Interesting Information Security Bits for 10/01/2008

October 1, 2008

Good afternoon everybody! I hope your day is going well.
Here are today’s Interesting Information Security Bits from around the web.

  1. PCI DSS version 1.2 differences and updates
    Michael Dahn gives a break down of the differences between PCI DSS 1.1 and 1.2
  2. Massive TCP Flaw Looming
    Nire on the new TCP based DOS found by some researchers in Sweden.
  3. Three hard drive imaging tools
    Quinn gives a comparison of three drive imaging tools.
  4. Secure Life Ep 2
  5. Weak Hashing Algorithms: Outlook PST file CRC32 password cracking example
    If you use password protected Outlook PST files, you might want to go take a look at this video. Actually, you should go take a look regardless.
  6. Software Lets Users Manipulate Passport Data – Security Fix
    Report by Brian Krebs about a new tool that allows one to change the chip data in your or anyone else’s passport. That’s not good.
  7. The Pen Testing Perfect Storm Webcast Series with Skoudis, Wright, Johnson
    Nifty series starting up on pen testing over on the Ethical Hacker Network.
  8. Electronic Data Records Law | How to Win E-Discovery: Retained Electronic Mail Supports Intellectual Property Claim
    Legal Beagle has an interesting post up about how you can use your own robust document retention policies to bolster your case in the event of litigation. Of course, that assumes you have robust document retention processes and procedures. Might want to look into that.

That’s it for today. Have fun!


What happens when there is no privacy anymore…

October 1, 2008

I am a huge fan of Masterpiece Theater‘s productions.  Almost without exception, they are well written, directed and acted. The shows they produce are separated into three themes:

  1. Classic – Shows based on classic literature and/or set in historic contexts.
  2. Mystery! – Mystery based shows. These may be set in historic contexts or reflect current times.
  3. Contemporary – This is a new theme this year. These are dramas set in more contemporary times, although not necessarily current times.

Now I am sure you are asking yourself “what has this got to do with information security?” Well, the first program in the Masterpiece Contemporary schedule is called “The Last Enemy.” It starts airing October 5th, here in the United States on your local PBS station. It’s a fictional story set in London about a man who finds out just how much the government knows about him, and everyone else, as he delves into the life of his brother who recently passed away.

I am looking forward to this show in hopes that it will help people realize that we need to be very careful when we start hearing that we need to surrender more and more of our civil rights in order to ensure the “safety” of everyone. Don’t get me wrong, I am not saying there is a huge conspiracy to track each and every move we make.  However, we could end up there very easily if we are not careful and as the saying goes.

“Absolute power corrupts absolutely.”
John Emerich Edward Dalberg Acton