Study Says WLAN Growth to Triple Within Two Years:A new study from Infonetics Research says that organizations of all sizesacross North America will increasingly turn to the deployment of wireless LANs over the next two years.
Browsing Posts published in October, 2005
I say that it should be the software vendors that should be liable, not the individual programmers.Click on the essay for the whole argument, but here’s the critical point:If end users can sue software manufacturers for product defects, then the cost of those defects to the software manufacturers rises…. To be sure, making software more secure will cost money, and manufacturers will have to pass those costs on to users in the form of higher prices. But users are already paying extra costs for insecure software: costs of third-party security products, costs of consultants and security-services companies, direct and indirect costs of losses…. This will certainly give pissed-off users someone to sue, but it won’t reduce the externality and it won’t result in more-secure software.EDITED TO ADD: Dan Farber has a good commentary on my essay…. Be that as it may, I still think that making software vendors liable is a good idea.There has been some confusion about this in the comments, that somehow this means that software vendors will be expected to achieve perfection and that they will be 100% liable for anything short of that.
U.S. Regulators Require Two-Factor Authentication for Banks: Two-factor authentication is coming to U.S. banks:Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.Bank Web sites are expected to adopt some form of “two-factor” authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.Here’s more details.This won’t help. It’ll change the tactics of the criminals, but won’t make them go away. I’ve written about that already (the short version is that two-factor authentication won’t mitigate identity theft, because it’s not an authentication problem — it’s a problem with fraudulent transactions), and also about what will solve the problem.
Computer-Security Paranoia: This is just a lovely essay. Very subtle.
Security Awareness Posters: Weird and amusing tour of U.S. government security awareness posters.
News: Freshly patched Oracle exploited again.:Database administrators now have an added incentive to install Oracle Corp.’s latest security patches, which were released earlier this week. Malicious software is circulating that can crash an unpatched database server, and one security expert predicted that more malware targeting the 89 recently patched vulnerabilities is on the way.
The Future of Wireless Connectivity:Unimonomous writes “CoolTechZone.com analyzes the future of wireless connectivity with WiMax standard. ”WiMax is an upgrade from Wi-Fi and offers brilliant advantages over its predecessor. The obvious one being extended range (up to 15 miles), which means that establishing a few towers would pretty much make the entire city connected. Now this probably won’t matter to those of us with 24/7 connectivity, but people living in rural and undeveloped areas would surely benefit from it.“ Update looks like the site buckled.
Interview With An Honest Boss
OpenOffice.org 2.0 Released:Da Massive writes “The official release of OpenOffice.org 2.0 has been pushed to the download servers, as of Thursday the 10th.” From the article: “OpenDocument is an XML file format for saving office documents such as spreadsheets, memos, charts, and presentations. It was approved as an OASIS (Organization for the Advancement of Structured Information Standards) standard at the beginning of this year. OpenDocument, set as a default in OpenOffice, is cited by proponents as a way of fighting vendor lock-in associated with proprietary formats. Already, it is the required office format for internal archives of the US State of Massachusetts.”
Infocus: Packet forensics using TCP:This article looks at TCP packet forensics and examines why sequence and acknowledgement numbers can be useful during an investigation.
Infocus: A new way to bypass Windows heap protections:This paper looks at a new way to bypass Windows heap protections on Windows XP SP2 and Windows 2003.
Infocus: Cisco SNMP configuration attack with a…: Infocus: Cisco SNMP configuration attack with a GRE tunnel
Navy, Marines Ban Webmail Overseas:Google, Yahoo, too big of security threat?. According to Stars and Stripes, the U.S. Navy and Marine Corps yesterday blocked all access to webmail services from overseas government computers (in offices and libraries). “By going through some of the commercial Web-based e-mail accounts, it ope..
Two-factor Authentication and Phishing:Two-factor authentication isn’t going to stop phishing, even if it’s driven by a government mandate.
ISO 27001 is out. Should you care? Well…:ISO have finally come with “Information Security Management Systems Requirements” or ISO/IEC 27001:2005. It “defines an Information Security Management System, creating a framework for the design, implementation, management and maintenance of IS processes throughout an organization.” The linked blurb also explains how this new 27001 standard relates to old 17799 standard.
Use Gmail as a to-do list, RSS reader and more:Filed under: Freeware, Google, E-mail, Utilities, Web servicesSure, you already know how to use Gmail as a hard drive. But how aboutusing it as a to-do list, RSS reader or notepad? ExtremeTech has sometips on this and more, from their forthcoming book, "Hacking Gmail." Most of the tips involve the "+" aliasing technique we’ve covered herebefore, and they aren’t necessarily as useful as full-fledged apps (I still prefer a dedicated to-do manager like Backpack), but they’re allclever ways to make use of your 2GB of space.
News: Cisco updates endpoint security technology:Cisco Systems Inc. today announced an enhanced version of its Network Admission Control (NAC) technology designed to help protect corporate networks against threats from insecure endpoint devices such as PCs and notebook computers.With the move, Cisco has extended NAC support to its range of Catalyst switches and introduced new features allowing companies to enforce security polices on users’ devices. Cisco also added new partners to its NAC program and upgraded its line of NAC hardware appliances.
Open Doors to Innovation: There’s a good article in InformationWeek this week that picks up on the idea of how new companies are looking at open source. It’s not that proprietary technologies don’t scale technically. It’s just that they don’t scale economically. The cost of using closed source software in a scale-out scenario with dozens [...]
Snort 2.4.2 Flaw Leaves Systems Vulnerable:
Try an information technology ombudsman:Poor communication and tension between information technology (IT) staff and its internal customers is a common problem for many organizations. In some instances, strained relationships keep IT from moving the organization forward. One possible approach to smoothing things out is to employ a neutral third party — an IT ombudsman.
