You can't secure what you don't acknowledge.SM

Thursday, April 21, 2011

Amazon's cloud outage - does it change your perception of the cloud?

Everyone (okay, many; especially the vendor marketing types) keeps swearing by the "cloud"...and then Amazon's EC2 goes down today. How does that affect how you view the cloud?

I've been a skeptic and I'm still a skeptic...beware the cloud bandwagon.

Wednesday, April 20, 2011

Holy Cow: Police seizing info from phones during traffic stops

Here's some big time scary stuff personally and something that'll no doubt lead to big time security problems for the enterprise. Michigan State Police are copying data off of smartphones during minor traffic stops using the Cellebrite Universal Forensics Extraction Device. Images, address books, files,'s now fair game for the police (Gestapo?) in Michigan to take whatever whenever.

Is this government out of control or what!?

I know we've all but forgotten about the Constitution in this country but if this happens to me, I guarantee you they'd get nothing - I mean nothing - without probable cause and a warrant.

Yet another reason to force users to put passwords on their smartphones....Oh, and a control that wipes the phone after X number of failed password attempts.

Wow, crazy stuff...what's going to be next?

Legalese in email footers is useless

Ever get annoyed by those email footers telling you what you can or cannot do with the email you just received? Yeah, me too. Here's an interesting bit from Consumer Reports that talks about how those legal disclaimers in email footers may be legally useless.

It's funny, every time I see them (they're in about 60-70% of the non-spam emails I recieve) I think it's yet another representation of the American way to disclaim any personal responsibility. If anything goes awry when sending an email, it's someone else's fault.

Furthermore, as Consumer Reports mentions at the end of the article, the run-on sentences end up using more ink and paper when emails are printed...wonder what the "global warming" crowd thinks of that? Now there's an opportunity for the the anti-capitalism movement that I might consider buying in to.

Anyway, however you see this issue, be sure to speak with your legal counsel first before making any rash decisions (like reconfiguring Exchange to drop these email footers once and for all). ;-)

Tuesday, April 19, 2011

Learning is a choice

"If your intent is to learn, you almost always do learn." - Richard Carlson

Like when we see what we want to see, we learn what we want to learn. This is important for our careers in IT and infosec but also provides a great way for us to become better people.

Coffee shop laptop thefts in Atlanta a good reminder

Here's a good reason why you need to remind your employees of the risks of using laptops in coffee shops and other public places. Once the thief has it, it's all over...unless of course a brave (stupid?) coffee shop employee comes to your rescue.

A good rule of thumb is if you're setting up shop for a while then use a laptop lock to secure the system to the table. Most importantly, never, ever leave laptops unattended. I know, it does look a little goofy carrying your laptop into the john but, as in other aspects of life, substance (common sense) trumps style.

Monday, April 18, 2011

From each according to his ability to each according to his need

I thought this Marxist/Obama philosophy was very fitting for our symbolic day today here in the U.S. The general belief that the government should decide what the people need is what's driving our country...and the world. And we wonder why we can't get out of this economic mess! The reality is that the economy cannot be taxed into prosperity but that's what the politicians want to make us believe...especially if they can play on the emotions of the non-achievers - the other 50% of income earners who pay no taxes.

Speaking of this divide, here's a good read on how if the Feds seized all of the income of the top 1% of income earners they couldn't even run the federal government for a year! How can a $980 billion tax base possibly fund a $4 trillion government budget? It can't but no one talks about that. Instead the media and its myrmidon followers just want more taxes...As with government schools, just throw more money at the problem, that'll fix it.

Folks, we don't have a taxation problem, we have a spending problem. But as Obama and the other political elite want us to believe, government is the answer to everything.

On a related note, as Art Laffer wrote today in the WSJ, there's a 30% cost markup on every dollar paid in taxes. In fact, according to his piece: "Tax compliance employs more workers than Wal-Mart, UPS, McDonald's, IBM and Citigroup combined." Amazing...Just like the data breach problem, I know without a doubt that taxation and government growth is MUCH worse - impacting so many lives in a negative way - than most people it perceive it to be.

People largely want personal security over freedom. As with many information security issues people don't want to take personal responsibility for their choices and their actions. Sadly, it's the way of the world - apparently human nature...If you fall into the achiever class you've just got to figure out how to work your way through it. As for me, I can't wait to get the next two months over with so I can stop funding the government with what I earn and start keeping my own money for my own family.