Off the Top: Security Entries
There were three things from today's White House and Capitol evacuations that were a little more than bothersome.
First it was reported that a couple weeks ago there were evacuations, but the cause of the radar blips were clouds. It sounds like the system is not quite ready for prime time and our lives depend on it.
Second, the only way those of us not working in the Capitol nor White House knew something was up was people calling them or they caught something in the media. The city government of Washington, DC was not informed until after the all clear was sounded. After September 11, 2001 this Government seems to have learn little and changed their planning very little and they prove they lack competence at every turn.
Lastly, our President was out in the country-side on a bike ride. Oh, it was the middle of the day on a Wednesday and the President of the United States is out with an old school chum for a bike ride? You have got to be out of your mind. Not only did people elect this guy, he is getting paid for leading not bike riding and playing hooky, and he is allowed to keep his job?
One element of Homeland Security that gets little coverage, but could be be one area that is the most vulnerable is the cyber front. It does not bode well when the U.S. Cyberterrorism Czar resigns. This makes at least three in three years, not to count those that have had the job offered and turned down. The word on the ground is one of the nation's greatest vulnerabilities is also tied to one of the party in the White House's largest donors. Every Czar left out of frustration. This one gave less than one day's notice. Amit was also considered by most of the industry to be a very influential person and to listen to what industry needed to provide a safe digital environment in the U.S.
Is it most important to protect donors to your political party or to protect America and its infrastructure? My job is reliant on a safe infrastructure. If you are reading this you are using the infrastructure.
The talk on Metro this evening between a few folks was whether they would be able to use Internet Explorer the following day at work. The security hole in the browsers have been very problematic over the years, with this past year being particularly bad. This newest security hole permits your keystrokes to be copied by another party with out the user ever knowing. The warnings have been for banks, but it has spread to any log on, password, credit card number, or any information imaginable secure or wide-open, it does not matter.
Molly's WaSP Buzz entry outlining mainstream publications advising user to stop using the browser and Slate's "Are the Browser Wars Back? How Mozilla's Firefox trumps Internet Explorer" article frame the problems and options well.
My personal favorite browser on Windows is Firefox, which is one of the Mozilla browsers (it is the makers of the guts of the newest Netscape browser. On Mac I am a fan of Safari and Firefox and have both running at all times. You have options for browsing. Hopefully your bank and other purveyors of information were not foolish enough to build to just one browser.
As mentioned elsewhere the URL vulnerabilities on Mac OS X can be closed very easily with RCDefaulApp, which allows you to turn off telnet called from the URL. The free application also allows turning off many other function calls from the URL as well as mapping file extensions to applications.
SixApart's TypeKey looks to be a good resource to help authenticate those making comments on Web sites. I have been very happy with SixApart's TypePad, not that I am ready to move off my own system. Actually it sounds like TypeKey will have an open
Richard Forno sets the record straight on Mac OS X security compared to Windows. Forno is the former Chief Security Officer at Network Solutions. The technical overview from Forno shows that Apple's Mac OS X is far and away more secure than Windows.
In an article from the New York Times regarding software oversight needed because some large companies don't check their own software for vulnerabilities, I ran across the following:
Proposals for government action being discussed by policy makers and computer security experts include strengthening the Department of Homeland Security's cybersecurity division and offering tax incentives to businesses for spending on security. Another proposal would require public companies to disclose potential computer security risks in Securities and Exchange Commission filings.
and the double standard for Microsoft
"There's a reason this kind of thing doesn't happen with automobiles," says Bruce Schneier, chief technical officer at Counterpane Internet Security in Cupertino, Calif. "When Firestone produces a tire with a systemic flaw, they're liable. When Microsoft produces an operating system with two systemic flaws per week, they're not liable."
I can just see it now the SEC requiring companies to divulge on their filings that their security threat is using the Microsoft OS. But, this would explain the day or two of lost productivity each quarter. I know of more than a handful of major firms (through friends that work at them) that had whole divisions (200 to 1,000 people) that were knocked off-line or completely out because of the last vulnerabilities. These did not show up in the news and their investors most likely were not informed.
At work I lose two to four hours per week of productivity to software bugs, security vulnerability patching, or operating system issues on the Windows platform we have to use. At home I do similar tasks on a Mac OS X based system and use Linux servers and I have a half an hour per month lost for the same things. Given I do more rigorous work at home and spend about an equal amount of time on the computer at home as I do at work I don't see why folks use Microsoft.
Security experts give Microsoft an 'F' CNN reports, but some experts are pointing to Apple as being more secure. One of the experts will be switching to Mac as he finds his wife's never gets viruses Mac.
I was supprised when Bank of America embraced Microsoft OS for its ATMs and services. My first thought was that they did not understand security or care about their customer's digital information. When I was changing banks my first consideration was digital security. I seem to have been thinking correctly this time as it seems the Slammer virus hit major company's resources using Microsoft OS and Bank of America had serious problems. As our society moves more toward digital interactions we need a secure framework and Microsoft has never provided that and appears it never will. The regular people who depend on the digital systems are the ones who suffer and the economy takes a huge hit with every Microsoft failure. We really need to stop the reliance on Microsoft now.
Life sucks when: You have to pull an e-mail account that you manage from service. Particularly when this account is for your Dad. My Dad can be reached at Tom and I will be keeping Thomas. The TJV account is closed.
Why you ask? The account was hacked with the klez virus. He cleaned his hard drive, as he had no choice it or another virus took the hard drive out. He took another hard drive and put it in that machine and started fresh. This may have also infected his new laptop. Yes, all of these machines run Windows (the swiss cheese security system). My dad is more than computer savvy and Windows is not a consumer OS, as it is nothing more than an e-mail away from destroying everything digital you own (among many other issues, which I spend hours assisting friends and relatives with their continual problems with the MS OS). Microsoft continues to lie about its focus on security and the basic problem is the OS itself, it is not secure and it seems it will never be secure. UNIX has some issues, but has many more years of development under its belt, which is why is far more secure. UNIX variants (Apple Mac OS X, Linux, BSD, etc.) all have the advantage of years of experience and advanced developers working on the OS.
Keeping a MS box secure requires somebody with a lot of experience and they are not cheap. The MS total cost of ownership being lower than UNIX is a myth and unfounded. If you have MS open to the outside world (Internet server, DSL at home, or unfiltered (through virus scanner) e-mail, etc.) you need an MS security expert focussed on ensuring the sanctity of whatever is considered valuable on the MS boxes. This person will cost as much, if not more, than a senior UNIX systems administrator (who are, by and large, veterans in UNIX security also as it comes with the territory).
Too many folks (that are near and dear to me) have had MS servers hacked or been victims of viruses in the past couple of weeks. Granted the MS boxes hacked may not have been watched over by MS security experts, but that is what it takes.
Making choices, as far as what language to develop Internet applications, should keep in mind lock in factors. A UNIX only or a Microsoft only solution that requires the application be only run on a certain type of server has never been a great idea. This becomes even more apparent now. In my opinion this has never been a good option. Fortunately, there are many more options available that run on nearly all OS platforms. These include: Perl, PHP, Java (JSP), Python, ColdFusion, etc. Each of these languages have their own plusses and minuses, but if a certain OS platform becomes an unavailable option the applications can relatively easily be moved to another OS. This is not the case with ASP, and even less so the .Net framework (as noted before. Sure ASP can use ChiliSoft, but that is a very short term solution (as you know if you have ever had to use it, it buys you time to recode everything into a portable application language) and requires double to triple the hardware resources to run it compared to ASP on MS or any other language running natively.
All of this is just the beginning of the reasons why I most likely have bought my last Windows machine. The other reasons fall into the areas of trust and pricing. This explanation may follow soon.
The article found that none of the networks use anything stronger than the built in security measures on the wireless hubs. The London area even has maps potting wireless access areas. Some see this access as a public good, but many of the enterprises networks, which house files and account information are wide open too.