IPv6 Deployment

July 28, 2011

According to this survey from Network World, most IT departments plan on having their webservers and other externally-facing resources available via Internet Protocol v6 in the next 24 months. A majority of respondents also plan to have their internal networks running either v6 or dual-stack within the same timeframe.

Do you have a plan? If not, I’d say you’re already way behind schedule.

Battery Hack

July 27, 2011

Charlie Miller, a researcher with Accuvant Labs, has discovered an interesting new flaw in Apple’s software ecosystem. Their “Smart Battery System”, which monitors battery charging and power levels, can actually be compromised and the firmware reflashed, allowing an attacker to destroy a battery or perhaps even make it explode or catch fire.


Linux 3.0

July 22, 2011

Not strictly security related, but a huge technical news story today: version 3.0 of the Linux kernel has been released.

As a relative latecomer to Linux (I’ve only been running it on my personal machines for eight or ten years), I won’t be regaling anyone with stories of installing Slackware off of a stack of 3.08 x 1019 floppy disks or anything. But it is pretty amazing to think that, in twenty years, a grad student’s terminal emulator and toy kernel has turned into one of the most widely used operating systems on the planet.

Anonymous NATO

July 21, 2011

Anonymous is at it again, this time exfiltrating a gigabyte of protected data from NATO.

“Yes, #NATO was breached. And we have lots of restricted material,” the group tweeted on its AnonymousIRC Twitter feed, one of several it and another hacker group, AntiSec, use to release information and news about their activities.

German Incursion

July 20, 2011

According to a recent report, German federal law enforcement computer networks were compromised for nearly a year before the intrusion was noticed. The attackers, who call themselves the “No Name Crew”, used that time to gather tremendous amounts of privileged information on government and law enforcement operations.

Many companies are still using the “hard shell, chewy center” model of computer security – lock down the perimeter so that nobody can get through. As the French discovered with the Maginot Line, that’s not a valid means of defense. Any network of noticeable size has compromised machines on it; that’s just a fact of life these days. Do you have the internal controls in place to find and limit the access of these machines?

Fifth Amendment

July 18, 2011

The EFF has filed a friend of the court brief in a Colorado federal courtroom, asserting that compelling a defendant to reveal the password to her computer’s encrypted hard drive is a violation of the Fifth Amendment. This will be an interesting legal precedent; I don’t think that the British tactic of holding someone in contempt until their password is revealed has been used here in the USA.