Carriers liable for end-point security

NetworkWorld quoted the AT&T CISO, Ed Amoroso:

The past decade has been tough – the security industry has lost its way. At one point we had no security; now there’s too much. This has been the era of security getting worse and worse. Today there’s too much software from vendors that needs to be patched. There are viruses and worms and spam and firewalls…carriers need to be doing security for the endpoints.

The theory is that a central entity can do a better job filtering the data to detect anomalies, and that the end users can not all afford to specialize in security.

But how do we know that AT&T has a security baseline that is consistent with ours as end users? I agree with Ed that the most basic threats should be removed by the carriers (like the centrally-controlled conditioning that removes big spikes and sags from the power lines), but do not see how he can get around that fact that end users will always have vastly different risk models that need individual solutions. Some of us still buy small UPS, some big, and some go with multiple UPS plus generators. That doesn’t mean we don’t think that the power company shouldn’t be liable for outages, it just means we don’t all address the same risks let alone agree to a universal fix.

sunbrella

sunbrella

This red-dot winner seems like a good idea at first glance. It’s a sunbrella/solar-panel. Perfect for beachgoers who need to power those portable air conditioning units or giant portable beer coolers. In fact, this seems like the just the right thing for small villages in the desert that suffer little or no wind, which brings me to my second glance; what happens when the breeze picks up the disc and launches it like a monster frisbee into the monster-truck parked next to the guy with all the muscles? And how do you collapse/store the thing when you don’t want every bird in the harbor to use it for target practice? Ew, messy. Oh, well. At least it looks a lot prettier than the CIA’s new solar and wind energy units, shown below, made by SkyBuilt Power.

The CIA plop and drop

The Gospel of the FSM

Bobby Henderson reveals that he is gainfully employed now. Just don’t ask about his last supper.

Interview with Wired News:

WN: How were you inspired to write The Gospel of the Flying Spaghetti Monster?

Henderson: The book is necessary so that people see how much hard evidence supports the existence of the FSM. You can make a pretty strong argument for His existence. Especially if you use the same sort of reasoning the ID people do: specious reasoning and circular logic. I suspect the mainstream religions will concede after reading it.

I know this might be a stretch for information security related topics, but the FSM brings to mind a need for clear standards to either accomodate a wide-base for interoperability or a narrow set of similarly defined values. If the core value is revealed to be nothing more than “specious reasoning”…well, that just opens the spec up for all sorts of crazy ideas. The Intelligent Design movement clearly had a supreme marketing department, but their engineering and IP controls leave a lot to be desired.

Or as Bobby put it:

I think it’s pretty amazing that these people without scientific backgrounds — or really any education at all — think they have the right to decide the science curriculum. And it blows my mind that they are getting away with it.

You have to admit the guy has balls, meat balls that is.

Ford Motor Breach

Another big “small” breach is announced:

“Ford Motor Co. informed about 70,000 active and former white-collar employees that a computer with company data, including social security numbers, was stolen from a Ford facility.”

These “smaller” breaches (compared to the hundreds of thousands or even millions of records lost by financial institutions, etc.) are especially worrying because of ID Analytics’ statement that the lesser numbers indicate a higher percentage will be used for fraud.