Liberty Systems & Software

Within two days of its creation, my wiki guide to hardening ProCurve switches for Internet use is the first non-HP result on the Google results for "procurve hardening".  One wonders how good an idea it is, since no one else must have done it before...  To me, it just proves what a stranglehold Cisco has on the networking market.

Project Honeypot just published a report of their experience in processing 1 billion spam messages.  Highlights for the impatient:

• For the past 5 years, spam "bots have grown at a compound annual growth rate of more than 378%. In other words, the number of bots has nearly quadrupled ever year."
• The top 5 countries which host bots are: China (11.4%), Brazil (9.2%), United States (7.5%), Turkey (6.3%), and Germany (6.0%).
  ...

For a long time, i've told my clients and friends that the best way to make a password is to write a short sentence or phrase. A recent study linked from Slashdot IT reinforces this....

Richard Bliss recently blogged at Novell and on his personal blog with some great advice: don't click on e-cards from your friends, and think about asking them not to send them at all, since the risks of clicking on e-cards vastly outweigh the benefits....

cnet has a really interesting article about a clever trojan horse application which steals money from online banking accounts while the user is logged into them, and displays false balance details to the user so they don't know what's going on. Currently it only affects Windows users. Check your balances regularly from multiple different platforms (including your bank's ATMs).

Network world and SANS are reporting a new attack on wireless encryption, specifically, WPA with TKIP. The attack takes 60 seconds, and renders this combination almost as useless as WEP has been for some time. It's time to check your security settings, and if necessary, upgrade or replace your wireless routers.

ABC's Four Corners has an interesting episode about cybercrime and how it can affect ordinary people. Check it out on iView: http://www.abc.net.au/iview/#/view/419222. (The program's victims were a little unsympathetic in my opinion, but they remain good examples of people who have been victimised by cybercriminals.)

...

This presentation, recently linked on Bruce Schneier's blog is so profound it needs plugging at every opportunity:

From Roger Johnston, funny -- and all too true -- stuff. [Bruce Schneier's Crypto-gram]

CSO Online has a really interesting article about generational differences from the perspective of IT security. While i'm sure it's not highly accurate from a sociological perspective and is probably guilty of overgeneralising, it still offers some food for thought that might be applicable to more areas than IT security. (As is usual with CSO Online, to get a readable version, use the printer-friendly option.)

The latest Ouch! newsletter from SANS has some great advice for end-users about password selection. If only every computer user read this newsletter regularly, the world would be a much safer place in which to compute!Some other useful related resources:
...