Monday, February 25, 2008

Société Générale - update

Earlier, I posted on how lax password security was one of the ways that Mr. Kerviel thwarted "the system" and managed to perpetrate a $7.2B fraud against Société Générale. There have been a number of good reports on the fraud that I thought I'd point out in case you want to know a bit more about what went on:

Societe Generale: A cautionary tale of insider threats

Poor IT Security Blamed for Bank Fraud

Some of the other specific areas that have been cited as problematic - and identity management, security or compliance related - include:

  1. Periodic reviews of their user access rights not being done. (aka "attestation")
  2. The use of fake e-mail messages to justify missing trades. (aka "digital signature or non-repudiation")
  3. The use of instant messaging for trading. (aka "inadequate audit")

Bob Blakeley over at Burton Group is quoted as follows:

...there must be a process of dual control, where no one trader is allowed to act alone. Important transactions should always be proposed by one individual and approved by another so that a conspiracy of at least two people would be necessary to do the company harm.

Unfortunately, Mr. Kerviel already thwarted dual-control by having the passwords of some of his fellow traders. You need more than dual-control - you also need two-factor authentication. Also, I'm willing to bet that even a few seconds of having someone else authorize a transaction could lead to a trading loss. I don't think these companies are willing to put security that high on their list so that impacts their profits!

Technorati Tags:
, , , ,

Saturday, February 16, 2008

Mexican Riviera



We're in San Diego getting ready for our cruise down to the Mexican Riviera. We'll be aboard Holland Line's Oosterdam for the next 7 days. You guys need to keep me hosest because I bet 5 pounds with John Rainford (CEO, PassGo) that I wouldn't send any work e-mail while I was gone - by the way John, blogging doesn't count.

I have no idea if I can post pictures or not but I'll try. Back to the reality tour next week!

Friday, February 15, 2008

We're hiring Identity Management gurus!

Using your deep knowledge of the Identity Management market, you will work in a presales capacity to create and propose solutions using Quest Software’s Identity and Access Management products.

5+ years in-depth Systems knowledge including:

  • deep knowledge of UNIX (PAM/NSS)
  • Active Directory architecture, LDAP, and Meta Directory
  • Roles and Role based management
  • Java, C/C++, ANT, .NET, C#
  • DBA knowledge/experience

3-5 Years with Directory Services, User/Identity Lifecycle management, Web/SSO, Virtual Directory, Metadirectory, Enterprise SSO, and Password management. Superior communication and presentation skills required.

If you're interested contact me and as a loyal reader you will get the highest endorsement!

Jackson.Shaw(at)Quest.com

Technorati Tags:
,

Thursday, February 14, 2008

Biometric hamburgers

I've always liked the Digital Persona biometric fingerprint product. I did a lot of work with Vance Bjorn (DP's CTO) while I was at Microsoft as they were developing the biometric keyboard and mouse for Microsoft.

Interestingly enough I was involved in a huge argument with the security guys at Microsoft who refused to allow those devices to be used for domain authentication. Their argument was that it was not foolproof. Of course, passwords are, aren't they? (c.f. A $7.2B password mistake?) As a personal aside I do not miss that set of bozos. Oh, and I use a fingerprint scanner for domain authentication on my Lenovo X60 laptop today. Anyway, I digress.

There's a great article in Network World that talks about White Castle's use of Digital Persona's product. Here's the conclusion from the article...

The results have been impressive. White Castle has focused on several applications that were extremely paper intensive prior to the implementation:

* Enrollment in benefit programs – By having employees enroll online, data entry mistakes are reduced and employees can begin receiving benefits sooner.

* Labor scheduling – Only specific people can approve the schedules, and electronic schedules and signatures have speeded up the process. Long says White Castle saved $12 million last year on just this one application.

* Direct payroll deposit – Rather than mailing paychecks to employees, White Castle has implemented direct deposit for everyone. Employees can print a paystub on a local printer after validating their identities. The company saves over $50,000 a year with this new process.

It's great to see security being an enabler for a change!

Oh, by the way: The Digital Persona product is not only very well integrated with Active Directory but also Active Directory Application Mode (ADAM). As a bonus, you can even use Group Policy to control the device and its various security settings and policies!! Sweet.

P.S. According to Vance over 30M laptops with biometric fingerprint scanners will ship this year!

Technorati Tags:
, , , ,

Tuesday, February 12, 2008

Who packed your parachute today?


Charlie Plumb was the guest speaker that closed out Quest Software’s 2008 sales kickoff event in Las Vegas today. While it is impossible for me to do justice to Charlie’s story, his words of wisdom or his teachings I’ve tried to write down a few of the things that resonated with me. When you have a moment, visit Charlie’s website at http://www.charlieplumb.com/ and watch the video clips of his talk.

On May 19, 1967 Captain Charlie Plumb took off from the USS Kitty Hawk in the Sea of Tonkin off the coast of Vietnam and was shot down over enemy territory just five days before he was due to go home. He parachuted to the waist-deep safety of a rice paddy whereupon he was captured, stripped, tortured and paraded around the local villages before being thrown in communist prison camps where he spent the next 2,103 days as a Prisoner of War.

Charlie started his speech in a nearly pitch black ballroom at the Venetian Hotel with the sound of heavy footsteps slowly hitting the stage. Three steps, pause, turn around, three steps, pause, turn around, three steps – keep repeating. Charlie lived his next 6 years in an 8x8 foot box that took him three steps to cover in each direction. As much as Charlie hated his box and as much as he thought of escape and what he would do if he got out of it he said that the hardest thing for him to do was to start thinking outside of the 8x8 inch box that was inside his head. Weighing 115 pounds, having multiple open wounds, boils all over his body and no one to talk to Charlie had started to pity himself and say “Why me? What did I do to deserve this? I’ll never get out of here. I’m sure the other guys didn’t cry when they were tortured.” It was not his physical ailments which were going to kill him but rather his mental state – his self-limiting beliefs.

He learned all of this when his next door cellmate started communicating with him via a piece of wire that he stuck through a hole between their cells. Imagine your only communication is the coded scratching of a piece of wire on the floor. As Charlie said: “And you think e-mail can be hard to get your message across!”

Through his conversations with his next-door cellmate Charlie quickly realized that he had a choice to make: Whether he wanted to live or to die and if he wanted to live he had to start thinking outside of his 8x8 inch box. Charlie realized that he had to get outside of his comfort zone and start taking risks. Charlie chose to be a winner.

I closed my eyes while Captain Plumb was talking and I heard words and phrases that transported me directly to seminars that I have taken over the last few years: “Service, leadership, out-of-the-box, risk, fear” – And then I had one of those moments where I realized that there were no seminars for Charlie. He figured this out all on his own in order to live. I know that the next time I attend a seminar I will have a flashback to Charlie’s talk – to my seminar with Charlie as my facilitator.

There are no accidents. Today my life intersected with Charlie’s and my life is better for it. Charlie packed a parachute for me today. Thank you, Charlie Plumb.

Technorati Tags:
,

Monday, February 11, 2008

Active Directory & ADAM security bulletin...

The upcoming (Feb 12/08) Microsoft security bulletin includes "important" vulnerability notifications about Active Directory and Active Directory Application Mode (ADAM) aka Active Directory/Lightweight Directory Services. Apparently, the vulnerabilities are related to denial of service attacks.

If you are running ADAM on XP (testing, perhaps?) you need to get patched. Aside from ADAM on XP the other systems affected are Windows 2000 Server SP4, Windows Server 2003 SP1 and SP2 (including 64-bit) and Itanium server versions. Check out the bulletin and get patched!

OK, so that's the public service announcement side of this. My question: I know of numerous customers running ADAM in production to support e-commerce (B2C) applications for millions of end-users. How are you guys keeping up-to-date with these security patches? Are you regularly scanning your machines with Microsoft's Baseline Security Analyzer?

I have to figure that a DoS attack is not something an e-commerce site wants to undergo!

Technorati Tags:
, ,

Sunday, February 10, 2008

Quest 2008 Sales Kickoff



We're in Vegas at the Venetian Hotel getting fired up for 2008! Check out the pictures I took - just click on the slideshow above. Lots of good discussion from Doug and Vinny about 2008 and lessons learned from 2007.

Big party at TAO tonight! Good thing we are not starting until 10AM tomorrow...

p.s. Kickoff ends on Tuesday so I'll continue to post pictures to the site above so you can follow along.

p.p.s. Pictures from our Identity & Active Directory "training" that went on today from 10AM-1PM are now posted.

Technorati Tags:

Friday, February 08, 2008

Prince Andrew, Duke of York, Visits Quest Software in Aliso Viejo

As a transplanted Canadian I'm impressed...

ALISO VIEJO, Calif.--(BUSINESS WIRE)--Feb. 8, 2008--Prince Andrew, The Duke of York, visited Quest Software, Inc. (Nasdaq:QSFT) at the corporation's worldwide headquarters in Aliso Viejo, Calif. on Thurs., February 7, 2008. Prince Andrew paid a visit with Quest senior executives to learn more about the company's UK operations. He also explored ways in which the UK government can support Quest with future growth in Europe.

"We had a very productive visit with Prince Andrew," said Doug Garn, President of Quest Software. "It was really quite an honor. We both saw this as an opportunity to expand IT investment in the UK. We talked about a variety of issues, such as culture and 'homeworking,' that is, where employees are provided the right tools and technology to work from home. Prince Andrew is very interested in promoting this culture in the UK."

His Royal Highness focused on three additional key areas during the meeting with Quest: expanding the company's presence in the UK, the company's graduate program, and environmental issues.

"We discussed potential ways of expanding our capacity in the UK, similar to our recent PassGo acquisition," added Simon Pearce, Quest's Vice President of Western European Operations. The Duke of York suggested areas of the country that we should explore where there are small high tech companies, such as in Eastern and Southwest England and Northern Ireland. He is also looking to help us put in place a large research and development center in the UK."

His Royal Highness showed great interest in Quest's graduate program, Project Duckling, where the company has taken a large number of graduates and placed them in various positions within Quest. "He would like to explore expanding Project Duckling by attaching us to other universities that would participate in the program," said Pearce.

The third area focused on environmental issues. "Prince Andrew was interested in our Green initiatives, and how we are developing tools for data centers to make them more efficient," added Steve Dickson, Vice President and General Manager of Quest's Active Directory and Identify Management Business Unit. "We discussed how technology is helping to address IT power consumption to help companies become more environmentally friendly."

Representatives from the UK Trade and Investment Department who also were in attendance will continue to work with Pearce and other Quest representatives on these key areas to explore Quest's continued expansion in the UK.

Prince Andrew is on a 10-day trade mission in the United States. His Royal Highness serves as the UK special representative for trade and investment, in addition to his other royal duties. Prince Andrew is the third child and second son of Queen Elizabeth II and Prince Philip, Duke of Edinburgh. He has held the title of Duke of York since 1986.

Technorati Tags: