The November/December 2008 issue of BackBone Magazine has an excellent “Focus on Security” section. The primary message is simple - all of your employees need to be your Security Guards. The millenials won’t allow us to stop social media useage in the workplace. Given that, your only hope is a well-trained employee population. Check out the “Focus on Security” section in this issue.

Experts encourage education as opposed to avoidance.

RB

Congress is shocked that companies like Google (and Yahoo! and Microsoft and AOL… the list goes on) are using cookies to track where us web surfers go in order to serve up better ads.

I think Microsoft gave the best response - silence.

Are you kidding me?

One of the foremost authorities on all things web and tech, is Harvard Professor, Nicholas Carr. Nicholar raises an important question here about what protocols we are to follow when information is separated from the data that encodes it.

With Google, Microsoft, Amazon and others all racing to build data centres to support the cloud computing model, how much weight can we give the physical resting spot of the data when, in a world of accessibility, the more important feature becomes the keyholder… and better yet, the keyholder’s street address?

Here is an excerpt from a recent SearchSecurity.com article that we found interesting…

If 2006 began the trend of researchers launching ‘month-of’ flaw disclosure projects, 2007 was the year such projects ceased amid a rising wave of criticism among those who thought it was more about ego than better security

“Software vendors are notorious for taking months or years to produce a security patch,” said Metasploit Framework creator H.D. Moore, whose Month of Browser Bugs in July exposed 31 browser holes, most affecting Microsoft’s Internet Explorer. “The ‘Month-of’ projects put pressure on the vendor to address an issue in a reasonable amount of time. In my experience, nothing produces a patch faster than a published exploit.”

LMH, the researcher behind the Month of Kernel and Month of Apple bugs, said, “It’s better to have someone disclosing your security flaws than having them known by the bad guys, only. This pushes the vendor to change its procedures and policies for vulnerability handling and disclosure. And that’s where users benefit.”

But with the Month of Apple Bugs now underway, some security bloggers are criticizing the disclosure projects as something designed more for press attention than better security.

That’s not to say the critics don’t find some value in what the researchers are doing.

The Security Curve blog, for example, takes on the issue of press attention while still finding value in exposing Apple’s security holes.

The full article is here.