When I first read this article I thought, geez, that's a really neat idea. Then I started thinking about some of the stuff that Macdonalds has done recently and realised that they were taking a leaf out of the Macdonalds book.
It looks like more and more these franchise, super chains are going to start expanding their offering to appeal to a wide cross section of customers and increase revenue or stave off bad press. I have visions of some time not to far in the distant future where the only restaurant is Macdonalds. It servers everything from sushi, through to al la carte french dining as well as burgers. When people go out to eat they go to the local Macdonalds. Now Starbucks sells music only, next time there will be internet access to a variety of order online places that deliver your shopping by the time you finish the coffee.... the only place to go shopping becomes starbucks!
I think this one came through my inbox this morning when I first turned on the computer. Had a similar subject line to the Bagle / Beagle virus but Outlook did not show the attachment icon next to the message... fortunately I don't use preview pane.
Not seeing the attachment icon and figuring it could be a legit message I opened the email. An ActiveX script then tried to run, presumably to download the actual code from somewhere. Fortunately my security settings prevented it from executing and I then trashed the email message.
I used to always winge about the restrictive security settings in Outlook. Now I am really glad that they are there!
In some ways I think this iniative is a fantastic idea. It seems the only way to change things at a government level are to have someone actively trying to tame (aka lobbying) the political beast. Unfortunately this is something that, in my opinion, we have not really been good at.
Look at the auto industry. They have advisory bodies actively working with government to ensure policians understand the ramifications of passing that latest pollution bill. They have taken the time to learn how politicans think and can talk both in the proper political language and also in the ever important WIIFM (What's in it for me) language. Making things personal for the people that make the decisions might not give them the ideal outcome (especially considering how much of a political issue the environment is) but they do get concessions, delayed implementations, compliance periods or any number of ways to water things down.
If by establishing an association of security professionals that are prepared to learn politician talk to actively promote security ideals we can improve the state of cybersecurity this is great. This means there will now be an organisation out there lobbying politicians to see that all those security principals we want to see employed are given sufficient focus.
What's the old saying.... the squeaky wheel get's the grease? Well now we are going to be a squeaky wheel for a while! If that even leads to one less government system hacked or reduces the damage associated with the latest virus attack this has got to be a great thing for all of us?
In the article it states that they currently are predominantly Microsoft centric on their midrange platform and this is the area that is expected to change as part of the Change Program.
I guess this in turn means that they would primarily be doing custom developed software. I can't imagine too much off the shelf type stuff that would be of interest to ATO.
So let's assume that Corporation X involved in the say the electricity system does turn around and say "yes I am running xyz system that has the following security flaws". What checks and balances are then in place to ensure the security of that information?
For an organisation intent on doing some kind of harm, this system makes a very good target. Rather than having to try and "find" all these security flaws in the critical infrastructure I can go to one place and they are all served up on a silver platter. So who looks after this?
I know it's kind of trite, but who is going to guard the guards and ensure they are taking care of this ultra sensitive information? Who is going to audit the government infrastructure to ensure that it is secure and not vulnerable?
I know risk management strategies are generally based around the choices of accept, transfer or mitigate risk but this really seems to be purely blind transferance of risk with no understanding as to the capabilities of the receipient to properly manage or account for that risk.
This is a very valid point. I have spoken to noend of customers talking about wireless networking solutions and inevitably they ask about bluetooth and where that fits in.
There used to be a really good slide deck that Cisco had that spoke about wireless technologies and then had a series of three concentric circules. Smallest labelled PAN (Personal Area Network) then LAN then WAN. Each had the variety of technologies in it's "portfolio" listed. ie. PAN - infrared, bluetooth LAN 802.11 a/b/g WAN - Microwave, Laser etc. etc.
Like most things in this industry there are a myriad of ways to skin a cat and a myriad of technologies for any particular job. Which one is right generally comes down to environmental restrictions, personal choice etc.
Unfortunately some people seem to automatically read 802.11 a/b/g every time they see the word wireless. It's simply not the case!
A co-worked of mine once showed me a CD platform he uses regularly. Something called ESCD (?) I am not 100% sure about the name of it.
I had just inherited a new notebook from a co-worker that had just left. I needed to make sure that all the corporate information on the notebook was accounted for. Unfortunately this was one they had built up themselves and noone had the admin passwords to the local machine. Enter ESCD.
Using this nice little CD I was able to boot to a linux environment, read the NTFS partitions and make changes to the password files with a nice little menu to step me through it.
A couple of quick changes later and I was able to log in to the machine as the local computer admin and receover all information that had been stored on there. Was quite funky.
My god, this reminds me of the first time my grandfater brought home a new mouse for our Amstrad CPC something... you know those old black macines with the intergrated tape drive in the keyboard, all the smarts in the keyboard and the memory module at the back?
It took me forever to work out how to drive this thing, I must have been about eight at the time. At that stage it was the most amazing device I had ever seen. Who had ever thought you could point at icons on the screen and make things happen!
I can still remember going to a Microsoft presentation in Townsville. A guy in the registration queue in front of me was standing there having a very loud conversation on his mobile phone. The poor girl doing registations was desperately trying to get him to sign the NDA paperwork......
Then the phone rang!
He left the seminar and didn't come back.... this was quite a few years ago when mobile phones were still cool and new!
The random telephone survey of 1,023 adults and 500 teenagers was conducted Nov. 12-19 by Princeton, N.J.-based Taylor Nelson Sofres Intersearch and was released Wednesday
I wonder if they called people on their cell phones to survey them!!! No wonder it's hated!
It's amazing as some friends and I were talking about this issue just recently. We all work in IT and generally like to say we are fairly security concious. We also have frieds / relatives access our computers who aren't IT professionals and aren't aware of what is happening.
The biggest problem we all saw stems from a user awareness and user education issue. Most of the punters out there using the Interent see it as being a friendly place that they can go online to have some fun, read their news, look at some porn and generally have a good time. They do not see the internet as the technological equilvalent of walking the back streets of the nearest ghetto at night with your pockets laden with cash and no idea of where you're going.
Until we get the message through to these people that the internet is not a lovely controlled little playground that they can mess around in the longer it is going to take to sort this mess out. The problem is explaning the problem to these people... I came home from work the other day to find that my partner and some friends had logged on to one or two sites of rather dubious nature. As you would expect these sites were full of the usual scripting and ActiveX objects. How do you explain to people that see the internet in the same fashion that they see the TV the dangers of browsing these sites.
Licensing would be great... I have got on my soap box one or two times and said the same thing. Unfortunately it would never fly as the average end user does not understand why they need to be licenced to access the internet. We need to work on educating these people that whilst yes it is possible to have some fun on the internet it is kind of like an electronic representation of the real world. There are the con artisits, the theives, the general "bad" people on the internet just like in the real world. Further just like in the real world where you wouldn't leave your house unlocked you can't leave your computer, or internet connection, unsecured.
Unfortunately most average internet users don't see it this way yet.
I cant knock it as I am as bad as everyone else on this one, but, I still struggle to understand what it is about us that makes the idea of being a vouyer, exhibitionist or both so appealing to the human psyche.
Look at the average blog and you have all manner of personal thoughts or information being poured out to the universe at large. Whilst most blogs seem to offer the option to make your blog private how many people are able to resist the temptation to subject the rest of the world to their thoughts, feelings or activities. Geez, I cant whinge, I am just as bad as everyone else.
There was an article on one of the cybercultre feeds that talked about blogging and the reasons why people did it. It referenced a married woman who thought their partner was cheating and poured out their suspicions to the rest of the world in the hopes it would get back to their partner! I can understand the use of blogs to keep distant friends / relatives updated as to what you are doing, thats what I use mine for! But to use it to indirectly address a problem that could be better be addressed using other forums / means just strikes me as counter productive.
Have we got to a stage where technology is so prolific that we take any opportunity to try and solve problems using technology that could be better solved in the old fashioned way? In the example above wouldnt it be far more effective to sit down and talk to the potentially erring partner rather than hoping that one day their a web search sent them to the page!!!
I have no objection to blogs as an online journal, however I would like to see some kind of scoring mechanism if they are used for other purposes. For example... It is getting increasingly hard to find the gems of information that we all crave admist all the marketting hype that is now circulating around the web. As blogging becomes ever more popular we also need to contend with the increasing personal rants or opinions that this activity is going to generate.
Similar to the way the majority of online forums are moderated (eg. Slashdot) we need to find some way to moderate the content that is being published out to the web at large. If I am searching the web for configuration information about a particular software application the last thing I need to read is some unrelated rant on someones personal blog that google returned simply becuase it cross referenced so many other pages.
The problem there though is that as soon as you start saying "the advanced user" account you can guarantee that is going to come at an "advanced cost". Even though putting the responsibility for open or closed ports back on the end user should lessen the workload they will still charge more. The worst thing is that unfortunately we will all be stuck with no option but to pay for it.
Unfortunately it seems like as all these well meaning companies try and make the internet more user friendly, safe and accessible for the clueless newbie and forget that people that actually know how it all works are adversely affected. Port blocking at the ISP is a great example.... Ideal for the newbie as it is one less thing they need to worry about from a security perspective, but how about everyone else that wants to run their own mail server, web server etc. etc.
It's been said hundreds of times before I'm sure. You need a licence to get on the road but not to get on the internet!
Slashdot Mirror
It looks like more and more these franchise, super chains are going to start expanding their offering to appeal to a wide cross section of customers and increase revenue or stave off bad press. I have visions of some time not to far in the distant future where the only restaurant is Macdonalds. It servers everything from sushi, through to al la carte french dining as well as burgers. When people go out to eat they go to the local Macdonalds. Now Starbucks sells music only, next time there will be internet access to a variety of order online places that deliver your shopping by the time you finish the coffee.... the only place to go shopping becomes starbucks!
Not seeing the attachment icon and figuring it could be a legit message I opened the email. An ActiveX script then tried to run, presumably to download the actual code from somewhere. Fortunately my security settings prevented it from executing and I then trashed the email message.
I used to always winge about the restrictive security settings in Outlook. Now I am really glad that they are there!
Look at the auto industry. They have advisory bodies actively working with government to ensure policians understand the ramifications of passing that latest pollution bill. They have taken the time to learn how politicans think and can talk both in the proper political language and also in the ever important WIIFM (What's in it for me) language. Making things personal for the people that make the decisions might not give them the ideal outcome (especially considering how much of a political issue the environment is) but they do get concessions, delayed implementations, compliance periods or any number of ways to water things down.
If by establishing an association of security professionals that are prepared to learn politician talk to actively promote security ideals we can improve the state of cybersecurity this is great. This means there will now be an organisation out there lobbying politicians to see that all those security principals we want to see employed are given sufficient focus.
What's the old saying.... the squeaky wheel get's the grease? Well now we are going to be a squeaky wheel for a while! If that even leads to one less government system hacked or reduces the damage associated with the latest virus attack this has got to be a great thing for all of us?
I guess this in turn means that they would primarily be doing custom developed software. I can't imagine too much off the shelf type stuff that would be of interest to ATO.
For an organisation intent on doing some kind of harm, this system makes a very good target. Rather than having to try and "find" all these security flaws in the critical infrastructure I can go to one place and they are all served up on a silver platter. So who looks after this?
I know it's kind of trite, but who is going to guard the guards and ensure they are taking care of this ultra sensitive information? Who is going to audit the government infrastructure to ensure that it is secure and not vulnerable?
I know risk management strategies are generally based around the choices of accept, transfer or mitigate risk but this really seems to be purely blind transferance of risk with no understanding as to the capabilities of the receipient to properly manage or account for that risk.
What can I say.... It's a size thing! haha
There used to be a really good slide deck that Cisco had that spoke about wireless technologies and then had a series of three concentric circules. Smallest labelled PAN (Personal Area Network) then LAN then WAN. Each had the variety of technologies in it's "portfolio" listed. ie. PAN - infrared, bluetooth LAN 802.11 a/b/g WAN - Microwave, Laser etc. etc.
Like most things in this industry there are a myriad of ways to skin a cat and a myriad of technologies for any particular job. Which one is right generally comes down to environmental restrictions, personal choice etc.
Unfortunately some people seem to automatically read 802.11 a/b/g every time they see the word wireless. It's simply not the case!
EF.
I had just inherited a new notebook from a co-worker that had just left. I needed to make sure that all the corporate information on the notebook was accounted for. Unfortunately this was one they had built up themselves and noone had the admin passwords to the local machine. Enter ESCD.
Using this nice little CD I was able to boot to a linux environment, read the NTFS partitions and make changes to the password files with a nice little menu to step me through it.
A couple of quick changes later and I was able to log in to the machine as the local computer admin and receover all information that had been stored on there. Was quite funky.
It took me forever to work out how to drive this thing, I must have been about eight at the time. At that stage it was the most amazing device I had ever seen. Who had ever thought you could point at icons on the screen and make things happen!
Then the phone rang!
He left the seminar and didn't come back.... this was quite a few years ago when mobile phones were still cool and new!
I wonder if they called people on their cell phones to survey them!!! No wonder it's hated!
The biggest problem we all saw stems from a user awareness and user education issue. Most of the punters out there using the Interent see it as being a friendly place that they can go online to have some fun, read their news, look at some porn and generally have a good time. They do not see the internet as the technological equilvalent of walking the back streets of the nearest ghetto at night with your pockets laden with cash and no idea of where you're going.
Until we get the message through to these people that the internet is not a lovely controlled little playground that they can mess around in the longer it is going to take to sort this mess out. The problem is explaning the problem to these people... I came home from work the other day to find that my partner and some friends had logged on to one or two sites of rather dubious nature. As you would expect these sites were full of the usual scripting and ActiveX objects. How do you explain to people that see the internet in the same fashion that they see the TV the dangers of browsing these sites.
Licensing would be great... I have got on my soap box one or two times and said the same thing. Unfortunately it would never fly as the average end user does not understand why they need to be licenced to access the internet. We need to work on educating these people that whilst yes it is possible to have some fun on the internet it is kind of like an electronic representation of the real world. There are the con artisits, the theives, the general "bad" people on the internet just like in the real world. Further just like in the real world where you wouldn't leave your house unlocked you can't leave your computer, or internet connection, unsecured.
Unfortunately most average internet users don't see it this way yet.
Hehe..... you can gurantee that half the 25/F/CITY are bored IT professionals somewhere!
Well it's better than being confronted by asl every time you logon to a chat room.
I cant knock it as I am as bad as everyone else on this one, but, I still struggle to understand what it is about us that makes the idea of being a vouyer, exhibitionist or both so appealing to the human psyche. Look at the average blog and you have all manner of personal thoughts or information being poured out to the universe at large. Whilst most blogs seem to offer the option to make your blog private how many people are able to resist the temptation to subject the rest of the world to their thoughts, feelings or activities. Geez, I cant whinge, I am just as bad as everyone else. There was an article on one of the cybercultre feeds that talked about blogging and the reasons why people did it. It referenced a married woman who thought their partner was cheating and poured out their suspicions to the rest of the world in the hopes it would get back to their partner! I can understand the use of blogs to keep distant friends / relatives updated as to what you are doing, thats what I use mine for! But to use it to indirectly address a problem that could be better be addressed using other forums / means just strikes me as counter productive. Have we got to a stage where technology is so prolific that we take any opportunity to try and solve problems using technology that could be better solved in the old fashioned way? In the example above wouldnt it be far more effective to sit down and talk to the potentially erring partner rather than hoping that one day their a web search sent them to the page!!! I have no objection to blogs as an online journal, however I would like to see some kind of scoring mechanism if they are used for other purposes. For example... It is getting increasingly hard to find the gems of information that we all crave admist all the marketting hype that is now circulating around the web. As blogging becomes ever more popular we also need to contend with the increasing personal rants or opinions that this activity is going to generate. Similar to the way the majority of online forums are moderated (eg. Slashdot) we need to find some way to moderate the content that is being published out to the web at large. If I am searching the web for configuration information about a particular software application the last thing I need to read is some unrelated rant on someones personal blog that google returned simply becuase it cross referenced so many other pages.
The problem there though is that as soon as you start saying "the advanced user" account you can guarantee that is going to come at an "advanced cost". Even though putting the responsibility for open or closed ports back on the end user should lessen the workload they will still charge more. The worst thing is that unfortunately we will all be stuck with no option but to pay for it. Unfortunately it seems like as all these well meaning companies try and make the internet more user friendly, safe and accessible for the clueless newbie and forget that people that actually know how it all works are adversely affected. Port blocking at the ISP is a great example.... Ideal for the newbie as it is one less thing they need to worry about from a security perspective, but how about everyone else that wants to run their own mail server, web server etc. etc. It's been said hundreds of times before I'm sure. You need a licence to get on the road but not to get on the internet!