Friday, July 25, 2008

July 25, 2008 - Links and Commentary

Privacy and the Red Pill
Have you ever forgotten a password? I have. This article basically blows away any security I thought I had around the typical Q&A password reset I get asked on-line or via an operator. Anyone can find out the last 4 digits of my social, where I was born, where I live/have lived, etc. etc. by paying a few bucks. Sure, they might not know my dog's name ("Monaco") or the first car I had ("Hmmm, did I answer 'Ford', 'LTD' or 'Ford LTD") but how hard is that to figure out? Especially if the threat might be coming from within my company...they could always ask at a moment of weakness while I'm at a drunken barn dance or the like...

Security is, ah, like hard, man
Twelve new ways to visualize network security. New metaphors for security including: "Security is like a stack of Swiss cheese", "Security is like golf" and "Security needs to think on it's own". I thought this was a humor article but I think the participants are serious - if so, that's really scary.

DNS Hole Doesn't Go Unnoticed
I'm not a DNS expert but I've seen repeats of this: "Both Red Hat and Sun distribute the Berkeley Internet Name Domain technology". There are a number of critical pieces of software that all (or mostly) have a common root - DNS is an example. A fundamental design flaw found could very well affect all of the descendents. I've seen this in X.500, X.400, LDAP and other technologies. Better check your DNS software! (Check out for a simple test to see if your DNS is vulnerable and "Fix DNS Now" for more details.)

Technorati Tags:

No comments: