David Laceys IT Security Blog

January 2007

  • Gaining the Attention of Management Boards

    David Lacey 31 Jan 2007
  • This week it’s been put to me several times that the major problem for the Security function is gaining the attention and support of Management Boards. This surprises me because contemporary ...

  • Moore's Law and Security

    David Lacey 28 Jan 2007
  • Intel’s announcement that they will start manufacturing processors with transistors 45 nanometres wide means that Moore’s Law remains intact. For several years pessimists have speculated that this ...

  • White Hats Do Good

    David Lacey 28 Jan 2007
  • Friday’s excellent White Hat Ball demonstrated that security professionals can deliver value to the Community, by raising a substantial amount of money for the Childline Charity. It was great to ...

  • Security and the Environment

    David Lacey 26 Jan 2007
  • It’s always interesting to see what’s currently on the CIO agenda, so I took a couple of days out this week to attend Information Age’s Effective IT Summit at the Vale Hotel in Cardiff. Gaining ...

  • Time to Publicise Security Incidents?

    David Lacey 24 Jan 2007
  • Ed Gibson's comments on my recent posting on "information security fatigue" raise a timely and important issue: Should we now publicise security incidents? I'm in favour. Compliance is already ...

  • Employee Monitoring - a hot topic for 2007

    David Lacey 22 Jan 2007
  • Tonight I'm again debating the subject of Employee Monitoring at a CISO dinner. I've already posted some thoughts on this subject. But I've noticed quite a lot of interest and debate now being ...

  • Designer Firewalls

    David Lacey 21 Jan 2007
  • For some months I’ve been beta testing an entirely new form of firewall. In fact it’s much more than that with 13 layers of security protection contained within a smart, pocket-size USB device that ...

  • More Testing Please

    David Lacey 20 Jan 2007
  • It was refreshing and reassuring to see the Home Office coming clean about the lessons learned from the failure last year if its Electronic Passport Application system. I can understand the ...

  • The Perils of Mis-addressed Communications

    David Lacey 17 Jan 2007
  • Stuart King's blog posting on the danger of accidentally misaddressing emails reminded me of an incident I came across several years ago. But this was the opposite problem. Wrong source rather than ...

  • Better Authentication Needed to Counter Man-in-the-Middle Attacks

    David Lacey 17 Jan 2007
  • RSA have reported the discovery of a “Universal Man-in-the-Middle Phishing Kit” offered for free trial on an online fraudster forum. The kit enables fraudsters to create a fraudulent URL via a ...

  • Database Security - Patching is not enough

    David Lacey 12 Jan 2007
  • Next Tuesday, 16th January 2007, Oracle will issue 52 critical patches. It’s clearly a great leap forward for database vulnerability management. But it also illustrates the size of our security ...

  • Countering the Threat of Information Security Fatigue

    David Lacey 10 Jan 2007
  • Charles Pask's comments on my recent blog postings raise an interesting and realistic new threat: that our industry might lose credibility due to non-events, because we are simply too good at what ...

  • Who Needs Firewalls?

    David Lacey 09 Jan 2007
  • Reading a recent Techtarget email summary of security content from 2006 pointed me to an excellent paper "Security without firewalls: Sensible or silly?" about the San Diego Supercomputer Center's ...

  • ATM Security - and how not to improve it

    David Lacey 06 Jan 2007
  • The newspapers are full of stories about Ross Anderson’s experiments with ATMs, demonstrating something we already know quite well, which is that if you spend enough time in a laboratory with a ...

  • Lookalikes

    David Lacey 06 Jan 2007
  • Looking at a couple of web sites from security vendors, I noticed a curious resemblance in the photographs. Chronicle Solutions, a UK vendor of digital communications monitoring solutions, and High ...