-jsq
Cringely compares (some U.S.) broadband technologies:
How much Internet bandwidth is enough? For most consumers the answer is that no amount of bandwidth is enough. We always want more. For carriers the answer is that just enough bandwidth is enough, because providing more than the minimum hurts profits. But the best rule of thumb says that the right amount of bandwidth varies with the kind of network you are using and what you are doing with it. All Internet technologies are not created equal, it seems, and the wireless varieties — specifically 3G and WiMax — are at a real disadvantage when it comes to bang for the bit.
Bound and Gagged: WiMax Isn’t What It Seems, But Then Nothing Else Is, Either. By Robert X. Cringely, I, Cringely, PBS, July 6, 2006
He remarks that Intel is investing $600 million in Craig McCaw’s Clearwire Corporation, which does WiMax, because Intel wants to push Intel chips. And that WiMax can get up to 70 megabits per second, which is much faster than most current U.S. broadband technologies.
Continue readingI don’t usually post about specific politicians, but I did find Senator Ted Stevens’ explanation of the Internet rather remarkable:
It’s a series of tubes.
And if you don’t understand those tubes can be filled and if they are filled, when you put your message in, it gets in line and its going to be delayed by anyone that puts into that tube enormous amounts of material, enormous amounts of material.
Now we have a separate Department of Defense internet now, did you know that?
Do you know why?
Because they have to have theirs delivered immediately. They can’t afford getting delayed by other people.
Your Own Personal Internet by Ryan Singel and Kevin Poulsen 26B Stroke 6, Thursday, 29 June 2006
This is the same senator who got Congress to approve a $223 million bridge to nowhere, that both the Sierra Club and the Heritage Foundation opposed; the latter referred to it as a National Embarrassment.
I guess he’s changed his expertise from bridge architecture to Internet pipe design. Anyway, this is why he says he voted against net neutrality.
Maybe it would be good risk management to elect some Congress members who have a clue about the Internet.
-jsq
John Quarterman’s book Risk Management Solutions for Sarbanes-Oxley Section 404 IT Compliance is unique, as far as I know, as a very timely analysis on technical issues and their impact on risk management. The combined forces of technology, increased integration, business reliance on networks and systems, and the market/legal/regulatory forces set the context for this book.Gunnar mentions much of the content, and a useful context point: Continue readingAll About Early 21st Century Risk Gunnar Peterson, 1 Raindrop, 22 June 2006
Strider HoneyMonkey is a Microsoft Research project to detect and analyze Web sites hosting malicious code. The intent is to help stop attacks that use Web servers to exploit unpatched browser vulnerabilities and install malware on the PCs of unsuspecting users. Such attacks have become one of the most vexing issues confronting Internet security experts. Strider HoneyMonkey is a project of the Cybersecurity and Systems Management group in Microsoft Research.Instead of waiting around for attacks to happen, this project emulates average users in web browsing, and catches spyware and attacks that occur as a result. Sort of a proactive honeypot. Clever.Strider HoneyMonkey Exploit Detection, Microsoft Research
This goes beyond traditional Internet security, which normally builds forts and waits for the enemy to attack. This project sends out multiple scouts to entice the enemy to attack ambushes. This is real intelligence, and moves into risk management.
-jsq
PS: Thanks, Chez, for the pointer.
Individuals and most companies simply do not have the time, money, skill and resources required to effectively manage all of today’s risks and threats.And commentary on it in a blog:Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security. A long-overdue wake up call for the information security community. by Noam Eppel Vivica Information Security Inc.
He points out the various types of malware, then proceeds to work on the SANS Institute (http://isc.sans.org), Symantec and panda virusometer as tools that are always reassuring because they rarely if ever go above green, seemingly meaning that the very tools we use to monitor the internet threat condition have adopted a process of procedurally incurred chaos as normal. That the threat levels of all the botnets, click bots, phishing scams have been normalized in our security communities.I’d go even beyond this. Continue readingSecurity Absurdity – Is information security “Broken”., by Dan Morrill, 16 May 2006, ITtoolbox Blogs > Managing Intellectual Property & IT Security Comments (0) | Trackbacks (0)
I agree with much of this blog post:
More specifically, Verizon’s chief congressional lobbyist Peter Davidson was reported to have warned that the financial services industry "better not start moaning in the future about a lack of sophisticated data links they need" if Net neutrality laws were passed. In such a case, the communications industry may not invest in new networks.
Davidson’s got it half-right. Service providers should be able to charge more for better connections. It’s the only way you and I are ever going to see VoIP connections that work well all the time.
Verizon’s Half-Truths About Net Neutrality by Dave Greenfield, networkingpipeline, May 09, 2006
As I’ve said before, I have no objection to an HOV lane, where certain classes of service would get faster access; we already have those; users and servers can buy various speeds of access, and companies such as Akamai make a business out of picking the fastest routes.
But the telcos need to provide a further guarantee, so we don’t end up back in the days of trading guns for modems.
Continue readingSo we came up with Value Protection,” Larson says. “You spend time and capital on security so that you don’t allow the erosion of existing growth or prevent new growth from taking root. The number-one challenge for us is not the ability to deploy the next, greatest technology. That’s there. What we need to do now is quantify the value to the business of deploying those technologies.”That seems like a pretty good elevator pitch to sceptical executives.Value Made Visible How American Water’s Bruce Larson uses a simple metric to build bridges with business partners and justify security spending at the same time, By Scott Berinato CSOonline.com, April 2006
Personally, I always thought security was about protection; what else would it be? (Well, several things else, but I’ll come to that.) Continue reading
According to the chief systems engineer of the US National Security Agency/Central Security Service, the task of protecting the country’s vital telecommunications and computer systems information is becoming more difficult. “We not keeping pace, we’re moving backwards. We’re taking a step back. Technology is outpacing what we can provide from an information assurance perspective,” he added.
Much of it is attributable to the fact that information management and sharing has been underemphasized or usually forgotten with the result that a lot of networks contain vast amount of duplicated data or even superfluous dataSo not only are we not cooperating enough to catch miscreants, we’re also leaving duplicate information lying about that makes it easy for them to caper, and this problem extends to the intelligence agencies.Network security lacking – Experts Opine, Steve Hagen, Network Security Journal, 2 May 2006
-jsq
The digital underground is a meritocracy; hackers rate themselves on their technical prowess and their capers’ success. This means they must be open with information about their tools, targets and methodologies. In contrast, security professionals usually only share what most everyone already knows, not their actual experiences. But, keeping mum means missing out on useful intelligence and potential help.The bad guys have to use an open source method to do what they do, while the white hats too often don’t cooperate enough to combat the black hats’ leverage. Black hats brag about their exploits while white hats often don’t reveal anything happened even when they’re successful at repelling an attack. While hiding inside a fortified perimeter may make some sense for problems that actually take effect inside the firewall, it makes no sense for perils outside the firewall, such as slowdowns, disconnects, congestion due to somebody else’s securitiy failure, etc. For that, we need collective action.Peer-to-Peer by: Erik Sherman, Information Security, Issue: Jan 2005, Two Seattle CISOs, Kirk Bailey and Ernie Hayden, are pioneering a new level of trust and cooperation to secure their enterprises.
-jsq
PS: The article could use some updating of its terminology. Real hackers wouldn’t be caught dead in the current criminal black hat culture.