Wednesday, September 19, 2012

Facebook, Twitter Begin Slide into Irrelevance

I don't always agree with Networkworld's Mark Gibbs, but he's seldom boring. This week he riffed on Facebook's and Twitter's dependance on advertising. Coming from magazine publishing, he's sure to know how fickle that proposition is.

Basically in exchange for free content and ads, users sell their souls, otherwise known as PII. Fair exchange? I think not. But users are selectively cheap. They're been conditioned to expect online content and services for free, although the cost of accessing the content and services isn't free. What ISP doesn't exact a monthly fee for access? If Google is so intent on free access information, why doesn't it supply ad-free search, and provide payments to content creators?

This perspective may be influenced by my role as a content creator, but it bothers me that users expect free online content, but these same freeloaders expect to pay for Starbucks and slacker chic.

Denny Hatch, a curmudgeonly DM commentator, and others have suggested that Facebook, Twitter, and their ilk charge $1/month for use. Do the math. That's billions a year, and for $12/year we won't have to provide PII and suffer invasive ads. Of course, there's a risk to building a paywall in that someone else can offer that service for free. It wasn't so long ago that mobile service providers tried to keep users in walled gardens. How Apple continues to do this is beyond my ken.

Tuesday, September 18, 2012

National Cyber Security Hall of Fame: Where's Hal Tipton?

First Inductees to National Cyber Security Hall of Fame Unveiled

While I'm certain that everyone named to the hall of fame is deserving, and knowing most of them either personally or by reputation, they are, I still can't believe that Hal Tipton wasn't included. Hal's history is like the history of information security. And, the number of people he's influenced has to be legions. Hal was a true pioneer, visionary, and doer.

Thursday, September 6, 2012

"No Easy Day"

I finished the book last night. It was okay, and I'm sure the movie will be, too.

I'm still struggling to figure out what was "classified," and why the witch hunt. The story didn't seem too much different from the Time article published last Spring. You'd think, though, that the Pentagon would be looking at all the leaks about the operation in its aftermath. It didn't take long for details to emerge.

Wednesday, September 5, 2012

No Easy Day: Day 2

So now the Pentagon claims the book reveals classified information. There are also rumors reported in the NYTimes that the author wrote the book because he was pissed off at how he was treated. Is this the start of a slur campaign?

So far, there's been nothing exciting in the book. The usual stuff about how the auther was born to do this, complaints about too much training and too little action, anecodotes about missions in the Middle East, ...

I've heard the training complaint before. The son of a friend is in Delta now, and has been for five years or so. He's only deployed to Trashcanistan once. The other years were spent either as a trainee or a trainer, both here and overseas.

As I continue to read, maybe we'll get to the actual assault and take down of bin Laden.

A Vulnerable Network Can Cost Your Business

Did you know that a vulnerability scanner can save you money? If you look at the various reports that have come out regarding the costs of security incidents, you will find that the per incident cost can range from a few thousand dollars to several million.
Last year, a Bloomberg report cited a study by the Ponemon Institute that found that the costs of security incidents involving credit card or social security number breaches cost an average $7.2 million per incident. Even on the low side, a report co-sponsored by HP put the average cost of a security incident at $416,000. When you compare this to the costs of identifying and properly securing a company’s vulnerabilities before a breach occurs, it seems obvious that securing your systems is the most economical approach to take. But before we look at how to approach this, consider the longer term impacts of a security breach.
A vulnerable network can cost your business in more ways than one. The expenses associated with cleanup pale in comparison to the costs from a damaged reputation. Lost business, reduced consumer confidence and the long term press coverage that comes with any security incident will have a financial impact that can last years beyond the actual event. While it is impossible to attach an accurate dollar amount to what might have been, you have to consider the revenue lost because a potential customer chose your competitor in part because they weren’t sure about entrusting their business with a company that has had a security incident.
The sad thing most businesses find out too late is that the costs of remediation would have been far less. Whether your costs are on the low end or the high, the simple fact is that practically all security incidents are avoidable, if you know where to look. And that is where a vulnerability scanner comes into play.
A vulnerability scanner is a tool you use to assess the state of your workstations and servers. When you use a vulnerability scanner, you examine all the systems connected to your network. This assessment will not only tell you what state your systems are in, it also gives you the same sort of information malicious attackers will have into your systems.  
You can use a vulnerability scanner to assess their patching level and the services running on them. You can also check for common misconfigurations that can lead to security incidents, and other vulnerabilities such as weak or default passwords. A vulnerability scanner provides you with the information you need to go about securing your systems, addressing configuration issues, and ensuring that you computers are secure.
Use a vulnerability scanner regularly, update your scanner’s definitions each time you use it, and scan your systems both from the outside and within. Regular scanning ensures that as new systems are brought online or configuration changes are made, you will detect any new vulnerabilities that are introduced or discovered on your network. By scanning externally, you can see things the way attackers over the Internet do, and by scanning internally, you can get a feel for your exposure to inside threats, whether those are malicious or merely curious users, malware, or other potential threats.
The costs of a vulnerability scanner are a fraction of the costs associated with even a minor security incident, and the money you will save remediating issues before they become incidents will repay you many times over. Start using a vulnerability scanner today to save money, protect your reputation and to help secure your customers’ continued loyalty.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging need. Learn more on what to look out for when choosing a vulnerability scanner.

Tuesday, September 4, 2012

"No Easy Day" Coming Soon to a Torrent Website?

I couldn't wait to get "No Easy Day."  As soon as I got off the train, I headed straight for Posman Books, the bookstore in Grand Central, and bought copy. As I was paying, I couldn't help wonder how soon free copies will proliferate through the Web. Well, I did a quick search on "'No Easy Day' torrent" and got lots of hits, which answered my question.

Being a publisher, I'm not happy about this. Publishers, authors, musicians, and ultimately all of loss from this.