what we're reading, week of 4/13

From RSA Conference| Security Blogger Meetup… Yes, Virginia, there is a security community on Twitter Jennifer Leggio, from ZDNet, discusses the security community boom, especially with Twitter. She also provides some helpful tips for vendors and companies. Follow us on Twitter— @VPNHaus From Inside InfoWorld… Will Windows 7 be panned by enterprise IT? A recent survey done by Kace, a Systems Management Appliance company, reports that 84% of IT pros have no plans to deploy Windows 7 in the next year. Many are saying W7 is shaping up to be similar to Windows Vista—thoughts on this? From NP-Incomplete… 85% to 95% of all e-mail is spam? Yeah, that makes sense. Adam O’Donnell, who has recently left Zero Day|ZDNet, gives an explanation of why 9 out of every 10 e-mails is spam. Spammers want to be heard—since filters are stronger today than it was some years ago, spammers mutating their content and sending spam from more...

what we’re reading, week of 4/13

From RSA Conference| Security Blogger Meetup… Yes, Virginia, there is a security community on Twitter Jennifer Leggio, from ZDNet, discusses the security community boom, especially with Twitter. She also provides some helpful tips for vendors and companies. Follow us on Twitter— @VPNHaus From Inside InfoWorld… Will Windows 7 be panned by enterprise IT? A recent survey done by Kace, a Systems Management Appliance company, reports that 84% of IT pros have no plans to deploy Windows 7 in the next year. Many are saying W7 is shaping up to be similar to Windows Vista—thoughts on this? From NP-Incomplete… 85% to 95% of all e-mail is spam? Yeah, that makes sense. Adam O’Donnell, who has recently left Zero Day|ZDNet, gives an explanation of why 9 out of every 10 e-mails is spam. Spammers want to be heard—since filters are stronger today than it was some years ago, spammers mutating their content and sending spam from more...

security in the educational sphere

We’ve posted before about security considerations in the classroom, and wanted to point readers toward further reading in that area. There’s been a lot of recent publicity around a security breach that let loose personal data on 3,400 employees in the Irving School district in Dallas, TX, resulting in large-scale identity theft. From the Dallas Morning News: District security director Pat Lamb said a woman charged in the case said the information came from a list of names pulled out of a trash bin. “We still do not know how our records were compromised,” said Lamb, who mentioned that his own name was on the list. “We don’t know if somebody was supposed to shred that information, but it ended up in a Dumpster.” The Dallas Morning News has also published a timeline of the breach and surrounding communication, revealing the school district’s woefully inadequate response in the immediate aftermath of the breach. This should serve as a reminder that a proper information security strategy in any organization needs to be coordinated on both a technology and procedural level. For more on this issue, see this article in Security Magazine, featuring NCP’s Rene Poot and Marin Montessori School’s Zarko...

what we're reading, week of 4/6

From around the blogosphere… A story ran in the Wall Street Journal which caused much chatter and confusion among everyone. According to current and former national-security officials, cyberspies have penetrated the U.S. electrical grid and left software programs that could be used to disrupt the system. Here are three different opinions on this story. Andy IT Guy A little common sense goes a long way Andy believes that some systems just shouldn’t be on the Internet, including the Electrical Grid— “come on use a little common sense.” Schneier on Security U.S. Power Grid Hacked, Everyone Panic! Bruce is more concerned about other issues than he is about the cyberspies— he is worried about random errors and undirected worms in the computers running the infrastructure and criminal hackers. Errata Security Has the power grid been penetrated by enemies? Robert believes this story is an example of ‘yellow journalism’, and that someone internally is lying. From Inside CRM… Checklist: 5 Principles of CRM Security Since most CRMs involve mobile devices, it is more susceptible to security breaches. Rick Cook provides five helpful tips on how to protect yourself from data theft and misuse for a CRM system. From Rational Survivability… Google’s Updated App Engine – “Secure” Data Connector: Your Firewall Means Nothing (Again) Google’s improvement plans for its Google App Engine Platform includes access to firewalled data—grant-controlled access to your data behind the firewall. As Hoff expresses concern about this matter, we question how much confidentiality and privacy can a business have using this platform and what does it mean for the...

what we’re reading, week of 4/6

From around the blogosphere… A story ran in the Wall Street Journal which caused much chatter and confusion among everyone. According to current and former national-security officials, cyberspies have penetrated the U.S. electrical grid and left software programs that could be used to disrupt the system. Here are three different opinions on this story. Andy IT Guy A little common sense goes a long way Andy believes that some systems just shouldn’t be on the Internet, including the Electrical Grid— “come on use a little common sense.” Schneier on Security U.S. Power Grid Hacked, Everyone Panic! Bruce is more concerned about other issues than he is about the cyberspies— he is worried about random errors and undirected worms in the computers running the infrastructure and criminal hackers. Errata Security Has the power grid been penetrated by enemies? Robert believes this story is an example of ‘yellow journalism’, and that someone internally is lying. From Inside CRM… Checklist: 5 Principles of CRM Security Since most CRMs involve mobile devices, it is more susceptible to security breaches. Rick Cook provides five helpful tips on how to protect yourself from data theft and misuse for a CRM system. From Rational Survivability… Google’s Updated App Engine – “Secure” Data Connector: Your Firewall Means Nothing (Again) Google’s improvement plans for its Google App Engine Platform includes access to firewalled data—grant-controlled access to your data behind the firewall. As Hoff expresses concern about this matter, we question how much confidentiality and privacy can a business have using this platform and what does it mean for the...