Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “NIST Offers Draft Security Engineering Guidance”, 2) “Forget this Network – The Unfortunate Best Solution”, and 1) “TrueCrypt Mystery”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference. A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
QOTD – Perfection Is the Enemy of Good Enough…: “Perfection is the enemy of good enough.” – Voltaire. I’ve always really liked this quote as a reminder for those perfectionists out there (including myself) that often 70% or 80% is good enough and that it’s time to move on. According to Wikipedia it is originally attributed to Voltaire as part of his introduction to the poem La Bégueule. (continued here)
Forget this Network – The Unfortunate Best Solution: In July of 2010 we wrote an article titled “Forget this Network, Pretty Please” on how the iPhone and other iOS devices offer no way to easily remove known wireless networks. For those that aren’t familiar with this concept, known wireless networks are ones you connect to once and the iPhone remembers them. Depending on how you configure your iDevice, it will automatically reconnect to these known networks for instant access to the Internet without having to manually reconnect. Know of any other ways to fix this problem? Let us know in the comments below. (continued here)
TrueCrypt Mystery: Fascinating discussions going on today about one of our all time favorite tools, TrueCrypt… If you haven’t heard, the TrueCrypt site is down and redirecting to a SourceForge page recommending to stop using it and providing instructions for migrating to Microsoft BitLocker. Here’s a snip-it from that page. Have any theories on what’s going on? Let us know in the comments below. (continued here)
NIST Offers Draft Security Engineering Guidance: It’s nice to see NIST offer some official guidance on this aspect of security, where we build security in versus tacking it on at the end. Don’t expect anything new as organizations have been doing this for the past decade or so. Those select few are but a tiny percentage however and hopefully NIST’s formalized recommendation will drive such a development process into the mainstream for all organizations. Comments on the draft are due July 11th. (continued here)
Healthy Paranoia Podcast on PCI: Here’s a Healthy Paranoia podcast episode you might want to checkout, the one where I pretend to know a little about PCI. Hopefully I at least asked some thought provoking questions. I play Mr. Java, the Healthy Paranoia enforcer. Given my Starbucks addition the nickname is very appropriate. (continued here)
Hope everyone had a wonderful week! Have a great weekend!