The Egyptian uprising tie-in with the U.S. Internet kill switch

The people rioting in Egypt against their oppressive government and the subsequent blocking of the Internet is an interesting issue that has a global reach. Foreign policy aside, have you stopped to think about the ramifications of the cybersecurity "kill switch" bills that our measly politicians are trying to force upon us?

As I wrote previously, the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480) provide undeterred powers to the government to effectively shutdown our economy as we know it. Would the president use this power during a cyberattack? Presumably. Would the president use it during an uprising like what's going on in Egypt? It wouldn't surprise me.

But, you say, all of this is happening in Egypt...this is America - we'd never reach that point! That's a shortsighted and dangerous mindset. Just look at all the nonsense the Social Democrat Party have shoved on us the in the past two years alone...evidence enough to rational people that anything's possible with a runaway government. Our government "leaders" don't want to be questioned, they don't want to explain their actions and they certainly don't like it when people speak out against them. [The whole free speech thing cracks me up when you think about what the old-school liberals of the 1960s demanded, but that's another story.]

As Senator Susan Collins recently said "unlike in Egypt, where the government was using its powers to quell dissent by shutting down the internet, it would not." Oh, okay, we understand and believe you Senator Collins. The government has never put legislation in place for one purpose and ended up abusing it for other means down the road. We're good. Here are some more details on this recent news:
As Egypt goes offline US gets internet 'kill switch' bill ready (the graph showing Internet traffic to and from Egypt last week is really interesting)

...according to Wired Magazine, it looks like the Lieberman-Collins-Carper cybersecurity bill is set to be reintroduced into a Senate committee any day now.

So, it's scary to many what the Egyptian government did/is doing to it's people and the U.S. is now wanting to put the same draconian powers in place? But you know it'll be different here...like Socialism. It's failed elsewhere for centuries, but big, strong America can make it work for the greater good of the people.

Folks: good, bad or ugly, our politicians are going to get their way. Way too many voters are concerned about what's happening on Facebook, NCAA basketball and American Idol for us to be able to truly hold these people's feet to the fire.

What can you do...? Interesting times indeed.

Read More

It's hard being human

Cavett Robert once said something about character that resonates within information security - especially regarding ongoing management and leadership. He said:

"Character is the ability to carry out a good resolution long after the excitement of the moment has passed."

When I saw this I was reminded of how pumped you can get when attending a show like RSA or CSI or how neat certain vendor marketing spiels sound. Another is when an information security consultant or internal auditor produces a report that kindles the fire inside so you resolve that you're going to make things right this time around...but then the newness and the excitement wear off. We get busy and fall back into our old ways and like I wrote about we lose sight of what's important. The cycle continues.

Read More

Take patch management out of IT's hands completely?

Here's a piece by CNET's Stephen Shankland on continuously updating software and patch management. Not sure where things will end up (we're already halfway there with this technology) but it's something that certainly couldn't hurt security.

Read More

Web application security testing: how much is enough?

How often should you test your Web sites and apps for #security flaws? Well, it depends of course! Here's a new bit I wrote where I delve into the different variables and things you need to be thinking about:

How often should you test your web applications?

Enjoy.

Read More

My book Hacking For Dummies is now in 3 languages

I was just told by my acquisitions editor at Wiley that my book Hacking For Dummies is being made available as an Italian language publication.



English, Estonian (I know, who would've thought!?) and now Italian...cool.

Read More

Cybersecurity schmybersecurity

Here are a couple of #cybersecurity pieces I authored for TechTarget's SearchCompliance.com regarding the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480):

Why the Cybersecurity Act is better for government than business

Is the latest cybersecurity bill an Internet takeover by the fed?

You know how I am about government growth and its intrusion into the free market. By and large that's what both of these pieces of legislation represent. As with so many other federal government regulations I strongly believe that it'd serve to cause more problems than it fixes.

But who am I to question...the politicians know best, right?

Read More

Skill to do comes of doing

Ralph Waldo Emerson once made this statement which completely and totally applies to what you do in your job and how you develop your career over the long haul:
"Skill to do comes of doing."

As with surgeons, home builders, mechanics, race car drivers and so on...we learn most by doing.

I know a lot of people are going back to school and focusing on getting their degrees and certifications right now. There's certainly value in doing so. Just never ever forget that formal training and education are only a relatively small part of the overall package that you bring to the table. So get out there and get your hands dirty because there's no replacing good old-fashioned hands-on experience!

If you're interested in hearing a lot more of my take on certifications, degrees, and experience and the best way to approach each of them to enhance your career, check out this Security On Wheels audio program I put together. Here's a snippet you can download and listen to.

Read More

Good bits to share about computer disposal

Here's a good short read from SANS (@sansinstitute) you can share with your non-technical family members, friends & neighbors on why they need to careful when disposing of their computers and how they can do it properly.

Read More

More on the Ponemon Lost Laptop Survey

Here's a short piece where I was quoted by Rod Scher in Processor magazine (a very good trade rag by the way) on the Ponemon Institute's Billion Dollar Lost Laptop study.

Not only are the numbers astounding, this is a big problem that's growing every day - crying out for our attention.

Read More

My "new" book on ethical hacking turns 1

Today marks the one year anniversary of the publication of my "new" book Hacking For Dummies, 3rd edition.



Wow, how time has flown by! Thanks so much to those of you who have provided both kind words and constructive criticism via your emails, Amazon.com reviews, and in your own independent sites and blogs. No doubt it'll soon be time to start planning out the 4th edition. Until then...

Read More

Tidbits on MS security, MBSA vs. the competition & cloud backups

Here are a few new articles I wrote for TechTarget where I talk about IIS 7.5 security, encrypting Windows Server drives, MBSA vs. commercial vulnerability scanners and the dearly beloved cloud backup services. Enjoy!

How vulnerable is Microsoft IIS 7.5 to attacks?

Pros and cons of Windows Server drive encryption

Weighing MBSA against paid vulnerability scanners

Preventing online backup security threats to your network

Read More

Beware the "network assessment"

There are many IT services firms - including some run by friends and colleagues of mine - who perform something called "network assessments". The outcome of these assessments - which are usually aimed at SMBs - is to determine the overall health of your network and computing environment, supposedly including security.

First, let me be clear that these are legitimate services to see where your network stands. That's fine and dandy - a useful service indeed. The problem is that these network assessments are being pushed/sold under the guise of security assessments. I was recently on a friend of mine's website and saw how they can check the security environment of a network. I looked at the Web site of another colleague of mine and his business claims to offer a service that ensures your sensitive data remains protected. In our discussions, neither of these people have ever claimed to be security experts. I don't believe "in-depth security assessments" are their intent either.

But what about all the other network services firms/consultants out there like them...?

My point is to be careful. Don't assume that just because a network engineer checks your systems, recommends some software updates or network design changes, and ultimately installs some new security products in your environment that your information is truly secure. A solid and effective information security program is much grander beast.

Read More

What's holding you back?

Orison Swett Marden once said:

"What keeps so many employees back is simply unwillingness to pay the price, to make the exertion, the effort to sacrifice their ease and comfort."

So true...as the saying goes good enough hardly ever is.

Read More

Great quote on information security choices

Here's a great quote by Fred Smith that says it like it is:
"You are the way you are because that's the way you want to be. If you really wanted to be any different, you would be in the process of changing right now."

Obviously this also applies to our careers and personal lives...Like calories we ingest, our choices add up dramatically over time.

Read More

Speaking of supererogation, here's a great quote

Regarding yesterday's post about the word supererogation and how it can help you in your infosec career, here's a great quote by the poet Ovid that supports such an approach:

"Make the workmanship surpass the materials."

Spot on...otherwise you just fall in line with the majority. Not good for your career, not good for business.

Read More

My message to Republicans on this critical day in history

This is a big, big day for the future of the United States of America. The people spoke in the last election telling the jokers in Washington that we don't want their "hope and change" that's running this country into the ground. Today our new Congress gets rolling. But what's it going to lead to? I have my fingers crossed that we won't see more of the same old Big Government nonsense coming from the new Republican leadership in the House.

Republicans: You've let us down so many times in the past that the lines are now blurred between you and the Socialist Democrat party. You've all represented Big Government for years. So what are you going to do differently now?

Republicans: Know that we're watching...if you don't stick by your principles and the Constitution this time around I'm confident that our country as it was intended and your party will become a thing of the past and we'll fall in line with the rest of the sheeple around the world. The standard of living that we've all grown accustomed to in America will slowly erode away in the interest of "the greater good" of the dumb masses - a system proven to fail time and again over the centuries. If this is what ultimately occurs, Republicans who fail to stand by their principles from this point forward will carry that responsibility and that burden.

Republicans: Please, please proceed with caution and think long term...we've all got too much to lose.

Read More

Supererogation helps infosec

I saw a great Word of the Day from Merriam-Webster over the Christmas break: Supererogation

It means "the act of performing more than is required by duty, obligation, or need". Said another way it's going the extra mile above and beyond to make things happen.

If there's any one underlying component of being successful in everything you do it's doing all the other things that need to be done in security (or wherever in your life) after you've completed what's generally expected.

Read More

Security complacency & leadership - focus on both in 2011

Happy New Year! Here are a couple of recent pieces I wrote for Security Technology Executive magazine I thought would be good to get things rolling for 2011:

Don't lose sight of what's important

Four traits of successful information security leaders

My wishes to you and yours for a healthy and prosperous year ahead!

Read More