Comments for Hayes On Security

Comment on FBI Citizens’ Academy by Jason M

Jason M — Fri, 23 Oct 2009 06:53:22 +0000

The FBI Citizens’ Academy Sounds cool. When I get closer to my ISS I might have to look into it further.

Thanks for the class

Jason

Comment on Gains Vs. Losses with CCTV by Doktor Jon

Doktor Jon — Thu, 03 Sep 2009 10:20:17 +0000

“It got me thinking about the question: are we better or worse off with a ubiquitous CCTV system?”

Hi Jeff,

Very interesting post!

Perhaps the first point to consider is, does a ubiquitous CCTV system actually exist; the answer is most probably no, as in the case of the UK (where I’m based), the misconception that there is currently some government sponsored scheme to connect up every camera across the country, is fanciful at best, and practically unworkable in the great scheme of things.

There are technical. financial and operational limitations in place, which will undoubtedly ensure that an all seeing panoptic system is even in a theoretical sense, still many years away from reality.

That said, the next point to consider is given the hundreds of thousands of individual ’systems’ currently in operation, the assumption has historically been that they work because they are in place, whereas the reality is, the vast majority do not work well at all, simply because they haven’t been designed, deployed and operated correctly.

Given that the UK is frequently held up as the “leader” in the use of this technology, the fact is our systems are often a complete embarrassment in terms of actual performance. Nothing so much to do with the technology, but unfortunately a lack of knowledge resulting in the equipment being allied to inappropriate techniques.

You mentioned that “The problem is that the scope of the cameras expands from terrorism and serious crimes like rape, assault and robbery.”

That has certainly been identified here, where mission creep has seen some street surveillance cameras being re-directed onto traffic enforcement (what we call “a nice little earner!”), and targetted surveillance being adopted for fairly low level everyday ‘misdemeanours’.

Having said that, the flip side is that it is now becoming more widely accepted by some experts, that the most effective use of CCTV from a Counter Terrorism perspective, is where images are recovered from small privately owned systems, that were never intended for that purpose. For example, catching a suspect buying a newspaper at the local corner shop or filling up with gas.

Unfortunately, the problem here is to convince the systems owner that they need to achieve the best possible image quality, not just for their purpose, but for any other ‘issues’ that may arise. That need not have anything to do with cost, but specifically the way in which the equipment is used.

Longterm, any society that travels down the route of adopting widescale video surveillance of the populace, must take steps to ensure that there is an appropriate and effective regulatory body, and legislation to back it up.

Sadly that is something which just doesn’t exist at the moment.

Jon - CCTV Advisor - London, UK.

Comment on Epic Cyber Swindle - Albert Gonzalez by Matt Falkner

Matt Falkner — Wed, 26 Aug 2009 00:14:18 +0000

I agree that people that think Hacking is a great thing to do because they think they are getting away with it, should be put in prison for a very long time. This nation’s economy is getting worse and will continue to get worse if Hackers aren’t out to an end.

Comment on Mistakes of Home Office Computing by StevenH

StevenH — Wed, 19 Aug 2009 01:06:34 +0000

I think that anyone who is working at home as a self employed professional will run into several problems with this list. Keeping your business separate from your home being among the top in my opinion. Unless your set aside an office with a septet computer from you personal computer with only the software you would need to do business, I would not be able to keep it set apart. Even then Like you said, I would just say to myself “who cares!” and just watch my funny youtube vids. Besides that I don’t think I do a bad job setting up the basic security for the router, firewall, as well as the Wi-Fi. Backing up the data and keeping it separate from the computer or in a secure location would be a problem unless you have a safe to lock it up in or have an online backup.

Comment on P2P Filesharing Legislation by phil84

phil84 — Wed, 19 Aug 2009 00:46:59 +0000

P2P filesharing is a great way to distribute files quickly and easily. If companies are able to sue individuals and companies for distributing software ‘illegaly’ they could be spending the money to protect their products from being distributed.
P2P filesharing also has benefits for companies that do not wish to have their products distributed this way, even if they don’t want to admit it. Filesharing allows interested users to test software without having to waste their time with ‘trial versions’.
The some products may not suite the user in the long run. Why should you have to pay for it if you aren’t going to use it? Most ‘trial’ versions are dumbed-down, handicapped versions of the real thing and are not a viable solution for determining a products worth to the user.
It should be up to the people to govern the appropriate use of the software they aquire.

Comment on Social Networking Security by e_g_jones@hotmail.com

e_g_jones@hotmail.com — Wed, 19 Aug 2009 00:37:33 +0000

Some of the reasons that you list as what not to do is why I do not use a lot of the social media sites. I mainly use this types of sites to keep contented to old school mates and peeps that have moved out of the state(when I am to lazy to call). So in short I agree with what you said in your post.

Comment on National Cyber Czar: Good or Bad? by Ryan John

Ryan John — Wed, 05 Aug 2009 00:33:03 +0000

Obama does not even know what he is talking about, he is talking about recovering from security hits fast and trying to prevent them, but there is nothing that he is doing to prevent this from happening. He just talks about basic security concerns and says that they will protect from them. I always love will politicians talk about stuff that they do not understand.

Comment on Incident Reponse: What Not To Do by James

James — Wed, 05 Aug 2009 00:27:05 +0000

So there where these two hunters up in the mountains and while they where scoping for game to hunt, one of the hunters collapsed with a heart attack. So the other hunter hurried and called 911 and told the dispatcher “my partner is dead, what should I do?”. The dispatcher said “calm down sir, we need to be sure if he’s really dead.”… A dead silence…then a shot. Back on the phone said the hunter “OK, what next.”

Comment on Google Privacy: Are We Screwed? by nachito6

nachito6 — Wed, 05 Aug 2009 00:21:09 +0000

I totally agree with this article on the fact that there are several items that we have to change, i didn’t know we could add SSL into out google; this is great to know, that way we can be more secure about what we do and what we enter on the internet.

Comment on Cloud Computing: Nothing More Than Marketing Fodder by Greg Ness

Greg Ness — Mon, 27 Jul 2009 19:32:53 +0000

Jeff:

With cloud you can say about anything and be both right and wrong. However, I wouldn’t rule out the power of multi-site elasticity to transform IT versus simply to make VLANs easier to manage.

Principals of the mainframe era will likely be with us for a long time, at least in some form. Perhaps the biggest change since hte mainframe is the role of the network… hence my comment.

Thanks
Greg

Infoblox