Raesene's Ramblings

E-commerce now a turn-off - official | The Register
well not really, just growing more slowly.... But it's an interesting story all the same. It seems that, surprise surprise, Internet users are getting tired of all the phishing and spyware and viruses, and some are stopping useing the 'net for shopping and banking.
I actually think that this could become and accellerating trend. I don't see any magic bullets to make things easier for ordinary, non-technical, Internet users and without some sort of change more and more people will give up on using the 'net for e-commerce no matter how convenient it is.
The annoying thing is that this will hit all the banks and many retailers in the pocket, but because it's no one companies problem, none of them seem to be stepping up to take a lead in trying to combat this...

Network and IT Security Management Blog: Correlation Central - Network Security Blog: MasterCard PCI / SDP Framework
An interesting posting about the credit card industry's PCI security standard, and some commentary on it.

Interview with Marcus Ranum
There's a great interview with Marcus Ranum over at Securityfocus. It's obvious from the responses that he's been around in network security for a while and knows what's what..
Also there's a couple of great quotes...
in response to "If a standard protocol is broken or insecure, what is the best solution? Maybe supporting only some features or adding a crypto layer?"
If it's broken, adding crypto just makes it broken and hidden. is a classic...
also there's some interesting thoughts on de-perimeterisation and advocacy of data-level protection as the solution to all evils

Open Information Systems Security Group - Information Systems Security Assessment Framework (ISSAF) Draft 0.1
Link to a Pen Testing framework, looks interesting, but a little daunting to read at 1054 pages !!

Security breach may have exposed 40M credit cards | InfoWorld | News | 2005-06-17 | By Tom Krazit, IDG News Service
Another to add to this years seemingly endless stories of large companies sufferering losses of customer information, in this case CC info...
What I'm very interested to see is what actual penalties/negative consequences affect the companies responsible for these breaches, as I think it will shape some of the internal debate in companies that handle this kind of data about appropriate levels of security.
One thing that does seem to have happened is a loss of share price for choicepoint... looking at their stock graph their trading down about 20% from around the point when their breach was publisised....
Actually maybe that's worth looking at (getting a list of the breaches from privacyrights and comparing stock prices before/after)

SysWear :: Programming t-shirts
Cool looking line of geek t-shirts... I particularly like this one

Schneier on Security: Attack on the Bluetooth Pairing Process
Here's a note from Bruce Schneier on an interesting new attack on the bluetooth protocol (or more accurately common implementations of the protocol)...
Following this, if there are tools released which implement the attack, it'll really reduce where bluetooth should be used in corporate settings... all those lovely bluetooth headsets that people in the UK have bought...

CyMotion Linux Cherry Keyboard
Link to instructions to get the cool cherry linux keyboard working without using the supplied software (which appears to be Suse only).
Nice keyboard as well as having cute penguins on in :o)

GaryKessler.net Home Page
Excellent list of security Articles/URL's

Ping Tunnel - Send TCP traffic over ICMP
Another great example of why once you allow one protocol/port through your firewall, it's pretty easy to get any other traffic through... This one's interesting, in that it levereges ICMP...