Oh Brian!

CNet is reporting that Google making SSL changes based on an SSL vulnerability that would allow a hacker to easily intercept someone's communications with supposedly secure Web sites over an unsecured Wi-Fi network. This vulnerability has been bouncing around for a little over a year. The SSL vulnerability potentially impacts Google services like GMail that support using SSL technology. The vulnerability has been around for a while; having been presented last year at DefCon 2007. See this message by Mike Perry to the BugTraq list for more details.

Having been involved in much of the early work around developing Network Admission Control (NAC) I realized that the weakest link is the endpoint. Time after time the objection was raised; "but what if they hack the endpoint". Everyone in the NAC world tries to respond to this the same way - by pointing out that there are already many different ways of protecting the endpoint such as anti virus, anti phishing, anti spyware, and personal firewalls.

The folks at the Mozilla took this a step further in Firefox v3 by adding additional controls in the browser. I was a little concerned when I first read about these controls because they seems to be "list" based (a white list and a black list) and seemed to point exclusively back at Google to source those lists. I like Google a lot but going there alone for this data is too much like Microsoft asking everyone to trust them for security.

What's needed here is a protocol that allows the browser to be configured to retrieve these lists securely from a trusted source. I had hoped that the IETF Network Endpoint Assessment working group would eventually get here (I now doubt that will ever happen). I saw this article on SecurityFocus and it seems to be saying the right things but doesn't define that protocol (yet).

CNet and TG Daily (and here) are reporting that a group of French journalists covering the BlackHat conference in Las Vegas were booted for allegedly attempting to hack (actually sniff) data of fellow journalists in the press room. The reporters were not only ejected from BlackHat and the follow on DefCon conferences but permanently banned from Black Hat.

Anyone want to wager on future sales of their magazine?

Labels: security

I love my Swiss Army watch. It looks great. It's the right size for my wrist. It is usually very comfortable to wear. About the only thing that I didn't like about the watch was the original band. It looked good but something in the construction irritated the skin on my wrist as the band was breaking in. After just a few months I sought a replacement band. While I was looking for a replacement band a friend told me about a "deployant". A deployant is a clasp type release that fits on the band and I find makes it much easier to get the watch on and off. Deployants come in different types. The first time around I tried a "flip" deployant. It was good but sometimes I would notice it poking out from under the band. The more the band aged; the more it stuck out.

I recently decided to buy a new band and a new deployant. This time I chose a "butterfly" deployant. It is really great. It's much more comfortable than any clasp on any watchband I have owned. I highly recommend the online store where I bought this; The Watch Prince. The folks there are really good. After I put together the order and asked that they assemble the new band and deployant (they do this for no charge); they noticed that the band I ordered required a different size deployant. They alerted me both by phone and email and let me know how to fix the issue (different sized deployant). I had the order in hand just days later. Really smooth. If you are looking for a new band or a deployant; give these folks a call.

CNet reported that England's historic Bletchley Park needs a financial helping hand to save several buildings used by World War II code breakers. I've been lucky enough to visit Bletchley twice; but just once when it was open and I was able to join the tour. It's a great place and a real treasure of computing history. If you have a chance and can pass on your StarBucks for a couple of days (OK, 4 days) why not donate $20.

This was the result when I ran the DNS check at www.doxpara.com; which is Dan Kaminsky's personal web site. Good stuff.