Rather than spam you with a bunch of different posts, thought I'd consolidate a few here, with comments. The articles in question are:
* MythBusters: 7 Tech Headaches—and How to Fix Them, by Jamie Hyneman
* ICANN Moves To Disable Domain Tasting
* Symantec Weblog: From Myth to Reality: Evaluating the State of IT Risk Management
* Swedish Bank Stops Digital Theft
I've offered up a few comments inline on each below.
MythBusters: 7 Tech Headaches—and How to Fix Them, by Jamie Hyneman
This is a highly amusing article in which Jamie runs down some of the tech headaches that really bug him. Among other things, he derides "bloatware" (like Windows Vista), the constant upgrade treadmill, battery insanity (everything has it's own), and so on. A brief read, and quite amusing - especially if you're a fan of the show and hear his droll voice talking. :)
ICANN Moves To Disable Domain Tasting
This is good news for security folks. Why? Because many of these "free" domains were being used for botnets, making it infinitely more difficult to track down botherders. Google made the first move, which makes sense given the impact on them in terms of click fraud. It's nice to see ICANN stepping up and making a smart decision for a change.
Symantec Weblog: From Myth to Reality: Evaluating the State of IT Risk Management
Ugh! These Symantec IT Risk Mgmt people drive me nuts! They're so completely off-base most of the time - it's inexcusable! First, they've done a very poor job of defining what they mean by "IT Risk Management" (ITRM) vs "Information Security Risk Management" (ISRM). Case-in-point, within Myth 1, they say that confusion seems to be clearing up that ITRM is not the same as ISRM , but then they go on to say that the top ITRM concern for management is availability. *sigh* Infosec 101: the "security triad" is C-I-A: Confidentiality, Integrity, and Availability. So, ummm... if availability is a top concern, then that makes it an ISRM concern.
Frankly, I have no idea, then, what they're talking about with ITRM. Personally, I think they've invented the concept just to try and make an extra buck. How about this as a proposal: if you see Symantec heading your way, then turn around and run? This sort of confusion is patently inexcusable for a major player in the security professional services arena. Maybe the report itself does a better job explaining things.
Swedish Bank Stops Digital Theft
This is an interesting little news piece. Apparently some baddies had secretly hooked up remote access to a bank employee's computer and were in the process of making a very large transaction when the employee noticed and pulled the plug, saving the day. Goes to show the importance of physical security and employee awareness. Kudos to that guy/gal!
