November 30, 2005
Musings on the future of security
I get asked sometimes about the future of security and about "what comes next" (for example, see this). And while some trends can be spotted, the correct answer should always be "we do not know."
Why not? Because "the future of security is driven by the hacker." There is no better way to say it, than was said by McAfee president in this article. All those wannabe experts who blabber about "staying ahead of a hacker" are missing this simple point.
He then continues: "The bad guy determines what next year's threat is going to be and when you look at the hacker community, the big change over the last two years has been its move from very bright individuals who were basically seeking fame, to organized groups driven by fortune... We can't say with certainty what the next type of attacks are going to be."
And that is a large part of what makes security such a fun pursuit!!
- Anton Chuvakin [11:47:56 AM
| Discuss (0) | Permalink]
More thoughts on "deperimeterization"
I did blog about the subject of "deperimeterization" as advocated by the so-called "Jericho Forum". In his paper Simson Garfinkel points out several more problems with the approach they advocate, some of which overlap with what I mentioned in my previos blog post on the subject.
Namely, why break the classic perimeter protections and build some new "secure architecture"? Its not like firewalls are not doing their job, its just that they are not doing everything you need to protect yourself. At the same time, most things in the IT real seem to evolve slowly rather than get rebuilt "right" overnight.
So, don't scrap the firewalls, just slowly head downstream with the rest of the world towards bigger adoption of "self-defending computers" (aka personal firewalls and client protection) and further towards adopting "self-defending documents" (aka what DRM might become)... But with every new layer of defenses, keep the old ones intact!
- Anton Chuvakin [11:36:44 AM
| Discuss (1) | Permalink]
More on the fun :-( subject of ISO17799
Some of my blog readers have argued with me - few did so violently - on the role of ISO 17799 standard in security. As I mentioned before, I am still somewhat skeptical about its adoption in the near future. So, this article initially suggested that that its adoption is growing: "In 2002, fewer than 200 organisations worldwide had achieved BS7799 certification, according to the Information Security Management Systems (ISMS) International User Group. Today this number has risen to 1,870."
However, it turned out that US is not in the Top3 standard adopters. While some orgs are using few of the ideas from the ISO documentation, the actual certification is lagging far behind (even behind India...). Any idea why nobody cares to do it? I suspect there is no sufficient pressure or motivation to certify, but the reasons are not entirely clear to me...
- Anton Chuvakin [11:09:13 AM
| Discuss (0) | Permalink]
SANS Top20 Vulnerabilities List is out
Just like last year, I would like to remind those who are not following the security news closely to take a look at the list of "The Twenty Most Critical Internet Security Vulnerabilities", released by SANS.
Unlike last year, the list shows an interesting trend: a major shift away from platform vulnerabilities towards cross-platform applications. Such applications, when deployed without enough thinking, equally endanger Unix and Windows systems. In addition, an absense of glaring and commonly exploited hole in Unix/Linux is of interest (it seems like the times of FTP and RPC holes are all but forgotten...)
While some critisize the list for lack of specificity, it is still a required reading for anybody involved with security.
- Anton Chuvakin [10:46:05 AM
| Discuss (0) | Permalink]
November 29, 2005
Can Microsoft kill Python?
The question isn't whether Microsoft may terminate the IronPython project. The question is, could Microsoft potentially damage the relevance of Python as an alternative programming language? I believe the answer is, yes.
- Jeremy Jones [07:55:52 PM
| Discuss (8) | Permalink]
MagneticTime - PodCast your email and word documents to yourself
This company uses the same voices (from a European company called Acapela) that I licensed for my in-car computer company. It's a very good idea; i've seen a few implementations but usually they're too annoying to listen to at length. A good trick is to use a UK English voice if you're american, or vice versa - then, the roboticness of the voice fades even more and your email sounds like a BBC broadcast.
- Damien Stolarz [05:34:00 PM
| Discuss (0) | Permalink]
November 28, 2005
The Art of Podcasting
The December 2005 issue of Electronic Musician features my how-to article, “The Art of Podcasting.” The issue won’t go online until January, but you can see a bunch of my source material now, plus an example podcast, at the EM site.
- David Battino [05:30:21 PM
| Discuss (0) | Permalink]
MapServer Foundation kick-off
The creation of a non-profit organisation around MapServer web mapping technologies has been a dream of mine for a couple of years. No longer do you need to listen to my perennial pining about the need for an independent, non-profit, support organisation for the MapServer community. It is finally being launched with some strong momentum and promising support.
- Tyler Mitchell [06:37:57 AM
| Discuss (0) | Permalink]
Software Documentation with DocBook Quick HOWTO
Getting the documentation right is often crucial for a software development project. Writing is not the most difficult bit; publishing the material in various forms (e.g. HTML, PDF, etc) is. For years I have been looking at DocBook as a solution for this problem. It is only recently that I managed to figure out a decent tool chain to form a satisfiable solution.
- Ivan Ristic [03:53:26 AM
| Discuss (0) | Permalink]
November 27, 2005
November 26, 2005
November 25, 2005
November 24, 2005
XForms and Blogging and FO, Oh My!
I hadn't quite planned on turning the XML 2005 coverage into a single continuous blog, but I figure that one last time at that well couldn't hurt, especially since it helps to springboard me into discussions for this week.
The Once and Future XForms
Without really intending to, I spent a great deal of time this last week in the domain of forms. Now, you have to understand the irony of this from my standpoint. I've long had a more or less consistent battle on with "the bureaucracy" for nearly as long as I've been alive - one of these people who, if I could fill out a form incorrectly I would, usually resulting in some dire calamity down the road because I put a period where a comma was expected ... I suspect that if I had ever worked at NASA I would have been the hapless programmer who caused a billion dollar satellite to blow up half a mile from the launchpad because a stray comma in the source told it that it was now under attack by little green men from Proxima Centauri, and that it should self-destruct right NOW!! (Article Continued ...)
- Kurt Cagle [09:32:07 AM
| Discuss (0) | Permalink]
XForms and Blogging and FO, Oh My!
I hadn't quite planned on turning the XML 2005 coverage into a single continuous blog, but I figure that one last time at that well couldn't hurt, especially since it helps to springboard me into discussions for this week.
The Once and Future XForms
Without really intending to, I spent a great deal of time this last week in the domain of forms. Now, you have to understand the irony of this from my standpoint. I've long had a more or less consistent battle on with "the bureaucracy" for nearly as long as I've been alive - one of these people who, if I could fill out a form incorrectly I would, usually resulting in some dire calamity down the road because I put a period where a comma was expected ... I suspect that if I had ever worked at NASA I would have been the hapless programmer who caused a billion dollar satellite to blow up half a mile from the launchpad because a stray comma in the source told it that it was now under attack by little green men from Proxima Centauri, and that it should self-destruct right NOW!! (Article Continued ...)
- Kurt Cagle [09:29:23 AM
| Discuss (0) | Permalink]
|
