Wednesday, January 27, 2010

Another new device from Apple: iPad



Apple has done it again. They have released details of a new device called the iPad at an Apple Keynote in San Francisco, CA. There have been mounting rumors and expectations for a while, about an Apple Tablet device. It is finally here - and to use a Steve Jobs phrase, it looks "insanely great".

You can get an excellent video overview of it on apple's website for the iPad.

There isn't anything that I can say about it here that you won't be able to learn about it from that video linked above.

Enjoy!

Sensei Metajunkie

Tuesday, January 26, 2010

Google Wave Invitations Available

I have some invitations for the Preview of Google Wave available.

Let me know if you are interested.


Sensei Metajunkie

Monday, January 25, 2010

Sharing with the TaoSecurity Blog

I recently posted a comment which I'd like my readers and students to take a look at on Richard Bejtlich's TaoSecurity Blog.

You will find several of Richard's books on our reading list. He is, in my opinion, a thought leader in the field of Information Security. This is especially true of his ideas concerning Network Security Monitoring (NSM).

I encourage you all to take a look at the whole threaded conversation, but below is a copy and paste of my comment:

Richard,

I'm not sure I'm really following you on this one. Are you suggesting that the 'point in time' doesn't matter?

I generally find your 'out of the box' thinking refreshing (and often inspiring); but, I think I'm missing your point. Or, perhaps I'm just not agreeing with you.

I can agree that we are facing 'on-going' campaigns of cyber-threats in many arenas, and that we need to plan with the big picture in mind. But even in a physical campaign of war; while we must have high level strategy that leads battlefield level tactics, we must win the individual 'point in time' conflicts (at least the key ones) in order to win the war. Wouldn't you agree?

How does IT Security, or if you will allow the term cyber-warfare, differ? I have spent quite a bit of time converting Sun Tzu's The Art of War into IT Security wisdom. To me - his warfare consulting applies in cyberspace as well as physical terrain.

While Sun Tzu does advocate that the war is won or lost in the planning stage, before the enemy is even physically engaged; in the end, the best planning won't amount to a hill of beans if the boys in the trenches can't overcome their foes. That is IMHO the Zen aspect of IT Security - you have to be 'in the moment'.

From a Sun Tzu point of view, I believe that the lesson of his which most American companies that I've worked with are failing to heed is the "Know the Enemy, Know yourself." And of those two suggestions - it is actually the "know yourself" which is hurting the most. I could probably go on at the length of a book on that one... so I'll quit here ;)

Sensei Metajunkie


Governments and the Internet

A cyber-friend of mine mentioned that I was curiously quiet on this blog about the recent events between Google in China and and the evil hoard of malicious hackers seemingly putting political pressure via cyber-attacks.

The short story is that Google has been working with the Chinese government to censor google results which the Chinese Government doesn't want their citizens to see. In perhaps what was a moment of Liberty-Clarity, Google recently came out with a statement that they were going to stop censoring these results. To the best of my knowledge, they haven't actually implemented this change in policy - but they said they were going to.

After releasing their statement, they came under cyber-attack.

In other news, a law-firm that is representing an American company that is suing the state of China also came under cyber-attack.

Within the last few evenings, I saw Secretary of State, Hillary Clinton giving a long speech about "Internet Freedom".

Of all of the events noted above, listening to Secretary Clinton talk about the importance of a Free Internet caused me the most concern. I have a hard time believing that she has had a change in what I perceive to be her core beliefs. In order to understand why this of all things concerns me the most, you should probably do a google search on clinton, gore, PMRC, and the v-chip. ((if you don't get any interesting results - none of this will matter any more. ;) ))

My memory lumps all of these things together in a time when: Phil Zimmerman was being put on trial by the US Government for making his free encryption program (PGP) available on servers that were connected to the Internet, the Clinton Administration was ensuring that the v-chip would be put into every television in America, and Tipper Gore and Hillary Clinton were dabbling in their own game of PMRC censorship, while I was the sysop (system operator) of the CIA (Central Information Agency) BBS trying to raise awareness about the decline of Liberty in America.

My judgement is that our Secretary of State is just fine with censorship, as long as she is in a position of decision. I further judge that she is no friend to true Internet Freedom; and, prefers the perception of freedom to the real thing. I am willing to be wrong about this, and I'd love to hear your thoughts on the subject.

I'm waiting to see all of the legislation that will follow, to ensure the "Freedom (R)" of the Internet.


Sensei Metajunkie

More Internet Explorer Woes

This is just a quick heads up - if not a tad late...

Internet Exploder... errr "Explorer" has more serious security flaws in it. The last I heard, Microsoft was still trying to come up with a patch.

Have you looked into using an alternative web browser yet?

Firefox is FREE.

There is also a free email client called Thunderbird.

While we are at it... You should already be familiar with OpenOffice.org. It is a free suit of programs for word processing, spread-sheets, presentations, etc. I'm amazed how many people I run into who are using old pirated versions of Microsoft Office. Live and let live; but, for the small business this is a really poor choice of roads to travel. Why not adopt the open-source and completely free to use for personal and business uses alternative? OpenOffice has been around for a long time now. Unless you have all sorts of custom-coded MS Office VBA Applications and/or a serious Access Database, there really isn't a good reason not to switch to Open Office. And if you are one of the few companies that are truly leveraging the power of MS Office, good for you - now pay the piper. ;)

Surf safe,

Sensei Metajunkie

Wednesday, January 13, 2010

Cyber-Jutsu Style: Free Music is Nice!

All work, and no play can make your cyber-jutsu rigid like the dance steps of a less than articulate automaton. Free Internet Music is a sure-fire way to keep you in the rhythm of things.

I recommend all cyber-jutsu practitioners check out Pandora internet radio at www.pandora.com.

Pandora is free to use through your browser, though they have also released a fee-based version which strips out the advertisements and provides a native windows and/or Macintosh application. The paid service cost $36/year. Some simple math shows us that their premium music service would only end up costing $3/month. There are a bunch of other reasons to purchase the premium membership - but I'll leave that up to them to convince you with.

In any case - I just created my own radio station based upon Generation X to listen to. This is pretty neat stuff! :)

Enjoy!

Sensei Metajunkie

Wednesday, January 6, 2010

Anti-Virus software companies statistically evaluated





I just finished reviewing some statistical data on AV products at Shadow Server. Shadow Server has been an excellent source of information for me on the Conficker outbreak. From their home page:

"Established in 2004, The Shadowserver Foundation gathers intelligence on the darker side of the internet. We are comprised of volunteer security professionals from around the world. Our mission is to understand and help put a stop to high stakes cybercrime in the information age."
What was most striking, regarding the AV information I reviewed, was the surprisingly low identification rate for AV products that I had previously held in high regard. I'm not sure if this data is proof that some of the more mature AV companies are sitting back on their laurels, or if it is indicative of a malware epidemic growing out of control. It is probably a bit of both.

I recommend all cyber-jutsu practitioners check out Shadow Server.