Archive
Speaking at the “Security: The New Business Imperative” Event
For those in the area, I will be speaking next week (on the 23rd Feb) at the Security: The New Business Imperative event at the Westin Diplomat Golf Resort & Spar, Hallandale Beach FL.
The topic will be a review of current regulations, and practical steps you can take not to fall foul of them.
You can reserve a seat by contacting Tricia_Brown@mcafee.com, or (678) 653 9606
Eugene School leaks “potential” 26,000 records, Could be none?…
This week, datalossdb.org reported the first major suspected PII breach of the year, reported by George Russel, Superintendant of the Eugene School District of Oregon. You can find the full story on the KVAL news site.
Apparently some suspicious activity was noticed on one of their internal servers, which was subsequently shut down and isolated before being analyzed. The server in question had PII related to around 2,500 individuals, but was connected to other servers containing records of 13,000 former employees of the school district, and around 13,000 vendors. Total possible exploit of around 26,000 records.
Read more…
“Cheap” Secure USB Sticks, you get what you pay for?
Recently a whole slew of news sites announced a newly discovered vulnerability (care of the German Security firm SySS) on a range of “supposedly” secure consumer USB sticks.
These models from SanDisk, Kingston and Verbatim were apparently easy to defeat and retrieve the data from without knowing the users password or having any prior knowledge or touch on the stick.
The exploit was simple – it seems the software tool shipped with the sticks validates the password, not the stick itself, and the sticks use a fixed authentication key. Yes, ALL sticks use the same auth key. By simply sending this known ack key to the stick, you can unlock it, or any other stick.
Interestingly, some of these insecure devices had been through FIPS 140-2 Level 2 security certification, so should really have been immune to this kind of attack.
“Are Youse guys responsible for bleeding Anti Virus 2010?”
For those who know me, know I am a great lover of Google Voice – if you don’t know the service I advise you check it out, it has amazing features like call announcement and voice mail transcription. I use it to keep the marketeers away.
But tonight, I got a very interesting call from a nice guy called Andy from Queens, NYC, who in a traditional movie star accent which I can’t do justice to asked me “Are youse guys responsible for Anti Virus 2010?” Read more…
McAfee launches new Community Portal…
This week on the 4th November McAfee will go live with the new community forum (http://community.mcafee.com) . Designed to give customers a voice to discuss McAfee products, and to interact with each other and informal advisers within McAfee, the forum has grown to be quite dynamic over time. So much so that it was recently moved onto the excellent Jive platform, giving a lot more capacity and a greater feature set. The community does not replace the official support processes, but it’s a great way to discuss ideas and problems with your peers.
I’m the moderator for the Data Protection communities at the moment, so, if it’s of interest to you I’d love to see you on there – sign up is free for all. Launch date is the 4th November.
Speaking at Focus 2009, Vegas on October 7th.
On October 7th I’ll be chairing a “Birds Of A Feather” session on the use of McAfee encryption products at our 2nd Annual user conference – Focus 2009. This session will be a chance to put me on the “Hot Seat”, and a chance to ask probing questions about McAfee’s current, and future product strategy.
I’ve done a few of these in the past, some have been very constructive, and have led to wide ranging product changes based on customer experiences we just didnt consider, some have been mud-slinging sessions though. I hope we’ll have the former, though I’m quite happy to sit through both.
For those coming to Focus who read this Blog, please feel free to find me and introduce yourselves – I’ll be at the conference answering questions and helping out throughout.
You can contact me via Twitter (CTOGoneWild) – I’ll be monitoring the #focus09 feed throughout the duration, or you can post a comment here.
I’m especially interested in knowing what kind of things you’d like to see discussed during this session, so if you have a question about our products or design strategy, tweet me (or comment) so we can properly answer them on the day.
Speaking at GTC East: The New York Digital Government Summit
For those in the Federal space, I’ll be presenting practical data protection measures at GTC New York next week on the 23rd, in Albany. You can find out more about the GTC Conference from their web site, but it promises to be a packed day, with great speakers like Gene Kranz (Former Director, Mission Operations, NASA), Mark Allen (6-Time World Champion, Ironman Triathlon), and of course yours truly.
The conference also has a training track where you can swot up on the latest technologies and methodologies in topics as diverse as applying for grants, Rapid Application Development, and Project Managment to name only three.
Privacy By Design, Madrid 2009
Privacy By Design
For those interested in the “big picture” of privacy and technology, I’ll be at the PbD conference in Madrid this year, 2nd November, talking about privacy enabling technologies such as data protection, identity protection etc. You can get details about the conference from the PbD website, which is being run just ahead of this years 31st International Conference of Data Protection and Privacy.
Privacy by Design is a concept promoted by Ann Cavoukian, Ph.D, Information & Privacy Commissioner Ontario, Canada which aims to promote the idea of systems and processes built with privacy in mind, rather than retrofitted afterwards. I encourage all readers to browse her site which is quite informative, and gives you perhaps a “bigger picture” view than IT alone.
Is Encryption enough? Why just encrypting data doesn’t solve today’s information security concerns.
“But if it’s encrypted, why do I need to login?” the customer across the desk asks me with incredulity.
I realise that I’m about to get into a discussion which boarders on theological and raises passion in both security and business leaders alike. A discussion that I’ve had many times over the last two years, and will have many more times in the near future.
“Because, without authentication, there’s no point to encryption”. I reply, knowing full well that this isn’t an answer that’s wanted, or understood.
With a stifled sigh I start to explain.. Read more…
Bitmask searches in LDAP, or How to exclude disabled users..
Following on from my post on Bindings and connector settings, I thought I’d expand on how to use bit-mask searches in the connector Object filter.
Bit-masks are not complex for those who know Boolean arithmetic, and there are a million resources on the web to teach you that, but how to use them in an Active Directory search is obtuse to say the least.
To do a boolean “AND” search, you use the tag “1.2.840.113556.1.4.803”, to do “OR” the tag is “1.2.840.113556.1.4.804”.
Easy eh? I guess I should give you a practical example. Read more…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments