You can't secure what you don't acknowledge.SM

Friday, April 29, 2011

Nikon Image Authentication vulnerability

The fine folks at @Elcomsoft have discovered yet another security flaw in digital cameras. First it was Canon. This time it's Nikon - specifically Nikon's Image Authentication Software.

Elcomsoft researchers found that the way the secure image signing key is being handled in the camera is flawed. This allowed them to extract the original signing key and then produce manipulated images that appear to be legit. I could see this being a huge deal in computer forensics and expert witness work.

Thursday, April 28, 2011

The mobile device free-for-all dilemma

From @ECIOForum, can you envision enterprises giving workers any desktop or mobile device they want to do their jobs?

I think an important follow-up question is: does it really matter?

People are going to do what they're going to do. Those of us in IT and infosec can scream No, No, No this or that mobile devices on the network at the top of our lungs; until eternity...But you know what? People are going to use them anyway. It's all a matter of how you set your networ, your users and your business up for success and deal with it on the back end.

Wednesday, April 27, 2011

Novell, Utah and the Libertarian Party

Some new news out today was about Novell completing its sale to Attachmate. Wow, the end of an era...

Novell really does have a special place in my heart - NetWare was the first network operating system I learned, way back in the version 2.15c days. Anyone remember those? Then I moved on to v2.2, 3.12, 4.0 and then 4.1. I obtained my first IT certification - the CNE - that was all about NetWare. I even wrote/sold my own patch management application for NetWare before patch management was cool.

Another great thing about Novell was their BrainShare conference. I see that they've moved it from March to October; glad I got my skiing in when I did! Going to BrainShare every year I not only got to know NetWare like the back of my hand but I also discovered the beauty of Utah - in particular its microbreweries and its snow skiing. Absolutely lovely.

To my final point, I was having lunch with a close friend recently who shared my Novell bigotry back in the day and shares my love for limited government right now. We were talking politics and about how the Tea Party mindset consists of regular guys like him and me who are fed up with Republican and Democrat politicians alike so keenly focused on government expansion and intrusion into our lives. I told him the Tea Party mantra used to be called the Libertarian Party. The Tea Party, like Microsoft, rose out of nowhere and grabbed all the attention. I told my friend how sad it is that the Libertarian Party, like Novell, has consistently failed to market itself as a viable option and, thus, we are where we are today. Just damn.

Novell, Libertarian Party or whatever - lots of excellent products and great ideas are/were out there for the taking. Logic sales but who's buying...?

Tuesday, April 26, 2011

What's this "firewall" you speak of??

It seems that #firewalls are making a comeback. Of course, I felt compelled to throw in my two cents worth so here are some new pieces I wrote for the fine folks at on firewalls and firewall management:

Firewall change management and automation can curb human error

Do Web application firewalls complicate enterprise security strategy?

Planning a virtualization firewall strategy


As always, be sure to check out for links to all of my information security books, articles, whitepapers, podcasts, webcasts and more.

Monday, April 25, 2011

The positive side of infosec

"Have you ever, even once, stopped to marvel at just how often things go right? It's amazing." -Richard Carlson

With all of the smack talk and negative approaches so many of us (myself included) take regarding IT and information security, this'll make you realize that it's not all bad. I we could all benefit from stopping to smell the roses and seeing the bright side of our field every now and then.

Sunday, April 24, 2011