detail how the computer worm/virus business has become a money game. The stakes are very high - annoyances were bad enough, but now we have to worry about organized groups of criminals selling personal information to the highest bidder.
It’s a great read - I recommend that you check it out.
Posted by Web Developer at 11:28 AM
Keyboard Acoustic Emanations
As I mentioned during the security presentation at the NDATL Fall Face-2-Face conference yesterday, researchers at Berkeley were successfully able to reconstruct the data typed into a computer after analyzing a 10 minute audio clip of somone at their keyboard. English text was recognized at a 96% accuracy rate, and random character passwords at 90%. Pretty crazy stuff.
The academic paper is currently available for download (PDF) and the analysis software is soon supposed to be available freely at keyboard-emanations.org. While this isn’t something you should worry about, it’s interesting never the less. Just another reminder that you’ll never be completely secure!
Posted by Web Developer at 11:15 AM
A Look Inside Symantec’s Response Lab
The October 2005 issue of Fast Company magazine features a really good article about Symantec’s security response lab entitled Sweating In the Hot Zone. It presents a behind the scenes business view of how the company keeps on top of the ever-changing landscape of security threats. It appears they learned a lot in August 2003 during the simultaneous spread of the Blaster, Welchia, and SoBig worms and viruses.
Posted by Web Developer at 11:03 AM