infosec

Ankylosaurus was a 4-ton herbivore that lived about 65 million years ago at the end of the Cretaceous Period. Representing the pinnacle of evolution in dinosaur defense, Ankylosaurus was a veritable tank. These wide and low dinos were covered with armor plates which were used together to form a nearly impenatrable shell. They featured triangular horns on their heads and a large, club-like tail. Their leathery skin was covered with spikes, which even covered their eyelids.

What does the Ankylosaurus have to do with modern security? There's probably some lessons we can learn from them. Their skulls were so thick that some scientists think that their brains were no larger than a golf ball, and as such, they were one of the least intelligent dinosaurs. Further, the fusion of the bones in their backs and necks helped prevent attack, but they probably couldn't even lift their heads to reach food above ground level. And despite their formidable defenses, none of them survived past the K–T extinction event.

Just for the fun of it, I turned the security quotes that I've collected for this site into a fortune compatible format.  Now you too can read security words of wisdom every time you log in.  The archive is available here.  Install fortune (on Debian its sudo apt-get install fortune), put these in your home directory or /usr/share/games/fortunes and run fortune secquotes.

In addition to this weblog, I also maintain a list of security links at del.icio.us.  Although the list is for me to keep track of things I don't want to lose, other readers may also find it useful.  You can browse through my security items, which is further subdivited by category, such as security blogs.

If you haven't used del.icio.us before, give it a try.  It has recently been purchased by Yahoo!, and the reliability has improved quite a bit since.  If you use Firefox, there's a great del.icio.us extension for managing your items.  I'm hoping to see more features come out soon.

My family and I went to see Firewall last night.  If you haven't heard, the movie stars Harrison Ford as Jack Stanfield, V.P. of Landrock Pacific Bank.  In the movie, Jack is a from-the-trenches security professional and although I've heard that Ford is not particularly computer savvy, he does portray a realistic concern for managing risk.

The acting, IMHO, was excellent.  Ford was ideal for his role, Paul Bettany makes a great crook, and the other cast was excellent as well.

I just wrapped up presenting at the January meeting of the St. Louis Information Systems Security Association (ISSA).  I had a great time, and I hope others enjoyed it as well.  I've posted the presentation slides on this site.  The links for the different formats are ODP, PPT, and PDF.

<!--Creative Commons License-->
This work is licensed under a Creative Commons Attribution 2.5 License.<!--/Creative Commons License--><!--


-->

I've started working on what will be an article or presentation on password security.  Its debated whether passwords are an acceptable method for authentication.  Below are some of the problems, and workarounds, of password issues.

I recently presented at the St. Louis Infragard chapter on Positive Thinking in Information Security.  The slides can be downloaded in OpenDocument, PDF, or PowerPoint format.

The overall premise of the presentation is that it is easier to identify positive behaviors rather than bad ones.

I know most everyone has already seen this, but in case you haven't, I can't resist posting a link to Marcus Ranum's "The Six Dumbest Ideas in Computer Security". It is worth reading for his writing style alone.

An introduction from his article:
"Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers."