Friday Summary - January 9, 2009By Adrian Lane
Here it is, our first Friday Summary of 2009. While it’s Adrian’s week to put the summary together, we thought it would be better if I handled the intro since I was at Macworld looking at cool stuff all week while he was manning the fort and cleaning my gutters (if he ever reads his employment contract, I’m totally screwed).
Last year was my first Macworld, and I feel lucky I got to see the Great Jobsness give a keynote before he decided to take a break. Phil Shiller did a great job, there just wasn’t that much to announce; even without Jobs, these are still the best product announcement sessions I’ve ever seen. As for the products, I think Apple is hitting a home run with the iLife changes- the power in iPhoto and iMovie is just sturn ing. But if you want to read about this stuff, head over to our TidBITS coverage.
On the security front I saw two really interesting things I’d like to award with the Securosis Best of Macworld Expo. First up is Agile Software for 1Password. They win for 2 reasons- first is that they decided to cancel My1password.com. The idea was to build a web application for password management you could access from anywhere. If you read this site, you know the difficulties in such as risky move. Instead they are leveraging DropBox and letting you move passwords via USB storage. Yes, there are still risks, but it’s a granular system and sometimes we really do need to move passwords around with us. The second reason is the upcoming 3.0 version of the product. It’s polished, secure, useful, and one of those tools I use daily.
Our second winner is Checkpoint for a pre-alpha version of the iPhone VPN client. They added an option so that when you go to connect it sends a text message to your phone with a one time password. Sure, this has been done before, but on the iPhone the VPN client automatically picks the password out of the text message and logs you in… no manual cutting and pasting or anything. Which is good, because you sort of can’t cut and paste on the iPhone.
ell came out to spice things up, and Amrit ran into Raffi while parking his car. Who says Mac users hate security! (Then again, I was buying, which might explain a few things).
On that note, it’s time to catch up on massive amounts of email and turn the Summary back over to Adrian for all the security news I missed…
Here is the week’s security summary:
Webcasts, Podcasts, Outside Writing, and Conferences:
- The Network Security Podcast this week was a little shorter with Rich being at Moscone Center and Martin needing to spend time with the family, but they covered some good stuff with a discussion on 0Auth, weak passwords, the Phishing attack on Twitter users and facial recognition in iPhoto.
- Rich has a nice writeup of the new MacBook Pro on Tidbits.
Favorite Securosis Posts:
- Rich: Part 8 of Building a Web Application Security Program is a great ending to the series.
- Adrian: Contingency Plans: The tech collapse took its toll on me, but I learned a lot, and hopefully there might be some advice you find helpful during this go-round.
Favorite Outside Posts:
- Adrian: Robert Graham’s post on Verisign’s Response to the MD5 cert problem is a good analysis of the situation and how Verisign responded. It’s a bad sign when a company fails to defend its core business and then reacts in this manner when issues are pointed out.
- Rich: Crazy Apple Rumors site: “The best Keynote Liveblog ever!”
Top News and Posts:
- Twitter Phish reported this week. Social engineering gets better and it becomes increasingly difficult to tell a real from fake without close inspection.
- MacWorld with week, with a nice, shiny new MacBook Pro announced.
- Life parodies itself, with CheckFree having a breach of 5M records.
- Unemployment is officially listed at 7.2% nationally. Here in AZ, our state is telling us it is still around 6.8%, but I am willing to bet that it is closer to double that number.
- TJX Hacker gets 30 years.
- More and more fake shopping sites popping up.
Blog Comment of the Week:
windexh8er on Part 7, Secure Operations:
Great series guys! I was just playing around with NSMnow! — so the
content in the monitoring portion was fresh in my mind. Maybe look to
include a tools list in your next post where you talk about balancing
Which is one of our recommendations in part 8 … we’ll also do a ‘recommended free tools’ post in the coming weeks.