MeI am Sumeet,an information security enthusiast, crazy about Coffee, iPod, everything mac, travelling, consuming rss and eating. I work for a technology consulting firm where I usually rant about security best practices.
It has been quite some time since I posted here. Too many things in the past few weeks to write about, and I didn’t know where to start. iPhone launch, CCIE, a signed book by Bruce and several other draft posts are still lying unutilized in my inbox. I planned releasing each of the posts separately but it’s too much effort. So here is what has kept me busy for the last few weeks:
- iPhone at $199: Keeping aside the technical glitches and other things in the newly launched iPhone, almost everyone in this part of the world is expecting to shell out 8K for iphone – which to my best of estimates will not happen. Apple has released the iphone for $199 for AT&T customers with 2 year lock in period for US Customers. The real calculations are still as scary. Whereas, Airtel/Vodafone are in no position to introduce the lock in period and hence it will sell at premium.
- Old iPhone Vs 3G iPhone: I do not plan to upgrade iPhone atleast till next update. I run 1.1.2 and am quite happy with the functionality and performance. Apps work seamlessly and I know my way around Delhi and other cities and can live without GPS. Besides, GPS service in India is still very shallow. 3G network is not yet launched which even if was there, would have fought hard to replace my liking for metallic surface than white/black plastic.
- CCIE Security: I cleared my CCIE Security exam after weeks of dump tests and going through Cisco manuals. Quite a relief, but still a long way to clearing the exam.
As a bonus, Bruce sent me a signed book. I am surprised how it reached me dry and crisp despite the rainy season in India.
For the better half of the last weekend, i was forced to listen to how Harbhajan slapped Sreesanth and how Sreesanth cried on the field. In fact for anyone who did a mistake of flipping through a news channel felt that the slap was in front of them, and not on field. And now since yesterday, news channels have started discussing the ban imposed on Harbhajan and how it coincided with sacking of the infamous Mr Gill. Considering the ban on Harbhajan is going to last for next few days on TV, looks like I will be back to studying walrus mating habits on Animal Planet.
PCI SSC finally released “Information Supplement: Payment Card Industry Data Security Standard (PCI DSS) Requirement 6.6 Code Reviews and Application Firewalls” that would clean some air on how much application security is really required for PCI DSS compliance. I have often had long discussions on the intent of 6.6 requirement, and to me it always was clear that Section 6.6 wanted application owners to be cautious against web based attacks than just web-application security testing.
The supplement is a must read and can be downloaded from here
While going through masses of web pages everyday, i found some essential read for anyone and everyone who uses Windows. I personally don’t use Windows until I am compelled to, such as at work. It’s been about 4 years that i moved on to addictive Ubuntu and good looking OS X. Anyhow, here are the links:
As if appointment of Rod Beckström as director of National Cyber Security Center (NCSC) was not foolish enough, Bush administration couldn’t help tolerating Mr Chertoff’s ideas of privacy. In a public appearance at Canada, he attempted to explain how fingerprints are not his idea of personally identifiable information (personal data). What people, especially those who handle security, must understand that personal data can not be described by confidentiality alone.
What most people do not understand is the difference between personally identifiable information and confidential information, or as Schneier puts it ‘the difference between personal data and secret data. To put it simply, personally identifiable Information (PII) refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. It has little to do with confidentiality of the information on its own. Postal codes/ zip codes and fingerprints are few such examples of less-confidential personal data.
I have been thinking about buying ASUS Eee PC to help me access my main machine while I laze around in bed. The two laptops I have are a bit clunky and store crucial data that I cant afford to loose when I roll in bed. While most of my rss, email and music streaming needs are fulfilled by my pimped iphone, they keyboard and screen size often makes it uncomfortable to access my webserver over ssh and my machine over vnc.
While I still wait for some cash inflow for buying Eee PC, Jace has written a very insightful comparison of Eee PC and HCL MiLeap Y. For those who think HCL can produce a good laptop for Linux OS, this is an eye opener.
I have read a lot of material on Johny Lang and stuff written by him, but I have never come across an article as lame as this. Someone please tell the author that penetration testing is different from data stealing!
The way things are turning out in India, we will soon see DoT ordering NIC to maintain a national mail server where all our emails will be mirrored and scanned for keywords that reflect terrorism. Atleast people can look up to NIC to snoop around in other’s email and ask for backup just incase an email is deleted from their servers!