March 4, 2010

RSA 2010: What responsibility do security bloggers have to the industry?

David SparkAt the RSA Conference in San Francisco, I interviewed Andrew Hay (@andrewsmhay), a security blogger and Information Security Analyst at the University Lethbridge in Alberta, Canada. Hay had keynoted the hipper side security conference known as Security B-Sides earlier this week.

One of the issues Hay talked about at B-Sides was that security bloggers were becoming the voice of the security industry, and as a result, they had a responsibility to the industry. Hay said that security blogging first responsibility is to be educating everyone else and helping others understand the challenges of security. Part of that involves engaging others on how to solve security problems collaboratively.

Given that bloggers are not beholden to an editor or a publisher, the security blogging community self-polices each other and happily jump down each other’s back when they make mistakes. Sure they’re in security, but they’re only human, so they do make mistakes.

Lastly, I asked Hay what’s the best way to communicate with a security blogger if they say something for which you don’t agree. He gave the most common, and I believe correct response, and that’s to not air your argument out publicly online. Pick up the phone and have a conversation. Find out what the core of the dispute is. Hay’s seen a lot of anger quelled by a simple phone call.

Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.

March 1, 2010

RSA 2010: How to protect yourself from social networking malware

David SparkI‘m at the 2010 RSA Conference here in San Francisco this week reporting for Tripwire.

Before the expo floor opened, I sneaked in (yes, seriously, at the security conference), and got a preview of Sophos’ presentation on protecting yourself from social networking malware. After his preparatory run through, I asked “media tart” (his words, not mine) Graham Cluley (@gcluley) if I could interview him on how to protect yourself and your company from malware over social networks. He provided some good tips. Some of them I’m sure you’ve heard before, but do you actually adhere to them all? Here’s a summary of his recommendations:

  • Get an anti-virus program that scans every link you click on.
  • Just because someone who says they’re you’re friend, they’re not necessarily.
  • To protect yourself from what’s behind a short URL, add a plugin to your browser that gives you a preview of what the long URL is. As a Firefox user, Cluley recommends Long URL Please.
  • Use different passwords for different sites. Cluley says 33% of people use the same password for every single site. I personally use Roboform2Go for password memorization.
  • Don’t use a dictionary word as your password. Pick something difficult that combines letters and numbers.
  • The scammers are always out to get you. Make sure you’re aware of the threats by reading security blogs. He highly suggested you fan the official security page on Facebook.

Read more of Graham’s tips on security on his blog. And please check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.