David Laceys IT Security Blog

January 2007

• Gaining the Attention of Management Boards

  David Lacey 31 Jan 2007

This week it’s been put to me several times that the major problem for the Security function is gaining the attention and support of Management Boards. This surprises me because contemporary ...

• Moore's Law and Security

  David Lacey 28 Jan 2007

Intel’s announcement that they will start manufacturing processors with transistors 45 nanometres wide means that Moore’s Law remains intact. For several years pessimists have speculated that this ...

• White Hats Do Good

  David Lacey 28 Jan 2007

Friday’s excellent White Hat Ball demonstrated that security professionals can deliver value to the Community, by raising a substantial amount of money for the Childline Charity. It was great to ...

• Security and the Environment

  David Lacey 26 Jan 2007

It’s always interesting to see what’s currently on the CIO agenda, so I took a couple of days out this week to attend Information Age’s Effective IT Summit at the Vale Hotel in Cardiff. Gaining ...

• Time to Publicise Security Incidents?

  David Lacey 24 Jan 2007

Ed Gibson's comments on my recent posting on "information security fatigue" raise a timely and important issue: Should we now publicise security incidents? I'm in favour. Compliance is already ...

• Employee Monitoring - a hot topic for 2007

  David Lacey 22 Jan 2007

Tonight I'm again debating the subject of Employee Monitoring at a CISO dinner. I've already posted some thoughts on this subject. But I've noticed quite a lot of interest and debate now being ...

• Designer Firewalls

  David Lacey 21 Jan 2007

For some months I’ve been beta testing an entirely new form of firewall. In fact it’s much more than that with 13 layers of security protection contained within a smart, pocket-size USB device that ...

• More Testing Please

  David Lacey 20 Jan 2007

It was refreshing and reassuring to see the Home Office coming clean about the lessons learned from the failure last year if its Electronic Passport Application system. I can understand the ...

• The Perils of Mis-addressed Communications

  David Lacey 17 Jan 2007

Stuart King's blog posting on the danger of accidentally misaddressing emails reminded me of an incident I came across several years ago. But this was the opposite problem. Wrong source rather than ...

• Better Authentication Needed to Counter Man-in-the-Middle Attacks

  David Lacey 17 Jan 2007

RSA have reported the discovery of a “Universal Man-in-the-Middle Phishing Kit” offered for free trial on an online fraudster forum. The kit enables fraudsters to create a fraudulent URL via a ...

• Database Security - Patching is not enough

  David Lacey 12 Jan 2007

Next Tuesday, 16th January 2007, Oracle will issue 52 critical patches. It’s clearly a great leap forward for database vulnerability management. But it also illustrates the size of our security ...

• Countering the Threat of Information Security Fatigue

  David Lacey 10 Jan 2007

Charles Pask's comments on my recent blog postings raise an interesting and realistic new threat: that our industry might lose credibility due to non-events, because we are simply too good at what ...

• Who Needs Firewalls?

  David Lacey 09 Jan 2007

Reading a recent Techtarget email summary of security content from 2006 pointed me to an excellent paper "Security without firewalls: Sensible or silly?" about the San Diego Supercomputer Center's ...

• ATM Security - and how not to improve it

  David Lacey 06 Jan 2007

The newspapers are full of stories about Ross Anderson’s experiments with ATMs, demonstrating something we already know quite well, which is that if you spend enough time in a laboratory with a ...

• Lookalikes

  David Lacey 06 Jan 2007

Looking at a couple of web sites from security vendors, I noticed a curious resemblance in the photographs. Chronicle Solutions, a UK vendor of digital communications monitoring solutions, and High ...