Most security products fail to perform

According to this article, nearly 80 percent of security products failed to perform as intended when first tested and generally required two or more cycles of testing before achieving certification, according to a new ICSA Labs report. Having lived my prior professional life "in the belly of the software development beast" I can only say, 'Wow, 20% actually worked as advertised?"

The other interesting finding included in the report was that 44 percent of security products had inherent security problems. Security testing issues range from vulnerabilities that compromise the confidentiality or integrity of the system to random behavior that affects product availability.

Things to keep in mind (and ask pointed questions about) the next time a security systems vendor comes calling.

Cheers,
Dave

Hacking to turn off the lights

CBS News is reporting that several power outages in Brazil over the past several years were the result of hackers taking control of the power grid. This was part of a "60 Minutes" segment on cyber warfare. The scary part (the main thrust of the 60 Minutes segment) is that much of the U.S. power grid may also be vulnerable.

Chers,
Dave

Peer-to-peer leaks

It seems a congressional staffer took home an Ethics Committee report that named names and deeds. That's not so bad but they then put it on their home system and their peer-to-peer software shared it with the world. The Washington dirt is interesting but the second page has just a little coverage of how the leak occurred toward the bottom of the page:

The Washington Post article

One of the selling points Vericept used when I worked there was that they monitored all network traffic; not just common ports. We saw quite a bit of really interesting stuff that no one dreamed had been shared. In this case, there's not much anyone could have done to stop this leak other than restricting access to the report and requiring that it not be taken home.

Cheers,
Dave