Blog Blog

 
And now , the moment you’ve all been waiting for!   Yes, it is here… The blog about my blog.  What did I write about?  Where did I get my information from?  And, to whom would this whole thing be useful?  This is an interesting exercise, a fairly rare look back at something to see what was gained. 

My intention at the beginning was to find a theme and stick with it throughout the semester, to gain a deeper knowledge about one or two topics.  This isn’t what ended up happening.  In reality, what I seemed to do was browse around, and the first time I found a topic that interested me, I wrote about it.  Topics were truly all over the board – simply whatever grabbed my interest.  Some had very little personal input, while some had a little more of my philosophy.  I think the best was when I found a story by someone else, and then looked to see if outside facts supported the claims – if I had to do it over again, I would do that more often.

My approach to finding material was simple.  If I didn’t get curious about something during the week – I simply started clicking on the recommended links from the first week until something grabbed my eye.  If I read it, and was interested, that became my topic for the week.  I guess the approach was close to leafing through a newspaper and commenting to others in the area about it.  My biggest sources ended up being Infosec Island and Security Week.

I really don’t know if a security professional would get much out of my blog – perhaps some weeks, but I think a lot of it would be simply “Well, duh” stuff to a professional.  I would really recommend starting with a theme (or 2-3 related themes), sticking to them, and doing more investigating of topics.  I have to admit that, at 20 points per week, I tended to give this lower priority than I should have.  Usually, I would complete my post late on Sunday, think “This was fun, I’ll get a head start on it next week!” and then all my good intentions would go for naught.  I’d really recommend students do this for themselves – really think of a way they can create something they can be proud of, and might even want to continue after the class is done.

 

Us vs Them

Gant Redmon recently published an interesting piece on privacy issues (http://www.securityweek.com/simple-guide-privacy-outrage), a topic which seems to come up more frequently every day.  He indicates there are 4 main privacy perceived threats for most people - the US government, foreign powers, social media, and e-mail providers.  Individuals are likely to feel threatened by some or all of these sources, depending on their perception of them.  If one trusts the US government is acting purely to protect the nation, for example, they probably aren't concerned about NSA looking at their e-mails.  If they believe Facebook just wants to make sure they find out about products they want, then they probably are ok with targeted advertising.  This really comes down to Us vs Them - Whoever we consider to be 'Us' we probably don't mind if they peek into our business a little - if it is Them though, we are outraged.

Old and in the way

Reading about the Athena botnet at http://blogs.mcafee.com/mcafee-labs/athena-botnet-shows-windows-xp-still-widely-used got me thinking - if I wanted to create a general attack, I'd go after the oldest operating system I could.  Why go after the brand new machines, with the latest protections?  Why not go after an old operating system, with no internal protection?  Many of these computers might have no protection at all!