Fred Avolio's Weblog Index

Happy Anniversary Firewall ToolKit!
The TIS FWTK was delivered via FTP to DARPA 15 years ago today...
[/security] permanent link

Data Classification
I provided some input into an article by writer Mathew Schwartz, who quotes me in the article Classify This...
[/security] permanent link

It's not just who you are, it's who your friends are
I've saved this clipping in my "BlogMe" mailbox since February...
[/security] permanent link

Conventional Wisdom vs. Wisdom
In February, Dark Reading published, The Myth of Conventional Wisdom...
[/security] permanent link

The More Things Change...
I was interviewd for Access Control and Security Systems Magazine...
[/security] permanent link

New Firewall Technology? Maybe.
I read Startup Launches New Firewall Line posted by Andrew Conry-Murray...
[/security] permanent link

Router Rooter
I've praised the Radio Free Security, Watchguard's security podcast, before...
[/security] permanent link

Internet Safety
Recently, I responded to a posting on Apple's discussion list asking if she needed to get 3rd Party Security Software...
[/security] permanent link

Revisited: From Zero to Expert in Your "Spare Time"
In June of 2001, I wrote a column for WatchGuard Technologies called From Zero to Expert in Your "Spare Time", a "Foundations" piece...
[/security] permanent link

Potentially Expensive Laptop Loss
For the one who lost it, that is...
[/security] permanent link

Who's Your Daddy?
Yesterday, I spoke with Kelly Jackson Higgins, Senior Editor at Dark Reading...
[/security] permanent link

"Many Retailers Open to Wireless Attacks"
Shocking, but true...
[/security] permanent link

Internet security moves towards good, old idea of default deny
We do keep going back to the same old (and) good ideas...
[/security] permanent link

You Still Can't Trust the Internet
I mean for accuracy, not for connectivity...
[/security] permanent link

False Sense of Security
Some colleagues and I at APL were talking about the very old subject of the uselessness or dangers of a false sense of security...
[/security] permanent link

Lather, Rinse, Repeat
Just after keyboarding a blog entry today, Why Proper Security is Not a Reality, I read a post in my friend Dave Piscitello's blog, which points to his article, Sad and Deplorable State of Internet Security, Revisited...
[/security] permanent link

Why Proper Security is Not a Reality
Now, here is an interesting point...
[/security] permanent link

Click here to install virus
The Fox news article, Hundreds of PC Users Click On 'Click Here to Get Infected' Ad brought back fond memories...
[/security] permanent link

Radio Free Security
Driving into the lab this morning, I listened to an installment of Radio Free Security, from WatchGuard Technologies...
[/security] permanent link

Information Assurance
I work in the information assurance area at Johns Hopkins University Applied Physics Lab...
[/security] permanent link

Another Security Expert Heard From
"I think we're all Bozos on this bus...
[/security] permanent link

Shocking News! You can print fake boarding passes on your printer!
I am being sarcastic, you know...
[/security] permanent link

Top SIX Reasons Why I Hate Network- and Computer-Security [UPDATED]
In Stating the Obvious, I said that "Information Security … experts are constantly stating the obvious," and that "This will be one of 'Top Ten Reasons Why I Hate Computer and Network Security,' which I will blog next week...
[/security] permanent link

Experts
This is the third of the Top Six Reasons Why I Hate Network- and Computer-Security I spelled it out with examples in Another Security Expert Heard From, and in it I point to some on-line examples and to some earlier blog entries...
[/security] permanent link

Disposal of Data Disks
Recently, I've used Active@KillDisk to remove data from some old hard drives from obsolete computers before taking them to the dump...
[/security] permanent link

The same old stuff
This is the second of the Top Five Reasons Why I Hate Network- and Computer-Security...
[/security] permanent link

Top Ten Security Threats
Background: This is from a 3 or more year old course I gave in support of what I say in The same old stuff further in support of Top Five Reasons Why I Hate Network- and Computer-Security...
[/security] permanent link

Top Ten Security Admin Errors
Background: This is from a 3 or more year old course I gave in support of what I say in The same old stuff further in support of Top Five Reasons Why I Hate Network- and Computer-Security...
[/security] permanent link

More on Stolen Notebook* PCs
Just a short one on this, as this problem has become commonplace...
[/security] permanent link

E-Cards
You've gotten them, right...
[/security] permanent link

In Information Security, Experts are Constantly Stating the Obvious
This will be one of "Top Ten Reasons Why I Hate Computer and Network Security," which I will blog next week...
[/security] permanent link

"Macs Safer," says Sophos
"It seems likely that Macs will continue to be the safer place for computer users for some time to come...
[/security] permanent link

Laptops and PII Losses (UPDATED)
This has been a bad summer, so far, for laptop loss...
[/security] permanent link

USB Attacks
This is an interesting, if obvious, attack...
[/security] permanent link

Extraordinary Crimes, Extraordinary Means? Back-ups again.
"Woman targeted by web hackers," is the headline of this BBC News article...
[/security] permanent link

Compuwar Security Fora
My friend, Paul Robertson, has just started a brand spanking new security discussion web board...
[/security] permanent link

Certify This!
Larry Kettlewell, CISP for Kansas State Government's Department of Administration has a terrific "perspectives" piece in the August 2005 Information Security, with the title "Paper Pushers" I've written on the subject in Security Redux, pointed to someone else's comments in Certifications, Again, touch on it briefly in Paranoia: How Much is Too Much...
[/security] permanent link

Marcus Ranum's 'The Six Dumbest Ideas in Computer Security'
Long-time friend and colleague Marcus Ranum has written an editorial worth checking out (that's redundant)...
[/security] permanent link

Wells Falgo, Forgo, Whatever
I received a warning about my Wells Fargo account the other day...
[/security] permanent link

Data Breaches
My RSS server pointed me to this securitypipeline article, entitled, "Hackers Break Into Two Universities, 100,000 Identities At Risk...
[/security] permanent link

Vulnerability Analysis Tools, Again?
A securitypipline article caught my eye today...
[/security] permanent link

Security of Backup Data
A former collegue at Trusted Information Systems, Tommy Ward, writes, "If your company is like many others, you have put a lot of effort into securing your information systems...
[/security] permanent link

News Flash: Security is an Architecture
Another "ground-breaking column" in Network Magazine, (do we still say "in" when it is "on" the web page...
[/security] permanent link

Massive Credit Card Exposure (updated)
If you read any Internet-technology-based news, you know that a recent security breach may have exposed 40 million credit card numbers...
[/security] permanent link

Audit Those PCs
Are file-sharing programs a security matter...
[/security] permanent link

Suggestions from my Credit Card Company
I (almost) never read the extra pages included in my credit card bill...
[/security] permanent link

Marcus Ranum Interview
Colleague and friend target="_blank">Marcus J...
[/security] permanent link

A Short Review of PDA Defense
At a recent Institute for Applied Network Security Forum, I handed my PDA to my friend and colleague, Robin Roberts of Cisco, to show her some family photos...
[/security] permanent link

Cryptography and Criminal Intent
slashdot points to this Computerworld story that says, "A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent...
[/security] permanent link

Five Reasons I Hate Computer and Network Security
I just checked my Vitae -- I've been doing this (computer and network security) full-time since 1992, and part-time for a few years before that...
[/security] permanent link

The Same Old Drum Beat
A few week's ago at Interop, Marcus Ranum penned (okay, he 'keyed...
[/security] permanent link

Phishing -- Just say "no"
This is just a friendly reminder...
[/security] permanent link

Security Limerick
As I mentioned here, "it is traditional, at the faculty-hosted 'Gala Dinner' of the Institute for Applied Network Security Forum, for the faculty to be the entertainment...
[/security] permanent link

Stolen Laptops Again
Why won't we learn...
[/security] permanent link

Security and Relationship
At the faculty-led round-table discussion at the recent Mid-Atlantic Network Security Forum, my discussion topic was "Keeping your sanity while positively influencing your enterprise security posture" (or maybe it was a bit less wordy)...
[/security] permanent link

A Security Haiku
The background: it is traditional, at the faculty-hosted "Gala Dinner" of the Institute for Applied Network Security Forum, for the faculty to be the entertainment...
[/security] permanent link

What would your grade be?
InfoWorld reports "U...
[/security] permanent link

A Really Ugly Side of the Internet
Today in my RSS newsfeeds were a few items that got my stomach churning and my blood boiling...
[/security] permanent link

Seven Things to Help Keep Sanity and Equilibrium
In reading the Firewall-Wizards thread under the subject VPNmadness gets more support, I thought of a paper I wrote almost 5 years ago, entitled The Rise and Fall of Internet Security...
[/security] permanent link

Eudora and Firefox Exploits
Vulnerabilities were announced in two of my favorite computer tools on the same day...
[/security] permanent link

The Myth of Homeland Security by Marcus Ranum
I reviewed this book in a much much earlier blog entry...
[/security] permanent link

Security Awareness Education is Not Enough
In August 2004 I talked about the effectiveness of security awareness education (in Report Suspicious Activity)...
[/security] permanent link

Lost Laptops
No, this is not a discussion about obesity (yuk, yuk)...
[/security] permanent link

More on Hotspot (In)Security
In a recent short blog entry, I pointed you to Wayne Rash's column and added a few suggestions of my own...
[/security] permanent link

Safety at Hotspots
Wireless hotspots are ...
[/security] permanent link

What Every Home PC User Needs (UPDATED--see below)
Last year, when I was still writing the monthly NetSec Letter I wrote promoted Personal Firewall Day, an idea of friend and security colleague Paul Robertson...
[/security] permanent link

Malware -- the threat is real (Updated)
A friend was spending part of his day last week cleaning up malware (adware, spyware) from a home computers, including his business computer in his home office...
[/security] permanent link

Spyware/Adware Removal Disables XP Pro
When my daughter came him from college for Christmas break, she brought her Windows XP Professional computer with her...
[/security] permanent link

History Lost
I've lamented the loss of historical memory a few places this year...
[/security] permanent link

Scarey Security Stories
A few years ago on the firewalls mailing list, someone disclosed management's lack of security clue in the following plea (dated Mon, 20 Nov 2000 06:22:10 -0600): Is there anybody out there that can help me get some configurations right on our new Gauntlet firewall...
[/security] permanent link

Spyware/Adware Removal Disables Windows98 Machine
I am writing this brief "incident report" because when I was trying to find information about this problem, searching on the Internet turned up nothing useful...
[/security] permanent link

IT Security for the Non-technical Manager: A Book Review
Friend and colleague Jim Litchko has self-published a book aimed at educating executives and managers in the basics of IT security...
[/security] permanent link

Low-tech, High-quality Biometrics
Infoworld reports "EU moves closer to biometric passports...
[/security] permanent link

Tightening XP Security
I taught at NASA Ames recently...
[/security] permanent link

Producing Your Network Security Policy
My editor at WatchGuard Technologies, Scott Pinzon, said in part, "Producing Your Corporate Security Policy" has drawn a phenomenal response...
[/security] permanent link

Trip Report: Information Security Decisions October 6-8, 2004
I attended and spoke at the Information Security Decisions conference in Chicago...
[/security] permanent link

Lax Security Will Catch Up With You
Sometimes we can get away with lax computer security for a time...
[/security] permanent link

New Columns Posted
I have written for LURHQ Corporations's On the Radar newsletter...
[/security] permanent link

Router and DMZ Best Practices
An Institute for Applied Network Security member recently e-mailed and asked me: What are the best practices for securing your Internet router and also securing your servers on a DMZ...
[/security] permanent link

Another reason to think twice about MS Windows
I'm thinking the folks in Redmond just never want to see the words "Microsoft server crash" and "causes 800-plane pile-up" in the same sentence...
[/security] permanent link

Appreciating the Importance of History in Network Security
The Institute for Applied Network Security posted a column I wrote...
[/security] permanent link

Arrrrrg.
"Firewall vendors such as Check Point Software Technologies and Juniper Netscreen are touting new application-layer filtering capabilities, and these are important advances...
[/security] permanent link

Report Suspicious Activity
Any of us who drive the Interstate Highway System in the US have probably seen centrally-controlled highway information signs...
[/security] permanent link

More Same Old Stuff
Ira Winkler, in a searchSecurity column, says more of the same old stuff...
[/security] permanent link

No place is too far removed
Slashdot reports that the South Pole Research Station Hacked Twice...
[/security] permanent link

Kennedy Can't Fly
One of the most recognizable US Senators -- perhaps recognizable throughout much of the world, Senator Edward Kennedy, had trouble boarding his flight from DC to Boston, and then when he tried to return...
[/security] permanent link

Homeland Security Certification
Business has been a little slow, so the mailer caught my eye...
[/security] permanent link

Same Old Simple Things Addendum
Marcus Ranum has written up the discussion I mentioned the other day...
[/security] permanent link

Same Old Simple Things
I was re-reading one of Marcus Ranum's posts to the firewall wizards mailing list...
[/security] permanent link

Microsoft defaced
Okay, that's not new nor surprising...
[/security] permanent link

Paranoia: How Much is Too Much?
We in computer and network security, and those who claim to be, find ourselves talking about paranoia...
[/security] permanent link

Useless Warnings
Some large corporate network has been targeted for attack by "the hacking community...
[/security] permanent link

This about sums it up
This was on an ISP's newsgroup...
[/security] permanent link

Terror Attack Using Livestock?
The Fox News Network headline said, "US Prepares for Possible Terror Attack Using Livestock...
[/security] permanent link

Your job as a security manager
Andy Briney's Information Security March 2004 column echos things I tell students in my classes...
[/security] permanent link

Is Security a Black Art?
In his logoff column in Information Security magazine, Andy Briney opines that "As long as it remains a black art, security will be the enterprise's black eye...
[/security] permanent link

Cyberwar
"Of course you know, this means war...
[/security] permanent link

National Cyber Security Day
So, how did you observe National Cyber Security Day...
[/security] permanent link

Security Across the Software Development Life Cycle
The National Cyber Security Partnership Task Force today issued a report on applying security across the software development lifecycle...
[/security] permanent link

Rethinking Network Security
Lisa Phipher, vice president of Core Competence, Inc...
[/security] permanent link

Certifications, Again
Recently, among other topics I talked briefly about certifications...
[/security] permanent link

Microsoft adding security applications
Remember when you needed a 3rd-party disk-defragmenter for ...
[/security] permanent link

Security Redux
Something is going on in the network security world...
[/security] permanent link

Significant Security Answers
There are some general answers that are verys significant if asked in a security context...
[/security] permanent link

Secure Security Products?
Quick -- What was the first commercial firewall product with an announced serious (as in, one could "get root") security vulnerability...
[/security] permanent link

Secure Coding? Of Course.
Andy Briney, in his February Information Security Magazine column, called "Secure Coding...
[/security] permanent link

Getting Rid of the Last Click for Secure E-mail
It is well past the "live" date, but through the magic of electronic media and the Internet, you can catch Jon Callas' webcast on "The Dawn of Pervasive Encryption" at PGP...
[/security] permanent link

Save your sanity -- Backup that PC!
As computer disks have gotten larger, we, their users, store more and more data on them...
[/security] permanent link

Worse than the Real World
My good friend and some-time colleague, Kevin Shivers works in information security on the front lines...
[/security] permanent link

The Dilution of Truth on the Internet
"Not only is all human knowledge on USENET, it's typed in every two weeks...
[/security] permanent link

The Institute for Applied Network Security
I spent an interesting and unique 2 days this week with some fascinating people in the computer security field...
[/security] permanent link

What do we think firewalls do? (Fred Rants)
Do firewalls just filter on IP packet header information...
[/security] permanent link

Gates Promises ...
As I sat in the United 757 at O'Hare, waiting for the consumation of our delayed take-off, I glanced across the aisle and read the headline in a fellow passsenger's Chicago Sun-Times: "Gates Promises More Windows Security...
[/security] permanent link

Scary words
I just got this week's issue of "Web Informant" (http://strom...
[/security] permanent link

Book Review: The Myth of Homeland Security by Marcus Ranum
This is a review I posted to Amazon...
[/security] permanent link

All in 1 Security Devices
Recently, Internet Security Systems, Inc...
[/security] permanent link

Verisign stops name redirection
A quick follow-up to the original mention, ICANN gave Verisign until Saturday at 6PM PDT to take down their "SiteFinder" "service...
[/security] permanent link

Risks Reads
In the "Arts & Society" section of Sunday's Baltimore Sun (28Sep2003), Larry Williams reviewed the book Risk: A Practical Guide for Deciding What's Really Safe and What's Really Dangerous in the World Around You by David Ropeik and George Gray (ISBN: 0618143726)...
[/security] permanent link

Safety vs. Security
Comments on 15Sep03 "CRYPTO-GRAM" I always enjoy getting Bruce Schneier's "CRYPTO-GRAM...
[/security] permanent link

Domain Redirect Fuss
It's been in the news...
[/security] permanent link

Security is difficult to get right.
"University researchers delivered a serious blow to the current crop of electronic voting systems in an analysis of one such system's source code in which they concluded that a voter could cast unlimited ballots without detection...
[/security] permanent link