I'd add using a good VM program. Virtual machines are a solid and aggressive defense. Of course, there are attacks to jump out from the VM, but patching an attack surface of a hypervisor versus an entire OS is a lot easier.
If you have the disk space, have a VM dedicated to banking and nothing else should provide enough security. (This is assuming you use a VM for browsing so the host OS doesn't get compromised, as if it gets rooted, the game is over.) Having separate VMs for differing projects can be done too. If the VM program (such as VMWare Workstation) support copy on write snapshots, the separate VMs won't take up that much space.
Another advantage of having your sensitive stuff in a VM is that you can stash the VM's disk image files in a TrueCrypt volume. This way, if the laptop gets stolen while it is on, the thieves might get access to the OS, but assuming the owner unmounts the sensitive VM once they are done, the information at risk is limited.
Of course, there are drawbacks to doing your work in VMs. It sometimes gets clunky to fire up a VM to do a task as opposed to just kicking off a Web browser in the host OS. There is also a performance penalty, which for some applications can be important. Of course, some VM programs are not able to do 3D graphics, so playing games in a VM won't be doable. Finally, there are OS licensing/activating issues that should be verified before heading abroad. However, if you max the RAM out (8GB is nice, 4GB should be the standard), you can allocate a decent chunk of RAM to a VM so the contents can run with a low performance penalty.
1: Bring an external drive, install media, and images of your machine with the OS, drivers, and apps installed, so if you get a spyware infection, you can boot an OS CD or a CD with a recovery program, save off your documents, and roll back to that.
2: Use Mozy, Carbonite, or some cloud backup program to have your critical documents stored safely, even on a spotty network connection. Bonus points if you use a keyfile, and store the keyfile somewhere secure (perhaps as an attachment in a few email accounts). This way, an intruder would need to have the keyfile as well as your username/password to restore from those services.
3: Department of redundancy department. Bring extra batteries, chargers, external hard disks, multiple copies of your OS on DVDS, an external DVD drive in case your primary one fails, and if budget permits, perhaps even a netbook just in case your main laptop fails. Weight in carrying this stuff around may be a consideration, but if you can leave some stuff at the hotel, it would be good to do, as a dead charger with no way to replace it will put a crimp on your Internet-readiness.
4: Backup nightly to a local drive. I'd consider a copy of Acronis TrueImage or a similar product.
5: Antivirus software doesn't catch everything. My recommendation? Do *all* your Web browsing in a virtual machine. This way, if you get your VM infected, you can save files you desire to keep, then roll back to a previous uninfected state. With Windows 7 Professional, Enterprise, and Ultimate, you can download XP Mode at no cost which can do this. Alternatives are VirtualBox and VMWare Workstation.
6: Encrypt your data. If using Windows, TrueCrypt is licensed at no charge and can encrypt your system volume. If you have a more advanced laptop with a TPM, Windows 7 Enterprise/Ultimate and BitLocker. Most Linux distros support filesystem encryption as well. And in OS X, FileVault is only a few mouse clicks away.
7: Have multiple user accounts. The account you use to show your laptop is OK at an airport is not the one you should use for your main stuff.
8: Consider insurance that covers your equipment while abroad.
9: Consider mailing your backup drives back to your place separately. This way, if by some chance your laptop gets stolen or seized, you still have backups of your stuff on those drives, as well as Mozy.
10: Consider a VPN service like StrongVPN, Anonymizer, Relakks, SwissVPN, or another reliable host. This is not for downloading your warez via P2P, but making sure that your traffic stays private.
Of these tips, I consider using virtual machines the most important. A VM infected can be easily cured by a snapshot rollback. It is a lot harder to clean up a host OS. Since you will be far from where you can find recovery media, having your host OS essentially be a hypervisor is a good bet.
From what I see, I see the PHBs and the nontechnical side of companies put the "computer people" into two camps, both doing some type of customer support: The developers, and the IT guys/gals. In their minds, the developers are the ones that sit there in closed rooms and slowly but surely make revisions to the company's product over time, and the people who the external customers get shuttled to if there are issues.
Compared to the devs which are to be fed to the external customers, the IT people are for the internal support. The LaserJet says "Insert Coin", they call up the head of IT for a fix even though he is 3 states over in a remote office, making sure not just the VPN communicates from the branch to HQ, but figuring out how to partition critical databases so the parts accessed most often by the office reside on servers at the branch, while replicated at HQ for backup reasons.
The problem is that IT is not a respected profession. People may not understand what exactly an attorney does, but they give them respect, and don't call up the head lawyer in a firm asking them to look at a will or contract. People may not understand what a doctor is doing exactly in a company, but they don't call them up and ask them to look at their hemorrhoids after work.
Combine this fact with the fact that IT people need years of experience. Not just keeping up to date in day to day technology [1], but having to also be professional with dealing with end users (external or internal). This is a true profession, and takes just as much work as an engineer, attorney, or doctor to become truly good at it.
The reason people don't realize this is a true profession is because most of them have no clue what even a SMB requires for support. The concept of "production critical" hardware is foreign to some people who have not worked on anything more critical than their home PCs.
So, what does IT need to bring it in line with engineers, doctors, and attorneys? This makes people go "UGH!", but a certifying body, similar to a bar association. However, this cannot be a static certificate similar to a MCSE. Technology changes so rapidly, someone who has one of these memberships on a snapshot of technology in 2006 may not be good compared to someone who is working on 2009 tech. One can't count on degrees either. Someone can have an IT degree and have no clue how to configure a production critical SAN compared to someone with just a GED. Perhaps long term, an organization similar to the ACM might be what is needed, with certification that is on the core elements of IT that don't change (application stacks, networking, customer interaction.) Then (and this is the hard part) get this organization respected in the eyes of PHBs and such, similar to how having a CISSP or a TS/SCI clearance means job security, or another decent position.
This organization would likely have to have levels of IT professional, similar to engineers, and even tradeskills (plumbers, locksmiths, and electricians), apprentice, journeyman, and master.
An apprentice would probably be around the A+ level of certification. It means the holder knows the basics of recent equipment, how to reinstall a server from bare metal, how to deal with a ticket system.
A journeyman would be able to configure core servers and get them running, do basic database optimization (first/second/third normal forms, what parts of a database container go on what spindles), configure basic backups, and so on. A major factor would be the ability to do documentation on what was done to machines in changelogs, so another person would be able to perhaps roll back system changes done due to a trouble ticket.
A master would be someone who can get two SANs replicated over a WAN, handle enterprise wide core/edge network fabric, hammer out a backup fabric for a core data center, having an idea of how long it will take to get servers back operational if a data center bites it, hand over reports, be able to answer audits (ISO 10,000, BSA, consistent pro
There is another Google Dev Phone, which is an unlocked HTC Magic. I wish Google can get an Android 2.0 developer phone out there, but that likely will be in a few months.
I've never understood the "gifts" thing. Someone pays a buck or more to slap a graphic onto someone else's wall.
Maybe FB could do something more meaningful with that, and have the ability for the recipient to get a serial number that is useful for something online, like $15 at iTMS, a month's free play time on ClicheQuest, or for brick and mortar shops, have the ability to print out a one use barcode that can be taken to shop for a store credit. End result is that people get meaningful gifts, FB gets a cut, and retailers get a customer with some money in hand to buy stuff.
Don't forget that with all the shiny new servers, to have some sort of backup fabric in place for each and every one of them.
I'd focus on four backup levels:
Level 1, quick local "oh shit" image based restores: A drive attached to the machine where it can do images of the OS and (if the data is small) data volumes. Then set up a backup program (the built in one in Windows Server 2008 is excellent). This way, if the machine tanks, you can do a fast bare metal by booting the OS CD, pointing it to the backup volume, pointing out the new OS volume, click "restore", walk off.
Level 2, a network backup server: The server would be a machine with a large amount of disk, and a tape autochanger. It would run at the low end Retrospect or Backup Exec, upper end, Networker, ArcServe, or TSM. And it would do d2d2t backups, so grabbing the data from machines is fast so you can do the most with a backup window. Then, with the tape array, make a rotation system factoring offsites to Iron Mountain, as well as onsite backups. Of course, this server would handle archiving, perhaps with a dedicated DLT-ICE (or similar WORM tech) drive for backups that can't be tampered with.
Level 3, offsite strategy: If you need to have stuff up 24/7, consider a hot or warm site that can take over should something happen to the main site. Even if you don't need an offsite server room, you do need offsite backup storage and rotation planning. Usually this is Iron Mountain's domain, but it can't hurt to also have a tape safe on some leased company property only known by the top IT brass just in case.
Level 4, the cloud: Cloud storage is costly. There are also security issues with it. However, the advantage is that if your data center gets completely obliterated, the data is still accessible. I'd recommend having some form of encryption (PGP comes to mind, perhaps on the cheap, TrueCrypt containers), and storing your core business tax data (Quickbooks/Peachtree) here. You want to store what you need to recover the business, but you don't want to store too much because you are paying lots of cash for it. Last time I checked, for the cost per month you use a cloud provider for a terabyte of storage, an external 1TB drive a month was cheaper. But you are paying for cloud storage's SLA and relability.
I know backup fabric is usually the last thing on an IT department's minds, but it is VERY important, and may mean the company exists or doesn't exist when (not if) something happens.
Tailor this to your requirements and budget, of course.
It boils down to one gets what they pay for. Barring some specific task (say a client is enthralled with some feature a consumer-level laptop had), any IT professional would almost always recommend the business lines of the laptop makers.
It is not just that the laptops trade the latest and greatest gewgaw for reliability, but one also has the option of buying decent customer support. The difference between the "gold" line of support and regular is very large. "Gold" line, you can tell them you want to RMA a dead hard disk on a machine with the serial of "1234". They will then express mail out to you a replacement HDD and packaging to return the old one. Without it, you have to play the game with the other guy of letting him rattle off his script and repeatedly tell him "I cannot click on diagnostics in Windows, as the hard disk is dead", until the guy demands a credit card number and wants you to ship the dead hard drive back first.
Consumer level base support from most vendors just plain sucks. This is why I highly recommend to businesses to go for the business class of machines and business level support. For individuals who rely on their machines, if they are buying a laptop, I urge them to either buy a business level model (Latitude or ProBook) and business level/"gold" support, or purchase a Mac with AppleCare. This way, if something does happen, the path to resolving a problem has as few obstacles as possible.
Desktops, service plans are less of an issue. If someone is hardware literate, perhaps the best thing they can do is build their desktop, or buy an inexpensive one from a big box store (that can be easily returned wholesale if stuff breaks during the burn-in period) and adding additional hard disk, RAM, and a video card. If someone isn't versed with PC hardware, I'd probably point them to the business level desktop/business level service, a Mac/AppleCare, or at the least a consumer level desktop with "gold" service if it is even available. The key is that if/when the computer has a hardware failure, the downtime due to dealing with support is minimized.
There are a lot fewer Android phones than iPhones, plus there is one thing people forget:
If you distribute code for Apple's platform, you have to go through the App Store. If you want to distribute code for Windows Mobile and Android, you can just send the user a file. The Android and WM app stores are more of clearinghouses (similar to Handango), as opposed to a central choke point.
So, factoring out pirated apps, Apple's Store shows essentially all the apps that go from developers to customers. Other platforms, the app stores might be used for commercial distribution, but other apps don't need to be. So, even if Android had the same marketshare as Apple's ther app store would always show fewer apps because people are free to use other ways to get from them to their users.
Coding is important, but what is also important is program design and architecture. This isn't thought of that much as a smaller utility that "scratches an itch" just needs to be coded.
However, larger projects, and projects with any security needs at all [1] need to have a lot of time put in to design security before a line of code is written. For example, a Web browser should see if it can run under a lower privilege context without preventing the user from downloading files. A Web browser plugin needs to assume any code it gets from a website is likely tainted, treat the code as suspect, and run it in a sandbox (CPU/filesystem/RAM limits, preferably enforced by the OS, and even better, able to have the code run in a limited context other than the user.)
Compartmentalization is important, so instance of a program cannot interfere with another. This way, something that mucks with a cache directory only affects that instance, and cannot modify another. Same with a thread of execution needing protection from others that might get code injected into them.
Separation of code modules that are vital to security is critical. This way, extreme code review can be focused on the security critical modules, while other modules (such as the one that renders stuff) can be reviewed, but it wouldn't have the extreme focus as the parser of incoming code.
This stuff is vitally important, and can't just be bolted on without a complete rewrite. It has to be part of the architecture from the first line of code on. However, there are two benefits from having this integrated into a core program design. The first is that the security critical code is in modules that can be thoroughly scrutinized and audited. The second is that the program will be far more resistant to attack, and if an attack is done, it can be fixed far faster than a product that has no security in its core design.
[1]: One would be surprised at what programs need security. Anything touching the Internet like a browser plugin, mail filter, or even a MUD server are just as important to have security factored in as a SUID root utility.
Problem is, there will be IMMENSE pressure from advertisers to turn that 1 ad every 48 hours of time into 24 hours, then 12, and so on. With enough cash offered, I'm sure the 30 minutes of talk time will turn into 8 minutes with 2-3 minutes of forced ad watching, just like American TV.
Look who benefits: Apple benefits by residuals from the patent licenses. Ad companies benefit by having as many ads on consumers' "third screens". Phone networks benefit from the ad revenue and the cost for bandwidth used (since flash ads can get pretty darn big). Everyone wins here, except the consumer who has the least amount of power in this deal (other than the take it or leave it aspect.)
So, as a consumer, one has to vote with their feet on this issue and nip it in the bud. However, what might happen is all the cellular carriers in a region would adopt this stuff at the same time, leaving people with no choice except to buy a "business" cellphone plan that costs 2-3x more for the same thing.
Don't forget #3: We pay for the bandwidth for the ads. It may not be by the byte like it is on almost all cellphone Internet plans, but every ad slung in our faces does contribute to the used bandwidth totals, and may be the factor that gets someone's internet connection throttled to 128K for the rest of the month.
Every single major Linux distribution I have used in the past 5 years can be completely configured from X-Windows. And with UNIX variants, once configured, they stay configured unless someone messes with them, some outside factor (router changed its IP), or hardware changes/failures affect the box.
I am an old UNIX person, so I prefer popping an xterm (or even better, control-alt-shift-F2 for a console TTY) and editing files or using curses based utilities. However, these days, you don't have to know the ins and outs of sendmail.cf (or even sendmail.mc) to have a mail server configured for you by modern day administration tools from KDE or GNOME. I would say that configuring a Linux distribution like RHEL or Ubuntu is just as easy as configuring a Windows box.
And if you are into remote management, Webmin and Plesk can allow you to do a number of sysadmin tasks from your Web browser. Webmin has been around for over a decade, and is a (for the most part) very stable tool. Plesk is a commercial utility that has gotten a good amount of praise as well.
So, don't let the fear of a bash shell stop you from running Linux. You can do an amazing amount of stuff without ever needing to even look at a "$" or "#" prompt. It might have been true about 10 years ago that graphical admin tools were at best good for only general stuff, and at worst, SUID root disasters, but time has moved on, and a lot of work has been done in this field.
I have seen both sides of this fence. My conclusion is that this depends on the area of the country.
Here in Austin, there are plenty of top notch Linux, BSD, AIX, Solaris, OS X, and Windows administrators. So, if I were handed the plans for a school computer lab, depending on the concepts being learned, Linux would be just as good as Windows, because the school can always find someone at UT (University of Texas) who is versed in Linux, and can keep their systems running once my task is done.
But, in other areas of the US, I would not do this. I'd give them the Linux option, but I would make it known that in their part of the woods, finding a competent (RHCE level) Linux admin would be almost impossible, and it would be likely the one or two they would find would charge an inappropriate amount. So, I'd point them in the direction of Macs or Windows machines. Historically, Macs and education have gone together, and if Windows is needed, it is just a reboot away. For generic PCs, I'd not just point them at Dell or HP, but *highly* recommend (if they can afford it) that they get the "gold" support plan, so the school admin isn't sitting on hold for 3-4 hours being bounced from script reader to script reader if something does arise.
China is important, but a lot of national debt is "stored" in T-bills and T-bonds, and these are purchased by investment organizations in the US and abroad.
What happens if the US doesn't pay up? The dollar is a fiat currency, which unlike a gold backed currency, lives and dies by the faith people put in it. So, if people lose faith in the dollar, there are plenty of other currencies out there. The Chinese yuan, the Euro, and others have strong backers to be the standard for oil and commodities trading on international markets.
With no faith in the dollar, the dollar will buy far less than it used to. This means hyperinflation. Zimbabwe comes to mind of what happens. What makes this even worse is that the FED has a near zero interest rate. This means should inflation take off, they have no hedges against it other than raising interest rates which would bring to a standstill any hopes of an economic recovery.
So, (obligatory car analogy) the US not ponying up for the debts it owes would mean a $10 scented hangtag for the rearview mirror would cost $500 in a span of a few months.
Will we have the ability to make DVD players that last 1000 years? Factories retool often, so components which are in easy supply for DVDs right now may not be available in 20-50 years, similar to finding wax cylinder needles or heads for reel to reel tapes.
Also, will we have the ability to decode the pits on a DVD? If someone doesn't know the exact error correction, parsing of Gray codes, and other stuff, the DVD will be completely unreadable.
Trick is... make a DVD player model that can be made as technology progresses, sort of (obligatory car example) having the Jeep Wrangler of optical drives, which keeps being made, but is essentially older technology.
If the company has WSUS, they can configure it to grab all the patches required by client machines, and either automatically approve only security updates (explicitly denying IE7/IE8), or holding everything for a sysadmin to approve.
Windows Update is fine, but businesses should *never* have their production machines point to it. Instead, the machines should be fed off a hardened internal box which stores updates, and where the IT department can control releasing patches in stages (a production replica gets the patch. If the box doesn't crash and burn, you then cycle the test machines, if things look ok there, finally you use your downtime window, fire off a backup [1] and finally do the production update.)
This wisdom doesn't just apply to Microsoft. Any OS should have this type of patch staging unless it is a show stopper bug that cannot be worked around. This sounds like a lot of work, especially compared to just having the boxes patch, reboot when they want, and continuing on, but it isn't worth gambling the business over if something does conflict or a patch causes things to break.
[1]: Yes, I do recommend some type of bare metal backup feature attached to production boxes. Even with the best preplanning, things can go pointed end up. So, having the ability to pull back to a pre-hosed state reliably is important.
Even without robots.txt, if one wanted to play "hardball", they can always have htaccess block Googlebot at the web server level. Or, at the SPI level, filter out incoming requests from the googlebot.com domain if they want to do it at the router so the web servers won't need any configuration changes.
This is probably the most sensible thing I have read about passing information from a secure (read, compromise on the segment BAD) network to a less secure one such as an internal LAN. Using a dedicated line that passes the raw data without having an IP stack means that the box on the less secure side can do nothing except inject large amounts of garbage or random data down the dedicated line in hopes of filling up a hard disk or jamming a buffer. Even if this is done, it would at most cause a crash on the secure box, which would be immediately detected. True compromise of that box and getting on its network is still impossible by known means, or physical access.
The problem that is faced with that solution is marshalling the data to fit over the pipe, spitting it over the dedicated link, and the computer on the less secure network side unmarshalling it, and getting it to the appropriate places for reports, queries and other things that the PHBs require.
Maybe it might be for the best to have SCADA controlling systems airgapped, or at the least, if people want reports from the systems, have locked down machines that poll them and then copy the results to another network. You could have two boxes on separate networks that communicate text solely through a serial cable (no PPP or SLIP, just data passed as a stream through the cable from the inside box to the outside one. Perhaps even cut the RX+ and RX- lines going to the inner box for maximum security) to ensure the inside box doesn't get rooted. This is slow (serial isn't the fastest of all protocols, but it is simple), but it will take someone with physical access to compromise such a setup. I have used similar configurations for secure syslog dump hosts (one box would take syslog dumps, then pass them via a serial cable to another box that is not connected on any network. This way even if someone rooted all boxes, he or she couldn't touch the last syslog dump.)
Maybe these days, two boxes connected via serial and one machine just parsing the other's serial output stream with a glorified tail -f going to whever (web pages, databases) may be not the epitomy of high tech connectivity, but it ensures that a blackhat from offshore isn't going to cause a BLEVE that takes out several city blocks.
Even if someone does mention it, it is factual in a way -- UNIX variants have a very low number of viruses. However, come to think of it, modern day Windows really doesn't have true viruses as of recent. Mainly because people tend not to distribute executables amongst each other. Instead, attacks are either Trojans, worms that infect machines in real time, or done via Web browser, or done via browser add-on exploits. These affect all operating systems. The reason one sees Trojans for Windows and OS X is the profitability factor -- more ROI to hit the top 1-2 used platforms rather than try to find a way to remotely root someone running NCSA Mosaic on an old IRIX 5.x box.
But eventually all operating systems should have some type of OS level IDS system that can detect known threat signatures and unknown ones that match various heuristic rules. This way, if someone does get in via yet another hole in a service, the IDS will be able to detect and log it, or actively stop the attack.
Very true. However, a lot of larger businesses have stipulations that their vendors have AV software on all computers used in a project. Even the AIX box crunching the numbers and the large Suns with the database end up with McAfee on them. Not that there is some major AIX virus, but to allow sales to tick off a box on the contract.
This pill is made easier to swallow though. Most AV products usually have more than one function these days. Symantec's can be used to block removable media, while other brands bundle with it comprehensive auditing consoles. Other brands, the antivirus is usually as part of a suite (Forefront comes to mind.)
Its even past that. It used to be kids who were out to knock off someone's machine on a local BBS. Then it became the legion of professionals who went blackhat due to cash.
Now, you have well heeled groups, from criminal organizations to whole governments who have immensely deep pockets who spend billions in order to search through every Windows and UNIX executable just to find the single buffer overrun, race condition, or other small goof that can be used in an elaborate attack. The payoff is big, and not just economics.
Of course the attacks are nastier and nastier.
Best defenses? After the obvious firewall and network IDS, two of the best system level out there are virtualization with a hardened hypervisor and jailing of apps. After that, an OS based IDS that can detect known signatures and unknown suspect activity. This way, something that gets access to the OS via an unjailed browser or plugin hole is stopped.
I run AV software for a few reasons: The first is that most AV software has heuristics. This is important for a "burglar alarm" in case something manages to get executing natively on a system. The second is to catch known threats before an OS update. AV products update at least daily, which is usually faster than OS or browser updates unless the hole is super critical. Another use is scanning files and documents before emailing. This way, if the recipient claims to have gotten an infection, I can say that it was scanned with a utility before it was sent, thus the recipient's problem.
Of course, there is the legal element. A business that doesn't have AV software on machines (regardless of how really effective it is), is like a business that doesn't have locks on building doors. People would say the business is not doing due diligence.
Key escrow is a bad concept in general. Even for a medium sized business, it takes some planning headaches, especially if people factor in having access by multiple employees in case one of them dies, goes rogue, or just quits and refuses to divulge the keys.
The biggest problem with key escrow is the "all eggs in one basket" issue. The more keys stored in a certain location, the more high value the target becomes. After a certain threshold with a large amount of corporate keys stored, it becomes economically worth it for well heeled blackhats to find who works there and has admin access, kidnap them (or their family members) and apply rubber hose "cryptography" until a means is found for appropriation of the keys by the attackers. If the keys are in a HSM, a party with a lot of cash (talking billions of dollars) would steal the HSM and painstakingly use a chip fab's worth of technology to get the contents, or they would find a way to have subkeys signed or items decrypted that might help them. This was my biggest fear when Clipper loomed over us as a mandated government standard.
A CA's loss of a key is disasterous, but the key can be revoked and a new key generated to be dropped in root certificate chains. However, encryption keys that are grabbed can post a big threat as data is a lot harder to re-encrypt.
Encryption is not a cure all for security needs. It is merely a tool, similar to locks on the door, guards with M16s, and CCTV cameras. Poorly implemented, it could mean little to a clued attacker, and businesses need to realize that the clued attackers are far more common that they think.
One example: Say someone uses the hardware encryption on a tape drive. Tape drives can have encryption set in multiple ways. It can be manually set for all tapes, or the backup application can manage keys and set the encryption pet tape. If an organization is slipshod about the way they use the encryption and use one key for all tapes, and have that key information written on the proverbial slip of paper on the monitor, then an attacker can grab the tapes, perhaps grab a tape drive or buy one, and decrypt the info to their hearts content. Compare this to an organization which uses more stringent backup procedures so that even if a tape is stolen by an insider, it won't be decodable.
Another example: BitLocker. If implemented right, BitLocker is solid against most known threats (avenues like rubber hoses and RAM scanning via IEEE1394 are different). However, if someone installs BitLocker and then disables all key protectors, to a competant attacker, the BitLocker protection is dealt with. Same with people using BitLocker on machines without TPMs using USB flash drives, and not making sure the flash drive is stored securely.
There are various implementions of encryption. ECB is a bad version (because an attacker can figure out what a block matches to). A good implementation might use multiple diffusers and an algorithm like XTS so an attacker can't compare sector 55 with sector 157 and determine if the contents are similar. So, even though a program might use AES, if salts and other crypto concepts are not used, it severely weakens security.
Finally, TrueCrypt. If someone thinks that TrueCrypt fixes all their security issues and doesn't concern themselves with attacks over the wire, an attacker can either slap a keylogger on a machine, or just read the volume decryption keys from memory, then at a later date grab the disks if there is too much data to fetch from remote. If TrueCrypt is used with proper protection against network attacks (firewall, etc.) then it provides excellent protection.
I am concerned that a law exempting breaches from being disclosed would only work in the blackhat's favor. In theory, someone could rot13 the data on the drive, or AES it with an all zero key to make the security that comes with encryption meaningless.
I'd add using a good VM program. Virtual machines are a solid and aggressive defense. Of course, there are attacks to jump out from the VM, but patching an attack surface of a hypervisor versus an entire OS is a lot easier.
If you have the disk space, have a VM dedicated to banking and nothing else should provide enough security. (This is assuming you use a VM for browsing so the host OS doesn't get compromised, as if it gets rooted, the game is over.) Having separate VMs for differing projects can be done too. If the VM program (such as VMWare Workstation) support copy on write snapshots, the separate VMs won't take up that much space.
Another advantage of having your sensitive stuff in a VM is that you can stash the VM's disk image files in a TrueCrypt volume. This way, if the laptop gets stolen while it is on, the thieves might get access to the OS, but assuming the owner unmounts the sensitive VM once they are done, the information at risk is limited.
Of course, there are drawbacks to doing your work in VMs. It sometimes gets clunky to fire up a VM to do a task as opposed to just kicking off a Web browser in the host OS. There is also a performance penalty, which for some applications can be important. Of course, some VM programs are not able to do 3D graphics, so playing games in a VM won't be doable. Finally, there are OS licensing/activating issues that should be verified before heading abroad. However, if you max the RAM out (8GB is nice, 4GB should be the standard), you can allocate a decent chunk of RAM to a VM so the contents can run with a low performance penalty.
A few things that come to mind:
1: Bring an external drive, install media, and images of your machine with the OS, drivers, and apps installed, so if you get a spyware infection, you can boot an OS CD or a CD with a recovery program, save off your documents, and roll back to that.
2: Use Mozy, Carbonite, or some cloud backup program to have your critical documents stored safely, even on a spotty network connection. Bonus points if you use a keyfile, and store the keyfile somewhere secure (perhaps as an attachment in a few email accounts). This way, an intruder would need to have the keyfile as well as your username/password to restore from those services.
3: Department of redundancy department. Bring extra batteries, chargers, external hard disks, multiple copies of your OS on DVDS, an external DVD drive in case your primary one fails, and if budget permits, perhaps even a netbook just in case your main laptop fails. Weight in carrying this stuff around may be a consideration, but if you can leave some stuff at the hotel, it would be good to do, as a dead charger with no way to replace it will put a crimp on your Internet-readiness.
4: Backup nightly to a local drive. I'd consider a copy of Acronis TrueImage or a similar product.
5: Antivirus software doesn't catch everything. My recommendation? Do *all* your Web browsing in a virtual machine. This way, if you get your VM infected, you can save files you desire to keep, then roll back to a previous uninfected state. With Windows 7 Professional, Enterprise, and Ultimate, you can download XP Mode at no cost which can do this. Alternatives are VirtualBox and VMWare Workstation.
6: Encrypt your data. If using Windows, TrueCrypt is licensed at no charge and can encrypt your system volume. If you have a more advanced laptop with a TPM, Windows 7 Enterprise/Ultimate and BitLocker. Most Linux distros support filesystem encryption as well. And in OS X, FileVault is only a few mouse clicks away.
7: Have multiple user accounts. The account you use to show your laptop is OK at an airport is not the one you should use for your main stuff.
8: Consider insurance that covers your equipment while abroad.
9: Consider mailing your backup drives back to your place separately. This way, if by some chance your laptop gets stolen or seized, you still have backups of your stuff on those drives, as well as Mozy.
10: Consider a VPN service like StrongVPN, Anonymizer, Relakks, SwissVPN, or another reliable host. This is not for downloading your warez via P2P, but making sure that your traffic stays private.
Of these tips, I consider using virtual machines the most important. A VM infected can be easily cured by a snapshot rollback. It is a lot harder to clean up a host OS. Since you will be far from where you can find recovery media, having your host OS essentially be a hypervisor is a good bet.
From what I see, I see the PHBs and the nontechnical side of companies put the "computer people" into two camps, both doing some type of customer support: The developers, and the IT guys/gals. In their minds, the developers are the ones that sit there in closed rooms and slowly but surely make revisions to the company's product over time, and the people who the external customers get shuttled to if there are issues.
Compared to the devs which are to be fed to the external customers, the IT people are for the internal support. The LaserJet says "Insert Coin", they call up the head of IT for a fix even though he is 3 states over in a remote office, making sure not just the VPN communicates from the branch to HQ, but figuring out how to partition critical databases so the parts accessed most often by the office reside on servers at the branch, while replicated at HQ for backup reasons.
The problem is that IT is not a respected profession. People may not understand what exactly an attorney does, but they give them respect, and don't call up the head lawyer in a firm asking them to look at a will or contract. People may not understand what a doctor is doing exactly in a company, but they don't call them up and ask them to look at their hemorrhoids after work.
Combine this fact with the fact that IT people need years of experience. Not just keeping up to date in day to day technology [1], but having to also be professional with dealing with end users (external or internal). This is a true profession, and takes just as much work as an engineer, attorney, or doctor to become truly good at it.
The reason people don't realize this is a true profession is because most of them have no clue what even a SMB requires for support. The concept of "production critical" hardware is foreign to some people who have not worked on anything more critical than their home PCs.
So, what does IT need to bring it in line with engineers, doctors, and attorneys? This makes people go "UGH!", but a certifying body, similar to a bar association. However, this cannot be a static certificate similar to a MCSE. Technology changes so rapidly, someone who has one of these memberships on a snapshot of technology in 2006 may not be good compared to someone who is working on 2009 tech. One can't count on degrees either. Someone can have an IT degree and have no clue how to configure a production critical SAN compared to someone with just a GED. Perhaps long term, an organization similar to the ACM might be what is needed, with certification that is on the core elements of IT that don't change (application stacks, networking, customer interaction.) Then (and this is the hard part) get this organization respected in the eyes of PHBs and such, similar to how having a CISSP or a TS/SCI clearance means job security, or another decent position.
This organization would likely have to have levels of IT professional, similar to engineers, and even tradeskills (plumbers, locksmiths, and electricians), apprentice, journeyman, and master.
An apprentice would probably be around the A+ level of certification. It means the holder knows the basics of recent equipment, how to reinstall a server from bare metal, how to deal with a ticket system.
A journeyman would be able to configure core servers and get them running, do basic database optimization (first/second/third normal forms, what parts of a database container go on what spindles), configure basic backups, and so on. A major factor would be the ability to do documentation on what was done to machines in changelogs, so another person would be able to perhaps roll back system changes done due to a trouble ticket.
A master would be someone who can get two SANs replicated over a WAN, handle enterprise wide core/edge network fabric, hammer out a backup fabric for a core data center, having an idea of how long it will take to get servers back operational if a data center bites it, hand over reports, be able to answer audits (ISO 10,000, BSA, consistent pro
There is another Google Dev Phone, which is an unlocked HTC Magic. I wish Google can get an Android 2.0 developer phone out there, but that likely will be in a few months.
I've never understood the "gifts" thing. Someone pays a buck or more to slap a graphic onto someone else's wall.
Maybe FB could do something more meaningful with that, and have the ability for the recipient to get a serial number that is useful for something online, like $15 at iTMS, a month's free play time on ClicheQuest, or for brick and mortar shops, have the ability to print out a one use barcode that can be taken to shop for a store credit. End result is that people get meaningful gifts, FB gets a cut, and retailers get a customer with some money in hand to buy stuff.
Don't forget that with all the shiny new servers, to have some sort of backup fabric in place for each and every one of them.
I'd focus on four backup levels:
Level 1, quick local "oh shit" image based restores: A drive attached to the machine where it can do images of the OS and (if the data is small) data volumes. Then set up a backup program (the built in one in Windows Server 2008 is excellent). This way, if the machine tanks, you can do a fast bare metal by booting the OS CD, pointing it to the backup volume, pointing out the new OS volume, click "restore", walk off.
Level 2, a network backup server: The server would be a machine with a large amount of disk, and a tape autochanger. It would run at the low end Retrospect or Backup Exec, upper end, Networker, ArcServe, or TSM. And it would do d2d2t backups, so grabbing the data from machines is fast so you can do the most with a backup window. Then, with the tape array, make a rotation system factoring offsites to Iron Mountain, as well as onsite backups. Of course, this server would handle archiving, perhaps with a dedicated DLT-ICE (or similar WORM tech) drive for backups that can't be tampered with.
Level 3, offsite strategy: If you need to have stuff up 24/7, consider a hot or warm site that can take over should something happen to the main site. Even if you don't need an offsite server room, you do need offsite backup storage and rotation planning. Usually this is Iron Mountain's domain, but it can't hurt to also have a tape safe on some leased company property only known by the top IT brass just in case.
Level 4, the cloud: Cloud storage is costly. There are also security issues with it. However, the advantage is that if your data center gets completely obliterated, the data is still accessible. I'd recommend having some form of encryption (PGP comes to mind, perhaps on the cheap, TrueCrypt containers), and storing your core business tax data (Quickbooks/Peachtree) here. You want to store what you need to recover the business, but you don't want to store too much because you are paying lots of cash for it. Last time I checked, for the cost per month you use a cloud provider for a terabyte of storage, an external 1TB drive a month was cheaper. But you are paying for cloud storage's SLA and relability.
I know backup fabric is usually the last thing on an IT department's minds, but it is VERY important, and may mean the company exists or doesn't exist when (not if) something happens.
Tailor this to your requirements and budget, of course.
It boils down to one gets what they pay for. Barring some specific task (say a client is enthralled with some feature a consumer-level laptop had), any IT professional would almost always recommend the business lines of the laptop makers.
It is not just that the laptops trade the latest and greatest gewgaw for reliability, but one also has the option of buying decent customer support. The difference between the "gold" line of support and regular is very large. "Gold" line, you can tell them you want to RMA a dead hard disk on a machine with the serial of "1234". They will then express mail out to you a replacement HDD and packaging to return the old one. Without it, you have to play the game with the other guy of letting him rattle off his script and repeatedly tell him "I cannot click on diagnostics in Windows, as the hard disk is dead", until the guy demands a credit card number and wants you to ship the dead hard drive back first.
Consumer level base support from most vendors just plain sucks. This is why I highly recommend to businesses to go for the business class of machines and business level support. For individuals who rely on their machines, if they are buying a laptop, I urge them to either buy a business level model (Latitude or ProBook) and business level/"gold" support, or purchase a Mac with AppleCare. This way, if something does happen, the path to resolving a problem has as few obstacles as possible.
Desktops, service plans are less of an issue. If someone is hardware literate, perhaps the best thing they can do is build their desktop, or buy an inexpensive one from a big box store (that can be easily returned wholesale if stuff breaks during the burn-in period) and adding additional hard disk, RAM, and a video card. If someone isn't versed with PC hardware, I'd probably point them to the business level desktop/business level service, a Mac/AppleCare, or at the least a consumer level desktop with "gold" service if it is even available. The key is that if/when the computer has a hardware failure, the downtime due to dealing with support is minimized.
There are a lot fewer Android phones than iPhones, plus there is one thing people forget:
If you distribute code for Apple's platform, you have to go through the App Store. If you want to distribute code for Windows Mobile and Android, you can just send the user a file. The Android and WM app stores are more of clearinghouses (similar to Handango), as opposed to a central choke point.
So, factoring out pirated apps, Apple's Store shows essentially all the apps that go from developers to customers. Other platforms, the app stores might be used for commercial distribution, but other apps don't need to be. So, even if Android had the same marketshare as Apple's ther app store would always show fewer apps because people are free to use other ways to get from them to their users.
Coding is important, but what is also important is program design and architecture. This isn't thought of that much as a smaller utility that "scratches an itch" just needs to be coded.
However, larger projects, and projects with any security needs at all [1] need to have a lot of time put in to design security before a line of code is written. For example, a Web browser should see if it can run under a lower privilege context without preventing the user from downloading files. A Web browser plugin needs to assume any code it gets from a website is likely tainted, treat the code as suspect, and run it in a sandbox (CPU/filesystem/RAM limits, preferably enforced by the OS, and even better, able to have the code run in a limited context other than the user.)
Compartmentalization is important, so instance of a program cannot interfere with another. This way, something that mucks with a cache directory only affects that instance, and cannot modify another. Same with a thread of execution needing protection from others that might get code injected into them.
Separation of code modules that are vital to security is critical. This way, extreme code review can be focused on the security critical modules, while other modules (such as the one that renders stuff) can be reviewed, but it wouldn't have the extreme focus as the parser of incoming code.
This stuff is vitally important, and can't just be bolted on without a complete rewrite. It has to be part of the architecture from the first line of code on. However, there are two benefits from having this integrated into a core program design. The first is that the security critical code is in modules that can be thoroughly scrutinized and audited. The second is that the program will be far more resistant to attack, and if an attack is done, it can be fixed far faster than a product that has no security in its core design.
[1]: One would be surprised at what programs need security. Anything touching the Internet like a browser plugin, mail filter, or even a MUD server are just as important to have security factored in as a SUID root utility.
Problem is, there will be IMMENSE pressure from advertisers to turn that 1 ad every 48 hours of time into 24 hours, then 12, and so on. With enough cash offered, I'm sure the 30 minutes of talk time will turn into 8 minutes with 2-3 minutes of forced ad watching, just like American TV.
Look who benefits: Apple benefits by residuals from the patent licenses. Ad companies benefit by having as many ads on consumers' "third screens". Phone networks benefit from the ad revenue and the cost for bandwidth used (since flash ads can get pretty darn big). Everyone wins here, except the consumer who has the least amount of power in this deal (other than the take it or leave it aspect.)
So, as a consumer, one has to vote with their feet on this issue and nip it in the bud. However, what might happen is all the cellular carriers in a region would adopt this stuff at the same time, leaving people with no choice except to buy a "business" cellphone plan that costs 2-3x more for the same thing.
Don't forget #3: We pay for the bandwidth for the ads. It may not be by the byte like it is on almost all cellphone Internet plans, but every ad slung in our faces does contribute to the used bandwidth totals, and may be the factor that gets someone's internet connection throttled to 128K for the rest of the month.
Every single major Linux distribution I have used in the past 5 years can be completely configured from X-Windows. And with UNIX variants, once configured, they stay configured unless someone messes with them, some outside factor (router changed its IP), or hardware changes/failures affect the box.
I am an old UNIX person, so I prefer popping an xterm (or even better, control-alt-shift-F2 for a console TTY) and editing files or using curses based utilities. However, these days, you don't have to know the ins and outs of sendmail.cf (or even sendmail.mc) to have a mail server configured for you by modern day administration tools from KDE or GNOME. I would say that configuring a Linux distribution like RHEL or Ubuntu is just as easy as configuring a Windows box.
And if you are into remote management, Webmin and Plesk can allow you to do a number of sysadmin tasks from your Web browser. Webmin has been around for over a decade, and is a (for the most part) very stable tool. Plesk is a commercial utility that has gotten a good amount of praise as well.
So, don't let the fear of a bash shell stop you from running Linux. You can do an amazing amount of stuff without ever needing to even look at a "$" or "#" prompt. It might have been true about 10 years ago that graphical admin tools were at best good for only general stuff, and at worst, SUID root disasters, but time has moved on, and a lot of work has been done in this field.
I have seen both sides of this fence. My conclusion is that this depends on the area of the country.
Here in Austin, there are plenty of top notch Linux, BSD, AIX, Solaris, OS X, and Windows administrators. So, if I were handed the plans for a school computer lab, depending on the concepts being learned, Linux would be just as good as Windows, because the school can always find someone at UT (University of Texas) who is versed in Linux, and can keep their systems running once my task is done.
But, in other areas of the US, I would not do this. I'd give them the Linux option, but I would make it known that in their part of the woods, finding a competent (RHCE level) Linux admin would be almost impossible, and it would be likely the one or two they would find would charge an inappropriate amount. So, I'd point them in the direction of Macs or Windows machines. Historically, Macs and education have gone together, and if Windows is needed, it is just a reboot away. For generic PCs, I'd not just point them at Dell or HP, but *highly* recommend (if they can afford it) that they get the "gold" support plan, so the school admin isn't sitting on hold for 3-4 hours being bounced from script reader to script reader if something does arise.
China is important, but a lot of national debt is "stored" in T-bills and T-bonds, and these are purchased by investment organizations in the US and abroad.
What happens if the US doesn't pay up? The dollar is a fiat currency, which unlike a gold backed currency, lives and dies by the faith people put in it. So, if people lose faith in the dollar, there are plenty of other currencies out there. The Chinese yuan, the Euro, and others have strong backers to be the standard for oil and commodities trading on international markets.
With no faith in the dollar, the dollar will buy far less than it used to. This means hyperinflation. Zimbabwe comes to mind of what happens. What makes this even worse is that the FED has a near zero interest rate. This means should inflation take off, they have no hedges against it other than raising interest rates which would bring to a standstill any hopes of an economic recovery.
So, (obligatory car analogy) the US not ponying up for the debts it owes would mean a $10 scented hangtag for the rearview mirror would cost $500 in a span of a few months.
Will we have the ability to make DVD players that last 1000 years? Factories retool often, so components which are in easy supply for DVDs right now may not be available in 20-50 years, similar to finding wax cylinder needles or heads for reel to reel tapes.
Also, will we have the ability to decode the pits on a DVD? If someone doesn't know the exact error correction, parsing of Gray codes, and other stuff, the DVD will be completely unreadable.
Trick is... make a DVD player model that can be made as technology progresses, sort of (obligatory car example) having the Jeep Wrangler of optical drives, which keeps being made, but is essentially older technology.
If the company has WSUS, they can configure it to grab all the patches required by client machines, and either automatically approve only security updates (explicitly denying IE7/IE8), or holding everything for a sysadmin to approve.
Windows Update is fine, but businesses should *never* have their production machines point to it. Instead, the machines should be fed off a hardened internal box which stores updates, and where the IT department can control releasing patches in stages (a production replica gets the patch. If the box doesn't crash and burn, you then cycle the test machines, if things look ok there, finally you use your downtime window, fire off a backup [1] and finally do the production update.)
This wisdom doesn't just apply to Microsoft. Any OS should have this type of patch staging unless it is a show stopper bug that cannot be worked around. This sounds like a lot of work, especially compared to just having the boxes patch, reboot when they want, and continuing on, but it isn't worth gambling the business over if something does conflict or a patch causes things to break.
[1]: Yes, I do recommend some type of bare metal backup feature attached to production boxes. Even with the best preplanning, things can go pointed end up. So, having the ability to pull back to a pre-hosed state reliably is important.
Even without robots.txt, if one wanted to play "hardball", they can always have htaccess block Googlebot at the web server level. Or, at the SPI level, filter out incoming requests from the googlebot.com domain if they want to do it at the router so the web servers won't need any configuration changes.
This is probably the most sensible thing I have read about passing information from a secure (read, compromise on the segment BAD) network to a less secure one such as an internal LAN. Using a dedicated line that passes the raw data without having an IP stack means that the box on the less secure side can do nothing except inject large amounts of garbage or random data down the dedicated line in hopes of filling up a hard disk or jamming a buffer. Even if this is done, it would at most cause a crash on the secure box, which would be immediately detected. True compromise of that box and getting on its network is still impossible by known means, or physical access.
The problem that is faced with that solution is marshalling the data to fit over the pipe, spitting it over the dedicated link, and the computer on the less secure network side unmarshalling it, and getting it to the appropriate places for reports, queries and other things that the PHBs require.
Maybe it might be for the best to have SCADA controlling systems airgapped, or at the least, if people want reports from the systems, have locked down machines that poll them and then copy the results to another network. You could have two boxes on separate networks that communicate text solely through a serial cable (no PPP or SLIP, just data passed as a stream through the cable from the inside box to the outside one. Perhaps even cut the RX+ and RX- lines going to the inner box for maximum security) to ensure the inside box doesn't get rooted. This is slow (serial isn't the fastest of all protocols, but it is simple), but it will take someone with physical access to compromise such a setup. I have used similar configurations for secure syslog dump hosts (one box would take syslog dumps, then pass them via a serial cable to another box that is not connected on any network. This way even if someone rooted all boxes, he or she couldn't touch the last syslog dump.)
Maybe these days, two boxes connected via serial and one machine just parsing the other's serial output stream with a glorified tail -f going to whever (web pages, databases) may be not the epitomy of high tech connectivity, but it ensures that a blackhat from offshore isn't going to cause a BLEVE that takes out several city blocks.
Even if someone does mention it, it is factual in a way -- UNIX variants have a very low number of viruses. However, come to think of it, modern day Windows really doesn't have true viruses as of recent. Mainly because people tend not to distribute executables amongst each other. Instead, attacks are either Trojans, worms that infect machines in real time, or done via Web browser, or done via browser add-on exploits. These affect all operating systems. The reason one sees Trojans for Windows and OS X is the profitability factor -- more ROI to hit the top 1-2 used platforms rather than try to find a way to remotely root someone running NCSA Mosaic on an old IRIX 5.x box.
But eventually all operating systems should have some type of OS level IDS system that can detect known threat signatures and unknown ones that match various heuristic rules. This way, if someone does get in via yet another hole in a service, the IDS will be able to detect and log it, or actively stop the attack.
Very true. However, a lot of larger businesses have stipulations that their vendors have AV software on all computers used in a project. Even the AIX box crunching the numbers and the large Suns with the database end up with McAfee on them. Not that there is some major AIX virus, but to allow sales to tick off a box on the contract.
This pill is made easier to swallow though. Most AV products usually have more than one function these days. Symantec's can be used to block removable media, while other brands bundle with it comprehensive auditing consoles. Other brands, the antivirus is usually as part of a suite (Forefront comes to mind.)
Its even past that. It used to be kids who were out to knock off someone's machine on a local BBS. Then it became the legion of professionals who went blackhat due to cash.
Now, you have well heeled groups, from criminal organizations to whole governments who have immensely deep pockets who spend billions in order to search through every Windows and UNIX executable just to find the single buffer overrun, race condition, or other small goof that can be used in an elaborate attack. The payoff is big, and not just economics.
Of course the attacks are nastier and nastier.
Best defenses? After the obvious firewall and network IDS, two of the best system level out there are virtualization with a hardened hypervisor and jailing of apps. After that, an OS based IDS that can detect known signatures and unknown suspect activity. This way, something that gets access to the OS via an unjailed browser or plugin hole is stopped.
I run AV software for a few reasons: The first is that most AV software has heuristics. This is important for a "burglar alarm" in case something manages to get executing natively on a system. The second is to catch known threats before an OS update. AV products update at least daily, which is usually faster than OS or browser updates unless the hole is super critical. Another use is scanning files and documents before emailing. This way, if the recipient claims to have gotten an infection, I can say that it was scanned with a utility before it was sent, thus the recipient's problem.
Of course, there is the legal element. A business that doesn't have AV software on machines (regardless of how really effective it is), is like a business that doesn't have locks on building doors. People would say the business is not doing due diligence.
Key escrow is a bad concept in general. Even for a medium sized business, it takes some planning headaches, especially if people factor in having access by multiple employees in case one of them dies, goes rogue, or just quits and refuses to divulge the keys.
The biggest problem with key escrow is the "all eggs in one basket" issue. The more keys stored in a certain location, the more high value the target becomes. After a certain threshold with a large amount of corporate keys stored, it becomes economically worth it for well heeled blackhats to find who works there and has admin access, kidnap them (or their family members) and apply rubber hose "cryptography" until a means is found for appropriation of the keys by the attackers. If the keys are in a HSM, a party with a lot of cash (talking billions of dollars) would steal the HSM and painstakingly use a chip fab's worth of technology to get the contents, or they would find a way to have subkeys signed or items decrypted that might help them. This was my biggest fear when Clipper loomed over us as a mandated government standard.
A CA's loss of a key is disasterous, but the key can be revoked and a new key generated to be dropped in root certificate chains. However, encryption keys that are grabbed can post a big threat as data is a lot harder to re-encrypt.
Encryption is not a cure all for security needs. It is merely a tool, similar to locks on the door, guards with M16s, and CCTV cameras. Poorly implemented, it could mean little to a clued attacker, and businesses need to realize that the clued attackers are far more common that they think.
One example: Say someone uses the hardware encryption on a tape drive. Tape drives can have encryption set in multiple ways. It can be manually set for all tapes, or the backup application can manage keys and set the encryption pet tape. If an organization is slipshod about the way they use the encryption and use one key for all tapes, and have that key information written on the proverbial slip of paper on the monitor, then an attacker can grab the tapes, perhaps grab a tape drive or buy one, and decrypt the info to their hearts content. Compare this to an organization which uses more stringent backup procedures so that even if a tape is stolen by an insider, it won't be decodable.
Another example: BitLocker. If implemented right, BitLocker is solid against most known threats (avenues like rubber hoses and RAM scanning via IEEE1394 are different). However, if someone installs BitLocker and then disables all key protectors, to a competant attacker, the BitLocker protection is dealt with. Same with people using BitLocker on machines without TPMs using USB flash drives, and not making sure the flash drive is stored securely.
There are various implementions of encryption. ECB is a bad version (because an attacker can figure out what a block matches to). A good implementation might use multiple diffusers and an algorithm like XTS so an attacker can't compare sector 55 with sector 157 and determine if the contents are similar. So, even though a program might use AES, if salts and other crypto concepts are not used, it severely weakens security.
Finally, TrueCrypt. If someone thinks that TrueCrypt fixes all their security issues and doesn't concern themselves with attacks over the wire, an attacker can either slap a keylogger on a machine, or just read the volume decryption keys from memory, then at a later date grab the disks if there is too much data to fetch from remote. If TrueCrypt is used with proper protection against network attacks (firewall, etc.) then it provides excellent protection.
I am concerned that a law exempting breaches from being disclosed would only work in the blackhat's favor. In theory, someone could rot13 the data on the drive, or AES it with an all zero key to make the security that comes with encryption meaningless.