Mwa Ha Ha! Crack your 10 char password for under $3,000
A recent article from David Campbell also published on The Register reminded us that there’s a lot of computing power available for rent at the moment. Using a pretty standard brute force password cracker as a benchmark, and Amazon’s EC2 computing platform cost of $.30 per hour, he came up with some surprising, but perhaps unexpectedly low figures for how much money it takes to crack various strength passwords. Read more…
McAfee launches new Community Portal…
This week on the 4th November McAfee will go live with the new community forum (http://community.mcafee.com) . Designed to give customers a voice to discuss McAfee products, and to interact with each other and informal advisers within McAfee, the forum has grown to be quite dynamic over time. So much so that it was recently moved onto the excellent Jive platform, giving a lot more capacity and a greater feature set. The community does not replace the official support processes, but it’s a great way to discuss ideas and problems with your peers.
I’m the moderator for the Data Protection communities at the moment, so, if it’s of interest to you I’d love to see you on there – sign up is free for all. Launch date is the 4th November.
ChoicePoint fined an additional $275,000 for failures to have an effective security policy…
Following on from my story on repeat data loss offenders, tho week ChoicePoint has been fined $275,000 by the FTC for failures to have an adequate data security program in place. ChoicePoint lost the PII of 160,000 U.S residents in 2004 (which they were fined $15 million for), and another 13,750 in 2008 according to Grant Gross of IDG News Service.
Interestingly, this later breach could have been mitigated by a “key” electronic security tool they had in place to monitor the database, unfortunate for them though, it had been turned off. Read more…
Hacking Exposed – Son of Scoop.pl
After attending this mornings Hacking Exposed session at McAfee Focus 09, I was inspired to recreate Stuart McClure’s “Scoop.pl” script. I don’t have Python or Pearl installed on my machines, but I do have VBScript, and I do have Primalscript, so it seemed a simple thing to create this useful tool which helps you get the lowdown on what sites are present on a given URL. Read more…
Repeat Data Loss Offenders…
I was doing some data mining this week on the excellent DataLossDB.com site and it occurred to me to dig a little deeper into where the risky places to give your PII/PHI to are. I was hoping to find that some segments are cleaning up their act, but it seems not. The fact we’re seeing multiple entries by people could have two possible meanings: Read more…
Updates to the Map of Crypto Law.
Google Map of International Crypto Law
There have been a few updates to the famous map of crypto laws lately, for those new to the map, or who have forgotten it I’ve linked the picture above to it.
Fell free to mail me with corrections and additions.
H.R 2221 – The Federal Data Accountability and Trust Act
This week I’ve been working my way through H.R 2221 – the “Data Accountability and Trust Act” . This proposed legislation is making its way through the Committee on Energy and Commerce at the moment, and if passed, will rationalize data protection legislation across the USA at a federal level. Read more…
Speaking at Focus 2009, Vegas on October 7th.
On October 7th I’ll be chairing a “Birds Of A Feather” session on the use of McAfee encryption products at our 2nd Annual user conference – Focus 2009. This session will be a chance to put me on the “Hot Seat”, and a chance to ask probing questions about McAfee’s current, and future product strategy.
I’ve done a few of these in the past, some have been very constructive, and have led to wide ranging product changes based on customer experiences we just didnt consider, some have been mud-slinging sessions though. I hope we’ll have the former, though I’m quite happy to sit through both.
For those coming to Focus who read this Blog, please feel free to find me and introduce yourselves – I’ll be at the conference answering questions and helping out throughout.
You can contact me via Twitter (CTOGoneWild) – I’ll be monitoring the #focus09 feed throughout the duration, or you can post a comment here.
I’m especially interested in knowing what kind of things you’d like to see discussed during this session, so if you have a question about our products or design strategy, tweet me (or comment) so we can properly answer them on the day.
Think Like A Spy…
Recently John Sileo spoke at the Department Of Defense’s Joint Family Readiness Conference on the topic of identity protection and theft. As a two time victim of identity theft, John is well placed to speak from the heart about the practical, factual, and emotional aspects of this problem, and though I was not able to attend his presentation the writeup on his presentation is well worth a read.
John advocates a couple of thought processes which I’ll let you read the details of directly from the transcript, but to summarize he encourages us all to “Think Like A Spy” – to question the validity of the request for information at every stage, and with every person. Read more…
Elite turns 25, or How I met David Braben
This week marks the 25th anniversary of one of the most famous computer games ever published – Elite, by David Braben and Ian Bell.
Released to the world on September 20th, 1984 for the 8 bit BBC Microcomputer. Initially rejected by the software publishers of the time, Elite was picked up by Acornsoft and managed to sell 1,000,000 copies on a whole range of platforms. Written by two guys, without the help of a studio, artists, or project managers, and entirely in assembler, for a machine which had less memory “than most emails”, it stands the test of time as one of the finest examples of how gameplay trumps visual beauty every time.
Who?
 | Simon Hunt is the VP and Chief Technology Officer for McAfee Data Protection and formally the CTO for SafeBoot International. Simon has been designing, implementing and speaking about data security since 1996. You can read my full Bio. |
Comments