Sharing Passwords
“Passwords are like toothbrushes: if you give yours to somebody, change it, don’t use it again.”
I got this from @cafedave… I thought it was a pretty brilliant analogy. You can find his website at http://cafedave.net/cafedave/.
In terms of sharing passwords, keep in mind that it’s like telling any other secret. It may not stay a secret for long.
Also it is important to think about the potential impact when you use the same password, or a password derivative for other sites. It might not be such a big deal to share your stumbleupon.com, airline miles, shared project site or other site passwords with a friend, employee or colleague. However, if you’re using a derivative of that password for banking, email, Facebook or other “private” site, it’s not necessarily going to stay private for long.
The majority of security breaches are caused not necessarily by malicious hackers, but by people trying to cut corners, being careless, or frankly trying to just get things done. In aggregate of recent risk analysis projects we’ve done, over 90% of the outside of policy exposure of confidential data came from broken business process or oversight.
This principle is equally true in both business and personal computing.
Small steps can definitively help you protect your personal data more efficiently. Some easy ones:
1) Don’t share your passwords
2) Don’t write them down
3) Make them tough to guess (don’t use your kids’ names, pet’s names, etc.)
4) Make them a mixture of letters, special characters and numbers
5) Change your passwords regularly. I put a reminder in my calendar to change them every 60-90 days depending upon the service.
Here’s an article I found from the Fermi Lab Security team on password good practices:
http://security.fnal.gov/UserGuide/password.htm
I’ll leave you with a couple of cool quotes I found on keeping secrets:
“If you reveal your secrets to the wind you should not blame the wind for revealing them to the trees.” – Kahlil Gibran
“Three may keep a secret, if two of them are dead.” – Ben Franklin
“Tell your friend a lie. If he keeps it secret, then tell him the truth.” – Proverb
15 Essential Spring Books for IT Leaders
“Each season brings a slew of interesting books. This spring is no different. Works from consultants, academics and business leaders dominate the top offerings, covering topics like IT leadership, collaboration, IT careers, customer strategy and innovation”
India surpasses the U.S. as the second-largest mobile market
I had lunch today with an Indian outsourced services company (more on THAT later), got back and noticed this new GigaOM (Om Malik) blog. Interesting stuff … well worth a read!
Excerpt:
“Earlier this month, India surpassed the U.S. as the second-largest mobile market (by subscriber count) in the world. With close to 280 million subscribers, it now has enough of a user base to become a breeding ground for a new class of applications that take into account local realities such as a lack of high -peed networks, cheap phones and a reliance on SMS.”
Midwest Technology Leaders Event
The Midwest is not as well-known as either Silicon Valley or Route 128 (in Massachusetts) for being home to a vibrant community focused on technological innovation and ideas/inventions in information technology and telecommunications.
Yet each year, for the last 4, an annual gathering of Midwest technology luminaries convenes; and it is a powerful, career-enhancing, life-changing event that affords unique opportunities for collaboration, networking, challenging discussion and exploration.
This year, on June 4th and June 5th, the fourth annual Midwest Technology Leaders 2008 is being held in Michigan at the MGM Grand Hotel. The website for further information is www.midwesttechnologyleaders.com. It is a gathering of CIO’s and those who report to them. The format allows for both formal and informal interactions; speakers and interactive roundtable gatherings; breakfast/lunch/cocktail reception opportunities to meet and be met.
The 2008 program features some amazing speakers including (but not limited to):
- Tony Scott – CIO of Microsoft (and former CIO of The Disney Corporation)
- Bob Paul – CEO of Compuware Corporation
- Tom Peck – CIO of MGM Mirage (and former CIO of NBC Universal)
- Tim Cox – CIO of GM’s innovative OnStar Division
- Sam Kahan – Chief Economist, Federal Reserve Bank
- John Crary – CIO, Lear Corporation
- A panel hosted by Matt Roush, editor of the Great Lakes IT Report, and featuring prominent attorneys from Clark Hill, discussing eDiscovery and its implications
- And many, many more.
Are there reasons for you to come? Well one that immediately springs to mind is the chance to interact with a stellar delegation of people in the Midwest concerned about the business implications of, and future contributions of, technology in the current economy. Another is that this outstanding line-up of executive faculty (including numerous CIO’s from prominent corporation) and community partners (including SIM, Automation Alley, ConnectTech, MACUL, MAFE, MiTechNews Networks, X-ology Magazine, and Michigan Mall) will probably not be gathered in one place, again, for at least another year!
But perhaps the most important reason to attend is to challenge your assumptions about the current state of technology in the Midwest; and share your ideas, with those who are making a difference.
Check out the Website: www.midwesttechnologyleaders.com and feel free to post comments or questions. If you would like to attend, you need to submit an application; and the deadline for that is May 30th (fast-approaching). Please feel free to call or send e-mail – info@midwesttechnologyleaders.com
Automatic Patch-Based Exploit Generation
Computer scientists at Carnegie Mellon University, the University of California at Berkeley and the University of Pittsburgh recent published a paper on creating attack code for most major types of vulnerabilities in minutes by automating the analysis of a patch designed to fix the flaws. Essentially when Microsoft releases a patch, what they are saying — from a security standpoint — is, ‘Here is an exploit’.
Normally when we reverse engineer patches, particularly ones from Microsoft, we look for vulnerabilities fixed by the update. Exploits for the flaws are created manually. Within a few days, and sometimes hours, of Microsoft releasing its monthly patches, attack code for the many of the flaws are created.
Yet, the APEG research could turn an unfavorable situation into a much more threatening one. In their research paper, the APEG team demonstrate a method of automatically finding exploit candidates for flaws using a hybrid technique based on automatic test-case generation. The result: Given the differences between a patched and unpatched program, the APEG technique can generate exploit code in seconds or, at most, minutes, the researchers stated.
With this being tested, the team has urged Microsoft to redesign the way it distributes patches.
Microsoft declined to comment for this article, except to say that the company is reviewing the research.
nexTier Networks Names Former Symantec CISO Dr. Ken Baylor To Executive Team
nexTier Networks, the company that is revolutionizing information security and data leak prevention through its unique semantic analysis technology, today announced that it has appointed Dr. Ken Baylor, most recently the Chief Information Security Officer (CISO) of Symantec, as vice president of business development. Dr. Baylor brings more than 16 years of experience leading global IT and security teams with companies such as Symantec and McAfee, where he held executive positions over security initiatives along with functions including product development, internal security operations and alliances. In this new role, Dr. Baylor will concentrate on establishing and furthering strategic alliances that will expand the company’s worldwide market opportunities.
Ken is a recognized security expert, a highly seasoned Information Security executive, and an advisor on security issues to Fortune 500 Companies. Prior to joining nexTier Networks, Ken Baylor served as Symantec’s Vice President and Chief Information Security Officer (CISO). In this role, Dr. Baylor was responsible for developing and overseeing the Symantec’s global information systems security policies and safeguarding corporate electronic and digital assets. As CISO, Dr. Baylor headed up Symantec’s Information Security department and worked closely with Symantec business units and their internal product groups building out advanced security capabilities across the company’s product lines.
“It is a testament to nexTier’s technology and market promise that we are able to attract such an accomplished security expert as Ken Baylor to our executive team,” said nexTier Founder and CTO Tarique Mustafa. “His track record of success in Fortune 500 and high-growth environments aligns with our focus on helping large enterprise customers protect their data. Dr Baylor is highly respected in the industry and brings a wealth of experience in creating key alliances, developing major customer programs, and driving product development. Ken will make a significant contribution to meeting our goals.”
Silicon Valley-based nexTier Networks is vastly improving information security with the application of its unique semantic analysis technology. nexTier’s technology prevents data loss by discovering data wherever it is located across the enterprise, analyzing that data and determining that data’s security value to the business. Much in the way that DNA is used to identify humans, nexTier’s algorithms extract the unique security DNA sequence of data, correlate that DNA sequence to security policies at wire speed, and use that DNA sequence as a means of enforcing security policies against that data. Highly immune to evasion, nNexTier’s algorithms can determine the origin of information even if it has been retyped into a brand new document or rearranged and reworded in an deliberately evasive manner.
“Every day, thousands of enterprises across the USA accidently or through outright negligence leak billions of dollars worth of intellectual property and customer data. They expose themselves and their customers to unnecessary risk for everything from the very high costs of dealing with such leaks to genuine harm on a variety of levels. Existing Data Leak Protection (DLP) products are far too complex and don’t adequately protect the enterprise,” said Dr. Ken Baylor. “nexTier’s products are easy to deploy and they really work. It is as simple as that.”
Earlier in his career, Dr. Baylor led a number of strategic initiatives within McAfee, where he was recognized as an expert in Intrusion Prevention Systems and Risk Management. He led efforts in developing strategic alliances and creating the McAfee Service Provider program. Dr. Baylor holds bachelors’ and doctorate degrees in Science from Ireland, a law degree from the UK and an MBA from the University of Texas.
nexTIer Networks was founded in 2006 by Tarique Mustafa and has a team, board , and board of advisors that include many leading authorities from companies like Symantec, McAfee, VeriSign, Cisco, Juniper, GreenBorder, Sygate and Securify. nexTier Networks is funded by Archimedes Capital, Ecosystem Ventures, and prominent Silicon Valley angel investors.
About nexTier Networks
Headquartered in Santa Clara, CA, nexTier Networks created a whole new way to secure business information by firewalling data at what the company calls the “semantic layer” – the network communications layer at which the semantic meaning in data is communicated. Following years of research and development, nexTier delivers breakthrough semantically-aware security algorithms to identify, classify and protect information in real time across very large volumes of content with unprecedented accuracy. The company was founded by Silicon Valley security veteran Tarique Mustafa and is backed by a team, board and board of advisors that include many leading authorities from companies like Symantec, McAfee, VeriSign, Cisco, Juniper, GreenBorder, Sygate and Securify.
Capcom’s Devil May Cry 4 – release this summer
Capcom®, a leading worldwide developer and publisher of video games, today announced that the highly anticipated PC version of Devil May Cry® 4 is locked and loaded for release this summer. Devil May Cry 4 is already a certifiable hit in the console world, having shipped over 2 million units world wide since its release in North America in February. A demo of the game will be released for PC players before the retail version ships, allowing PC gamers to try the game ahead of time, as well as testing their system’s prowess with the included benchmark mode. The PC version of Devil May Cry 4 will feature new modes, enhanced graphics options and some additional content. Devil May Cry 4 has been rated M for Mature by the Entertainment Software Ratings Board.
Good things come to those who wait as PC owners will benefit from having more modes and more visual customization options to help enhance their demon-slaying action. Turbo mode will turn-up the action to insane speeds, while Legendary Dark Knight Mode will harness advanced PC processing power and fill the screen with an unbelievable number of enemies for extra difficulty. Moreover, familiar enemies from the console versions will show-up in new locations in the PC version. The high resolution screen settings allow the cut scenes of the game to run at up to 120 frames per second (up from 30 frames per second in the console version of the game). Slider options are available to manage various visual effects seen throughout the game. Devil May Cry 4 for the PC will have both DirectX® 9 and DirectX® 10 modes, and will also be compliant with the Games For Windows® program.
From the producer of the original Devil May Cry® and Resident Evil® 4 comes the next installment in the hugely successful stylized action series that has so far achieved global sales of nearly seven million units. Devil May Cry 4 immerses gamers in a gothic supernatural world, where a new protagonist clashes with a familiar hero. As the new leading man, Nero, players will unleash incredible attacks and non-stop combos using a unique new gameplay mechanic: the powerful “Devil Bringer” on his right arm.
ABOUT CAPCOM
Capcom is a leading worldwide developer, publisher and distributor of interactive entertainment for game consoles, PCs, handheld and wireless devices. Founded in 1983, the company has created hundreds of games, including best-selling franchises Resident Evil®, Street Fighter®, Mega Man® and Devil May Cry® Capcom maintains operations in the U.S., U.K., Germany, Tokyo, Hong Kong and Korea, with corporate headquarters located in Osaka, Japan. More information about Capcom can be found on the company web site, www.capcom.com.
Capcom, the Capcom logo, Resident Evil, Mega Man and Devil May Cry are either registered trademarks or trademarks of Capcom Co., Ltd., in the U.S. or other countries. Street Fighter is a registered trademark of Capcom U.S.A., Inc. DirectX is a registered trademark of Microsoft Corporation in the United States and/or other countries. All rights reserved. All other marks are the property of their respective holders.
Yoggie Firestick Pico
WHAT: This year’s hottest new security innovation for laptops and PCs makes its appearance at the RSA Conference 2008 in San Francisco. Yoggie Security SystemsTM (exhibiting at booth #857) introduced a unique, ultra-portable mini computer that is a firewall solution to protect PCs from malicious attacks.
DETAILS: Yoggie Security SystemsTM (www.yoggie.com) is the first company to offload 12+ security applications onto an innovative USB key-size Linux-based 520 MHz security mini-computer with the company’s award-winning Gatekeeper Pico product. In addition to receiving the Best of Innovations award at CES, Yoggie has also received various awards from the RSA.
WHEN /
WHERE: April 9-10, 2008, Booth #857 in the Moscone Center
RSA Update – Michael Xie to present on network security trends
Michael Xie, founder and CTO, will present the trends and evolution in network security on April 9 at RSA Conference 2008. Attendees will come away from this session with a better understanding of the evolving network infrastructure and trend in security consolidation, threat research and defenses that anticipate future risks – and what it takes to protect today’s complex network environments.
Who: Michael Xie, founder and CTO, Fortinet
What: Discussion entitled “From Gopher to Google: Seven Security Trends in the Internet Age”
Session highlights include:
• An explanation of how network infrastructure is changing • An overview of the trends in network security • A checklist on how to securely move forward
When: Wednesday, April 9, 3:30 p.m., PDT
Where: RSA Conference 2008, Moscone Center, San Francisco, Calif., Executive Briefing Center in the Exposition Hall, booth 2603 (lower right corner of the show floor).
GO-Trust Inc. Launches Smart Card Solution for Mobile Phones and PDA’s
GO-Trust Inc. providing trusted security solutions for people on the go, launches new technology that enables manufacturers and developers of smart cards and smart card based security solutions to offer their applications on any mobile device that accepts a SD standard, mini or micro memory card, without any modification of the mobile device. Suddenly the mobile community and beyond are potential clients for chip based security solutions. The potential users include: Cell Phones, PDAs, Note Book PCs, Tablet PCs, Mobile TVs, Portable Ultrasound Units, Digital Cameras, Digital Camcorders, MP3/MP4 Players, Digital Picture Frames, GPS, Graphing Calculators, Wii Game System and much more.
Using the GO-Trust proprietary security/flash controller, firmware and a specially developed multi-platform SDK, existing applications can run unchanged in a mobile device and call the security module embedded in the SD memory just as if it was a regular sized smart card inserted in a USB card reader attached to a PC. In many cases the application can reside in the flash memory and be auto loaded as soon as the SD memory is inserted, making the operation totally transparent to the user.
The GO-Trust SD Solution is ready to ship today, so existing applications can be deployed to new clients immediately.
The launch of the GO-Trust SD Solution is taking place during the RSA Conference at 11:15am on Wednesday April 9th, 2008 in room 112 of Moscone Center North. Journalists, Analysts and technology watchers are all welcome.
About GO-Trust, Inc.
GO-Trust Inc. is a multi-national organization headquartered in Taichung, Taiwan and with subsidiaries in California, Hong Kong and Beijing. The company specializes in facilitating hardware based security solutions so manufacturers and developers can offer their products on new and diverse clients.
The management team have many years of experience in the development and marketing of security, components, hardware, middleware and software for major corporations including Honeywell, Connexant, SafeNet and Samsung.
Most recently the company has developed IC’s, firmware and drivers that enable smart card manufacturers to embed their technology in SD memory chips and operate seamlessly on a wide range of mobile devices. For additional company information, visit http://www.go-trust.com or call (714)-658-4445.
