Security News Shootout!
At the end of each month, two consultants from Matta put forward three of their favourite stories in information security and invite a guest judge to pick the best story.
There's no prizes, only fame or shame.
This month, Nick Baskett and James battled it out - with Geoff Aerstall from Tesco presiding:
 Nick
First Story:
For anyone concerned about the state of privacy, they should know TOR. However, as this news story illustrates, a fundamental lack of IT competence means that for many police forces, defending privacy is synonymous with complicity with the actions of the users of the TOR. This German man, who ran a TOR node (does that make him a TOR operator?) gets dragged out of bed in the middle of the night to face questioning, whilst they 'secure' his office to prevent anyone from tampering with the evidence... even though his TOR server runs out of a data centre 500km away!
http://itnomad.wordpress.com/2007/09/16/tor-madness-reloaded/
Second Story:
Who says you have to be clever to get in to MIT! 19 year old student arrived at Boston airport wearing a lighted circuit board, batteries and some crazy putty. It's a kind of nerdy 'work of art' that she's designed, and is keen to express. She may have expressed something else though when armed police tackled her. Apparently, it was lucky she quickly followed instructions, else the police said deadly force may have been necessary.
http://afp.google.com/article/ALeqM5i_pDxEAYSiWgBNlLs8ALAyGID7Lw
Third Story:
Retro is back in, Aviator sunglasses, flared jeans, and the Stoned virus... on Microsoft's Windows Vista! It makes sense really. Any follower of kung fu movies knows that when you fight an invincible enemy, you must go back to your roots and find an attack so old that they'd never expect it. Certainly Bullguard (a name that is unfortunately easy to pervert in to something less corporate) Anti Virus wasn't prepared - and you can forgive them for not scanning a virus 13 years old that spread through floppy disks. It does make good news though.
http://www.virusbtn.com/news/2007/09_14.xml
James
First Story:
Media Defender, one of the main antipiracy company attempting to combat
the continual rise of Internet piracy was recently compromised. Internal
emails, phone calls and source code to all their software have been made
available on the Internet, through bittorent of course! Just goes to
show how a small thing such as forwarding your email to your personal
Gmail account could wreck havoc to your entire organisation.
http://blogs.ittoolbox.com/security/dmorrill/archives/media-defender-saga-continues-19186
Second Story:
We all love technology because it makes our life easier, however it also
makes it easier for someone malicious to monitor us. Everybody knows (or
definitely should) that mobile phones are like GPS systems that can be
used to track all our movements, but recently Joshua Wright has shown
how easy it can be to listen to people's conversations if they carry
around a bluetooth-enabled headset, unless they have changed its default
settings.
http://www.youtube.com/watch?v=1c-jzYAH2gw
Third Story:
Yet another company that claims to have developed an unhackable
technology that will finally secure the Internet. If history has
anything to teach then it's a statement I wouldn't feel comfortable to
make. It may well be that is cryptographically secure for a few years to
come and extremely well implemented but ultimately people write software
and human errors will still creep up and there will be some smarter
human beings to find those errors.
http://www.telegraph.co.uk/money/main.jhtml?xml=/money/2007/09/12/cndsei212.xml
The Result!
Who better to judge this inaugural event, other than Geoff Aerstall from Group Information Security at Tesco. Geoff is a hard man to please, so let's hear what he has to say:
"It was a close call but there can be only one winner. For me it is the student arrested in the USA. Only in America!
http://afp.google.com/article/ALeqM5i_pDxEAYSiWgBNlLs8ALAyGID7Lw
All three are worthy reading. From my perspective it is better to learn from the mistakes of others rather than make the mistake yourself and tell of it later. The aim of this contest is to highlight some of the larger than life stories so that we may learn from them. We learn in many ways, amusing anecdotes are more memorable and this one sticks out.
What lessons did I learn from the articles? Don't play about in airports, know what information you're looking after and do not expect that the antivirus on your systems will protect you even when you think it should."
--Geoff Aerstall
|
