Friday, July 25, 2008
July 25, 2008 - Links and Commentary
Privacy and the Red Pill
Have you ever forgotten a password? I have. This article basically blows away any security I thought I had around the typical Q&A password reset I get asked on-line or via an operator. Anyone can find out the last 4 digits of my social, where I was born, where I live/have lived, etc. etc. by paying a few bucks. Sure, they might not know my dog's name ("Monaco") or the first car I had ("Hmmm, did I answer 'Ford', 'LTD' or 'Ford LTD") but how hard is that to figure out? Especially if the threat might be coming from within my company...they could always ask at a moment of weakness while I'm at a drunken barn dance or the like...
Security is, ah, like hard, man
Twelve new ways to visualize network security. New metaphors for security including: "Security is like a stack of Swiss cheese", "Security is like golf" and "Security needs to think on it's own". I thought this was a humor article but I think the participants are serious - if so, that's really scary.
DNS Hole Doesn't Go Unnoticed
I'm not a DNS expert but I've seen repeats of this: "Both Red Hat and Sun distribute the Berkeley Internet Name Domain technology". There are a number of critical pieces of software that all (or mostly) have a common root - DNS is an example. A fundamental design flaw found could very well affect all of the descendents. I've seen this in X.500, X.400, LDAP and other technologies. Better check your DNS software! (Check out doxpara.com for a simple test to see if your DNS is vulnerable and "Fix DNS Now" for more details.)