An unintended consequence of fast food "going green"

I was just pondering the negative side-effects and unintended consequences of many of the fast food restaurants who are "going green" (I use that term loosely because it's so overused in the name of marketing). The thing is so many restaurants like Panera and Moe's as well as countless others I've visited in my travels this year have these flimsy plastic Solo (and other brand) cups that aren't worth a flip.

You see, you can't put on a lid on these paper-thin nuisances without crushing the entire thing...and spilling your drink, and using a half-dozen napkins to clean up your mess, and having to get a new cup and then having to refill your drink...you get my drift. When this happens - and it's happening to me and others a lot (witnessed it 3 times in the past 2 days) - just how much is that flimsy plastic cup truly impacting the environment!?

Instead of hopping on the "going green" for show bandwagon and bowing at the altar of "global warming", how about these businesses start placing some darned recycle bins in their restaurants!? I may be wrong (I often am) - it just seems like that'd be a wiser solution. Selfishly speaking, if anything it'd keep me from having to haul my cups home every time so I can recycle them myself.

Read More

Ever heard of "gruntled" workers?

We always hear about "disgruntled workers" wreaking havoc on computer systems and sensitive information. Interestingly we never hear about "gruntled" workers and how they can help improve security...

Thanks to a Merriam Webster's "Word of the Day" I came across I now know that there's another side to the overused word "disgruntled". Interestingly, according to M-W, the prefix "dis-" usually means "to do the opposite of," hence the assumption that if there is a "disgruntle," there must have first been a "gruntle" with exactly the opposite meaning. Apparently "dis-" doesn’t always work that way...

No matter how old we get we learn something new every day...Here's to happy, content, and gruntled workers contributing more to information security than they take away! ;-)

Read More

Web appsec compliance & low-hanging fruit - it's all up to us!

Here are some recent pieces I wrote on Web application security common sense for my colleagues at Acunetix that you may be interested in:

But Compliance is Someone Else’s Job!

Low-hanging fruit becomes big news with the 2011 Verizon Data Breach report

Going Beyond Confirmed Web Security Flaws

Enjoy!

As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more.

Read More

Texas Comptroller's Office IT woes = security breach

Here's a Dallas Morning News story I was interviewed for - interesting IT woes in the Texas comptroller's office:

Texas comptroller’s tech office had high turnover, employee complaints before breach

Thanks go out to Kelly Shannon and my colleagues over at Focus.com for getting me involved.

Read More

If you don't have NetScanTools Pro v11, you're missing out

It's been a long time coming but the latest incarnation of one of my favorite network/security tools - NetScanTools Pro v11 - is out. Kirk Thomas at Northwest Performance Software has done a bang-up job on the user interface in the new version...something that's gotten better - albeit slowly - over the years. Not that I could do any better - I can't imagine having to know network protocols at this level AND be good at UI design at the same time. ;) Anyway, here's a sample of the new user experience:


















NetScanTools Pro v11 also has the following new features that stood out to me:

• support for IPv6 (pretty cool, now we just need businesses that use it!)
• SNMP Scanner (which has an SNMP dictionary attack tool for cracking community strings for further system enumeration)
  
• Connection Monitor (a neat tool that listens for incoming connections - great for all sorts of network and security stuff)

The Promiscuous Mode Scanner (for finding sniffers on the network), Packet Generator (for, well, generating network packets) and Email Validate (for email testing) tools are nice as well.

Probably the most under-rated tool of all developed by Northwest Performance Software is the Switch Port Mapping Tool which can help take the pain out of figuring out what's where.

I'm not crazy about the lack of automation during the initial setup and licensing process when getting NetScanTools Pro up and running. That said Kirk was very responsive with the registration code I needed to complete the process.

For $249 ($299 for the portable USB version) there's no reason to *not* have an all-in-one network toolset like NetScanTools Pro. The time savings and convenience factors alone that come with having the tools you need in one location will pay for the program over and over again. Check it out.

Read More

Sony PlayStation discussion download

In case you missed our Sony PlayStation Security Fiasco roundtable discussion last week, here's a link to the MP3 recording.

Enjoy!

Read More

Recap of TechEd 2011: more of the same, but you need to go

Given that TechEd was held in my neck of the woods this year I couldn't resist the opportunity to check it out. It's funny, I've been working with/around Microsoft products for some 22 years now and I've *never* attended this show. Maybe it's my ingrained Novell bigotry that I've yet to shed.

My main goal was to catch up with some clients and see the latest happenings with Security Compliance Manager (SCM). I say that because I'm working with Microsoft on the development of this product and wanted to see/hear the team cover the new version 2.0 currently available as a CTP. If you're not familiar with SCM, you really should check it out....it's a good tool/resource that can help you fine tune your configuration baselines for various Microsoft products (Windows, SQL Server, IE, etc.). I know security standards are boring and unsexy but, seriously, how are you going to support your policies, please your auditors and manage your risks otherwise?

I also spoke with some other clients and colleagues at/after the show who said they grew tired of Microsoft's cloud push all week. Oh well, TechEd is as much about marketing Microsoft than anything else, no? And given the money they must drop on such an event, can you blame them? That said I did hear from a few people that they loved the technical detail of some of the sessions. It reminded me of when I used to do network administration/management early on in my career and attended Novell's BrainShare conference. Going to that show every year and hearing/seeing the technical details of Novell's software that weren't available otherwise no doubt made me a sharper IT guy. The same goes for TechEd - if you're hands-on with Microsoft products on a daily basis (really who isn't in IT?) then you really need to check it out.

Overall, the conference was not all that different than other IT/security shows. You know how the marketers and bloggers often make things out to be new and exciting and then once you're there you see that's not really the case...? TechEd was the same old type of show we've all attended: tons of vendor glitz, tons of sessions (some good, some bad) and tons of information that the human brain is really not capable of absorbing in such a short period time (at least not my feeble brain)....but it was still worth it.

Attending TechEd made me realize that I need to keep attending TechEd. If anything just so I can keep up with the current tools, products and trends from Microsoft and see everything up close. The vendor chachkis aren't bad either. Maybe I'll see you there next year?

Read More

Newt is setting an example for all of us this week

I truly believe that Newt Gingrich is currently setting an excellent example of how we should live our lives. He's principled. He's unwavering. The man is unbreakable. Sure, he has made some bad choices and has stuck his foot in his mouth a few times. Answer me this: Who hasn't!?

Look at what the liberal media and those who are threatened by his ideas are throwing at him this week. How does he respond? He keeps stays focused on the long term - what he stands for and where he's going.

Whether you like Newt's ideas or not, there's a lot to be learned from him and what he's going through this week. When the going gets tough, at work, home or elsewhere - know that if you dig down deep and keep trudging through what life throws at you, you'll not only become a stronger person but you'll know that what you fought for was right...and nothing in the world can take that away.

Read More

Not all experience is good

As with golf, racing cars or whatever, just because you have "experience" doesn't mean you're on top of your game. I just came across a quote that sums this up nicely - especially for those of us in IT and information security:

"Experience is valuable only if it's imbued with meaning from which one can draw salient conclusions. Otherwise, experience becomes imprisoning." -Barry McCaffrey

Read More

Parents: Need access to your child's Facebook account? Just get Big Brother involved.

Here's a bit on the proposed law by Democrat Ellen Corbett from California on Facebook being forced to give parents access to their kids' Facebook pages (CA SB 242). I don't disagree with the premise of parents getting or needing access...It's just sad that the government has to get involved.

In fact, why do parents need the government to get this information from their kids in the first place!? Well, we know that they don't, that is if they have any semblance of control over their children. However so-called leaders in our government think that what they legislate is the answer to all of our problems and the minion fall in line without question.

We not only have a situation of government out of control but parents out of control as well. Amazing stuff.

Our march towards a society of limited personal responsibility brought on by bad parenting and government intrusion - otherwise known as Socialism - continues. A slippery slope indeed.

Read More

Today's dicussion on the Sony PlayStation Security Breach

Join us for this roundtable teleconference on Monday, May 16, 2011 at 1pm PT / 4pm ET with yours truly, Andrew Baker, Anton Chuvakin, John Pirc and Richard Stiennon where we will discuss the recent Sony PlayStation Network security breach. Topics will include:

• Sony is now implementing new security measures; should these have been in place all along?
• What does Sony need to do to restore confidence in their network and security?
• Will enough gamers actually care and stop using their network, resulting in a noticeable economic impact?

Click here for details:
http://www.focus.com/events/it-security/focus-roundtable-sony-playstation-network-security-fiasco/
Are you interested in submitting your own questions?
On Focus.com, use the keyword: FocusRT
On Twitter, use hashtag #FocusRT

Share this event with your colleagues:
http://clicktotweet.com/KFR8I

Read More

Need secure email? Look at what bin Laden did.

Here's a good read on the lengths Osama bin Laden when to in order to keep his electronic communications under wraps. I won't spoil the details but it's a pretty old school approach. Check it out and imagine being in one of the coffee shops where the emails were being sent out...

I wonder if his thumb drives were encrypted?? Like many, I doubt they thought that one through. :-)

Read More

Amazon's cloud outage, big deal...?

Here's a great piece from my colleague Jonathan Feldman on why Amazon's recent outage is irrelevant. It reminds me of my what I've always preached: if it's got an IP address, a URL or human beings involved, it's fair game. Something's going to happen eventually.

It's our job to help our businesses/clients to be able to respond appropriately and minimize the impact when something does occur. You've gotta have a fall back plan for everything.

BTW, check out this page for links to more of Jonathan's work. Good stuff.

Read More

Some tips for balancing work and play

There's an old saying "Play as hard as you work" that I strive to live by. I've discovered that balancing work and personal time is one of the hardest - yet most important - things you can do as a human being. I found this to be doubly true after losing my mom to cancer last year and nearly losing my father to a heart attack this year.

If you're looking for ways to slow down and enjoy life during this one shot that you've got there's an excellent book on the subject that I HIGHLY recommend:




Furthermore, Focus.com recently pulled together an expert briefing on the subject that I contributed to:
Focus Experts' Briefing: 6 Ways to Improve Work/Life Balance

If you want to make some changes you've got make some hard choices. I hope these resources help.

Read More

The new IT skill you *must* develop

Yesterday I had lunch with some colleagues who are lawyers that focus their work in/around compliance, intellectual property and cloud computing. It was neat to hear their perspective on where things are headed in IT. We came to the conclusion that IT professionals are going to have to learn as much as they can about the legal side of what we do.

I'm not talking compliance in general but also contracts, SLAs and the like. You've got to be able to inform management on what to ask for in SLAs (especially with cloud services), set their expectations on the realities of what their signing and also be prepared to raise some red flags when you find SLA or contract verbiage that's not good for the business.

The harsh truth is many corporate lawyers and executives don't have a clue when it comes to understanding the IT-related nuances in SLAs and contracts. So, step back and be prepared to help in this area - it's only going to become more complex. There are some great legal resources on various blogs and Twitter. I'll see if I can round some up for a future post.

Read More

From culture to products to malware to breaches - where do you stand?

Here are some new opinion pieces on information security management that I wrote for Security Technology Executive magazine that you may be interested in:

Don’t end up on the wrong side of a data breach

Fighting the malware fight all over again

9 good reasons not to buy information security products

Security best practices without question?

How's your security culture?

Enjoy!

As always, be sure to check out www.principlelogic.com/resources.html for links to all of my information security books, articles, whitepapers, podcasts, webcasts and more.

Read More

SecureWorld Expo better than ever

I attended this week's SecureWorld Expo in Atlanta and must say that the show is better now than ever before. I cut my professional speaking teeth with these guys speaking at dozens of their events between 2003 and 2007. I've taken some time off since but going back and seeing some of the same friendly faces brought back good memories.

The best session I attended was William Hugh Murray's keynote on Tuesday morning. He spoke about addressing the basics of information security - something I've been ranting about for a while. He had story after story about the value that addressing the simplest of information security concepts can provide to any given organization. On top of that, he's one of the best speakers I've ever witnessed at a security show, really any show. It was refreshing to see someone speak from experience based on pragmatism rather than speak FUD based on narcissism.

Anyway, the show has come and gone in Atlanta, but if it's headed to your area, it's certainly worth checking out.

Read More

My security speaking engagement this week

Today I'm prepping and practicing for my Predictive Security event with TechTarget and CDW in Los Angeles this week. Really psyched about the show and visiting LA - I've never been.

How I feel reminds me of the following quote from Whit Hobbs:
"Success is waking up in the morning and bounding out of bed because there's something out there that you love to do, that you believe in, that you're good at - something that's bigger than you are, and you can hardly wait to get at it again."

How pumped are you with what you do? You only get one shot at this thing called life - might as well make work as fun as possible.

Read More