Top 3 NoVA Infosec Blog Posts of the Week

This week, local bloggers tackle the ’80 percent’ myth, the end of the interwebs as we know it, and why FDCC isn’t just cool, but magical.

#3 – The Magic of FDCC: Responding to a post by Bruce Schneier, @rybolov sets out to discover the real ‘magic’ of FDDC in the midst of all the controversy. According to @rybolov, “[t]he magic of FDCC is not in the fact that the Government used its IT-buying muscle to get Microsoft to cooperate,” but that “FDCC is getting the application vendors to play along.” @rybolov goes on to note that if your software works with FDCC, it is most likely built to run on security-correct operating systems. But before you decide whether FDCC really is the holy grail of desktop security, be sure to read @rybolov’s post, as well as the initial post by Schneier, to see what the hubbub is all about. (If nothing else, read them for the comments—they’re priceless!)

#2 – The Myth of 80 Percent: In his “Insider Threat Myth Documentation” post this week, author and local security blogger Richard Bejtlich provided an excerpt from his 2004 book The Tao of Network Security Monitoring with recently added annotations. Posting an excerpt from the book that deals with the ’80 percent’ myth, Bejtlich documents what the 80 percent myth means for insider verses outsider threats. To do that, Bejtlich first ‘debunks’ the 80 percent myth by quoting a response from Dr. Eugene Schultz: “There is currently considerable confusion concerning where most attacks originate. Unfortunately, a lot of this confusion comes from the fact that some people keep quoting a 17-year-old FBI statistic that indicated that 80 percent of all attacks originated from the [inside]…” While the 80 percent myth might not be accurate, Bejtlich says that’s no reason to underestimate insider attacks, as they still pose the largest vulnerability. You can read the full excerpt here.

#1 – Conspiracy of the Month
: If all the buzz on the internet is correct, S.773 is the end of the web as we know it. Lucky for us however, we have @rybolov to keep us grounded in the midst of would-be conspiracies. The basic premise of the S.773 conspiracy is that the Government would be given the ability to view private data and the President would be able to censor internet content. (Noes, not the interwebs!) Needless to say, this has caused quite a few people to panic since there’s nothing that people hate more than the idea of censorship. But @rybolov does an excellent job of wading through the real purpose of S.773 and why we might still have a usable internet at the end of it. You can read the full post here.

Well, that’s all for this week. It’s been a bit of a quieter week on the local blogosphere, so we would love to know if you write or read a local blog that we should consider for our “Top 3” every week. Be sure to leave a comment about it below, or send us a tweet @grecs.

o     o     o     o     o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

Leave a Reply

Your email address will not be published. Required fields are marked *