The InfoSec Blog

Encyclopedia of IT terms

Posted by Anton Aylward

CMP ChannelWeb have an on-line encyclopaedia of IT terms. This is a useful addition to my toolbar for composition, along with a more conventional dictionary.

ChannelWeb Logo

The definition of 'information security' seems limited to access control, which is very disappointing. The definition for 'computer security' is more comprehensive. Never the less, to a security professional both these definitions are lacking.

What screams out to me, and this is very obviously my bias, is the lack of any mention of INTEGRITY in these definitions. As I keep pointing out, if you don't have integrity, any other efforts at security, be it information security, or "Gates, Guards, Guns and Dogs" physical security, be it backup and disaster recovery, be it access control, be it 1024-bit SSL, are all going to be pointless.

Its not until we follow a few links at the Encyclopaedia do we come to a mention of Donn Parker's six fundamental and orthogonal attributes of security is there mention of 'integrity'. Even so, that definition has only a like to 'data integrity'. There is a separate definition for 'message integrity'. While these specific items are important, they are details. What is lacking is a general definition of "Integrity". Once again, Fred Cohen's seminal 1997 article on the importance of Integrity comes to mind.

No, a much better reference is Rob Slade's "Dictionary of Information Security", which, of necessity, encompasses many IT terms.

Enhanced by Zemanta

Who ya gonna blame?

Posted by Anton Aylward

I'm always amazed at how many decision makers weasel out of a good deal because of prejudices and blindness.

I can understand the cases where a vendor had upset them in the past and they won't deal with them again, but I don't understand the prejudice against "Free Software". Once upon a time all software was "free". The hardware vendors gave it away in order to sell the software. In fact at the Seneca FSOSS Symposium, Brian Down, Chief technologist at Sun Canada, outlined Sun's forthcoming approach to "Monetizing Open Source at Sun", and it seemed remarkable like this. The video of his presentation is here.

Filed under: Security Continue reading

First of the Month Regular Security Violations

Posted by Anton Aylward

I am on many mailing lists. They are an aspect of modern life. For some people its the 'synchonous mode' of IM, for others its the 'asynchonous mode' of E-Mail.

Most of the lists I'm on are managed though YahooGroups, but a few are managed from 'private sites' using MailMan.
The real problem with MailMan is that on the first of the month every MailMan managed list I subscribe to sends me a message that ...

... includes your subscription info and how to use it to change it or unsubscribe from a list.
You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

All well and good.
But then it also sends my password - IN CLEAR TEXT!

I have two issues with this.