You can't secure what you don't acknowledge.SM

Wednesday, April 30, 2008

Small business owners take note - security affects you too!

In fact, the threats and vulnerabilities we're up against don't discriminate. Size doesn't matter. Here's a good read on this if you're trying to find some ammo to get management on your side and show that security affects all businesses - large and small.

Here's another story about how credit card thieves are targeting small businesses.

Oh, one more thing - one of the greatest bits of ammo is the Privacy Rights Clearinghouse Chronology of Data Breaches. There's new stuff there seemingly every day. You can't read through it without shaking your head. There's just no excuse. Hey, at least you can fix ignorance.

So, large or small, the bad guys don't care...

Yet another reason for testing your Web applications for security flaws

This is a very interesting story. Apparently attackers are automating SQL injections on vulnerable sites/apps with SQL Server backends. I've always been a big fan of automated SQL injection tools such as what HP's WebInspect has built-in but this brings a whole new meaning to automated SQL injection!

Yet another reason you need to be testing your Web applications for security vulnerabilities consistently and without fail.

How the word 'hacker' got started

I heard a news story this morning regarding the economy that reminded me of how we got to the point of misusing the word hacker. The essence of what this economic expert being interviewed said is that it doesn't matter if we're technically not in a recession, if the people believe we're in one, then that's all that matters. Well, we're not - but who cares, right?

Just like with hacker. The criminal bad guys - a.k.a. crackers - aren't hackers in the traditional sense (i.e. good guys just playing around and "rewiring" stuff) but if that's what the media and everyone else wants to call them, well then, they're hackers.

Ahhh! Majority rule...It's such an ignorant and dangerous mindset.

Tuesday, April 29, 2008

What NOT to focus on to boost your career

Here's a funny look at technologies to NOT focus on if you're going to boost your salary. I couldn't agree more. It makes me sad about NetWare skills (I'm a CNE and former Novell bigot). Those used to be "elite" skills that garnered you more $$$. Not really any more. Thanks for running NetWare into the ground Novell!

Great resource for doing PowerPoint the right way

If you have to use PowerPoint to get your messages across (and who doesn't these days?), here's a great resource for you. It's David Paradi's web site and newsletter. He's got lots of free content plus you can order his ebooks, etc. I must say his expertise has really helped me out.

Also, here's a good survey of David's on what people like/dislike in presentations that's interesting as well:
http://www.thinkoutsidetheslide.com/survey2007.htm

FYI, I'll be developing a Security On Wheels audio program titled Delivering Rock Solid IT Presentations in the near future where I'll share with you what I've learned over the years about giving presentations. If you'd like to be notified when new audio programs like this and related content become available, you can sign up at http://securityonwheels.com. I won't share your email address with anyone either!

Monday, April 28, 2008

ISP with no business continuity plan?

A couple of weeks ago, my home Internet service provider, SpeedFactory, went kaput. What used to be an awesome small ISP with good prices and tons of flexibility had let me down.

I had no DSL, no email, nothing worked from home. Topping off the problem, no one was available to call...Their phone lines (even the fax) were inaccessible. Several days later, they amazingly re-surfaced and apologized for the outage. They sent out a note stating they regretted the inconvenience. Ha! Too little too late SpeedFactory...I had already moved on to a different ISP (AT&T FastAccess, which so far, is not going very well). What's a guy gotta do to get decent broadband access?

Three lessons can be taken away from this event:

1) I never realized how dependent my family is on our home Internet access. I know now that we can't go for more than a day or so without it.
2) Cell/air cards don't work as a good backup when you don't have good cell phone coverage (I live in the bustling metro Atlanta area and I have no cell coverage with AT&T (formerly Cingluar based here as well) where I'm at. Go figure.
3) Your business needs a business continuity plan (apparently the missing element in my ISP's extended outage) no matter how small it is or what line of work you're in.