John PescatoreUpdate to The Myth of the Responsible User: this week brings news that those responsible users are texting while driving and letting sensitive and critical business information get onto music stealing services because they installed peer-to-peer software on their work PCs or put sensitive business information onto home PCs that had the entire drive indexed onto those P2P services. So, now we have legislators looking to make it illegal to install P2P software and illegal to text while driving. Hey, maybe that will make the users act more responsibly! Oh, and it also turns out that users ignore all pop-up warnings, too.
Update to “Much Emergency Patching Needed This Week“: Adobe did release the patches for the Flash vulnerabilities but many reports of a painful patch process, as there are so many PCs with multiple browsers with Flash plug-ins and lots of other apps that need to be patched for this one, too. On the critical vulnerabilities in the Microsoft Active Template Library components, a nice piece in Michael Howard’s blog on why the vulnerabilities got in and what Microsoft has learned from this.
Update to “Security Issues of Top Level DNS Redirection“: Lots of positive movement on DNSEC in recent weeks, including publicity for the open source DNSSEC project. But of course, this week there were also warnings about yet another vulnerability in the BIND DNS software. Lawrence Orans of Gartner blogged about this here.
Update to “Brevity is the Hole In Twit“: I was really proud of that title – almost as proud as of the Gartner research note on national cybersecurity policy where I got this sentence past Gartner editing: “Gartner recommends a chief information security office versus a “big hat, no cattle” czar approach.” Anyway, one of the URL shortening services, Bit.ly, started warning users about potentially malicious shortened links. This is a very good thing – please follow suit, all you other link shorteners. Â Also, Greg Young of Gartner had a good series of blog posts on Twitter leaking info here.
Update to: “Does Encryption Solve Cloud-based Security Issues“: I had several private email conversations on this trick question. Encrypting data can certainly enable safer cloud based storage -but only if you have solved the key management issues and addressed availability. Encrypting stored data basically brings with it all the requirements of PKI. Plus, cloud-based storage will never have the same availability levels as locally stored data and the business longevity of cloud providers is a serious issue. Just encrypting the bits is the easy part – lots more work to do before it is useful.
Category: Uncategorized Tags:
1 response so far ↓
1 Bit.ly Takes Some Steps To Increase Security December 3, 2009 at 9:35 am
[...] their credit, bitly.org started using Google’s Safe Browsing API to warn of some malicious shortened URLs and recently bit.ly announced (well, blogged anyway) that they were adding reputation services from [...]
Leave a Comment