I stumbled across the Yubico website when doing some research today, and they have a rather interesting product called the YubiKey.
Bascially this key creates a One Time Password at the touch of a button. I dont really know a great deal more than they have on their website, but I am hopefully going to get my hands on to see how it works with the applications I have.
For now check out the Yubico Website.
We all know the Linux guru’s (certainly not me) can do everything from the comman line, well some funky powerful stuff is also possible from the Windows command line.
I had heard mention of this before, but I recently heard of this again on PaulDotCom that a new blog has been setup, so I thought I would share that with you all, for your pleasure.
This blog will include fun, useful, interesting, security related, non-security related, tips, and tricks associated with the command line. It will include OS X, Linux, and even Windows!
I read in the news recently about the UK Government are looking, or at least being encouraged to look at it seriously. This is all about value for money, and comparing it to Windows.
I think this is a seriously good approach, as it could save the government, and that hopefully means Joe Public a small fortune. There will also be the issues around support, and patching and general security of these systems. It is positve news though that government organisations may be moving into the 21st century and looking into alternative methods for computing.
Heres the story on the BBC Website.
As I mentioned in a previous post, an Adobe Zero Day Vulnerability wont be resolved until sometime early March.
Sourcefire has decided to be proactive, and have released a “homebrew” patch against the vulnerability.
The fix replaces a vulnerable DLL library file and weighs in at 10MB, even with compression. In addition it only works for Adobe Reader version 9.
The EU have made it clear, that Microsoft need to give users the choice as to what browsers they have installed.
This is all well and good, but users dont really know about all the other various options, and how to patch them and keep them up to date.
Personally I dont see the issue here, ok so all users have IE as standard, so we can argue that Microsoft has the browser monopoly, but who really cares. It doesnt stop people installing other browsers and having them as their default.
If only we could focus as much efforts on more worth while causes.
A recent survey shows that around 59% of staff that are made redundant or left their job have admitted to swiping confidential company data.
A web-based survey of 1,000 workers who lost or walked out of their jobs in 2008 by the Ponemon Institute and Symantec found the most commonly purloined records taken included email lists, employee records, and customer information (such as contact lists).
Of those who admitted to taking company data, three in five (61 per cent) admitted they harboured a grudge of one sort or another against their former employer.
Half of those who swiped data (53 per cent) burnt the information onto a CD or DVD, 42 per cent used a USB drive and 38 per cent emailed information to a personal email account.One in four (24 per cent) had access to their employer’s computer systems after they upped sticks and changed jobs.
This really shouldnt be a surprise to anyone, but its obvious that organisations still dont see the real risk of not controlling the use of removable storage media. This doesnt mean moving to the mandated use of encrypted devices, which is obviously a good move for authenticate data storage and loss provention, but companies really need to implement policies and technical solutions to log, monitor and control the use of devices and the flow of data.