In response to Michael at
mcwresearch and Michael (LV) at
terminal23, I'm
surprised there has been no middle-ground adoption that gives users
ability to format text (colors, bold, italic, underline, bullets, etc),
without the nastiness of HTML and without the plainness of plain text.
It looks like enriched
text (RFC
1896) was supposed to do
this, but never seemed to catch on. I've been using the following for
"formatting" in plain text, and it has gotten the point across OK so
far:
- STRONG = bold
- _underline_ = underlined
- /italic/ = italic
- * = bullet
Posted by Marcin on Friday, December 29, 2006 in
Security.
Who else besides me thinks "ThreatCon" levels are bullshit? (not to be
confused with vulnerability alerts) After checking out Slashdot this
morning, I came across CERTStation,
which attempts to aggregate current threat information into one page,
entirely in Flash. I won't get into how much Flash sites irritate me, as
we can debate for days and not get anywhere on it. Who knows what the
site's true purpose is, selling you information in exchange for money or
personal information? who knows..
But let's talk about threat levels. Why is it that A/V vendors tend to
have elevated levels than anyone else? How do they determine these
threat levels? Current number of infected machines, virus propagation
time? For real now, who really acts differently when all of a sudden the
threat level goes from green to yellow, or yellow to orange? Not to
mention, the colors don't mean anything to me! What exactly is
threatening me that I need to be more alert? Is it a new worm or exploit
code that affects 99% of business systems? Come on, tell me! This is why
I tend to be "always on alert," which would equate to the color red. I
am always thinking there will be something out there that will cause
havoc for me so whatever that is, I want to be prepared for it. Staying
on top of the latest vulnerabilities, identifying and analyzing the ones
that affect me I can determine what is critical and what is not.
This is what ThreatCon Levels mean to me:
Current Threat Level:
Posted by Marcin on Thursday, December 28, 2006 in
Intelligence and
Security.
On Christmas, I went to the movie theaters and saw The Good
Shepherd. I liked it, but felt
that the romance with Angelina Jolie and family issues took away from
it. It did a good job showing how family and relationships are affected
by secretive lives, but I didn't care too much for that. I wanted more
thriller, like Spy Game (which
I can watch repeatedly), even though it is less realistic.
I love watching the trailers before the movies, and was absolutely
ecstatic when I saw the preview for
Breach, begin with "You're
going to be an agent... You're being tasked to headquarters, where
you'll be riding the desk of an agent named Robert Hanssen." I recently
finished reading Spy Handler: Memoir of a KGB Officer - The true story
of the man who recruited Robert Hanssen and Aldrich Ames. In the book,
Victor Cherkashin detailed how brilliant Hanssen was and how well he
managed to conduct himself as a double agent. I'm looking forward to
this movie, and I hope the "Hollywood romance" is kept to a minimum.
Posted by Marcin on Wednesday, December 27, 2006 in
Intelligence.
Alright, I just have to respond to this opinion regarding Social
network users have ruined their privacy,
forever.
Just about anyone can read what's posted onto social networking
websites like MySpace and
FaceBook. 'Anyone' includes the
intended audience of friends, but potentially relatives, teachers
and employers too. And much of what is posted can never be deleted.
I don't need to point out that Prof. Smart's fears are well-founded
and that this is bad news, do I?
Well, MySpace and Facebook both have options to make your profile
private. Myspace will show your profile is private and you need to
be-friend that person before you can see their full profile. On
Facebook, the security controls are much finer. You have control over
what content different friends and non-friends see.
Chat rooms are all but dead and buried now, amidst fear of sexual
predators and other unsavoury types. However, forums continue, by
virtue of their more topic-focused and moderated nature.
Ummm, no they're not. I know IRC is still kickin'. Remember this though,
The internet: Where men are men, women are men, and teenage girls are
undercover FBI agents.
Parents can see what their children really get up to at Uni'.
Teachers can see what their pupils really think. Potential
employers can profile applicants based on their online braggings and
other shenanigans.
Could it be that these people don't care about that? Or maybe because
the people who would judge or profile them aren't exactly saints either.
Next time around, go check out the employee picnic/party and see for
yourself. How many times have we seen various types pushing their
"morality" on us and very often we come to realize it was all bullshit?
Social networking users need to take a step back and think about
just what they're posting onto the Internet. It'll probably be too
late for a number of people, and it'll take a lot more 'victims' of
the lack of privacy before most users actually start heeding these
warnings. Just beware that anything posted online to your friends
now, could very easily come back to haunt you in days, months, or
even years to come.
How can we live freely if we must hide our true feelings? Why is it we
fear getting in "trouble?" Some day, this behavior seen as "bad" will be
accepted as it becomes more common. Why should I have to lie and put on
a face while interacting with different people? I am not saying to act
foolishly, but we have the right to stand up to live our lives the way
we choose.
Regarding blogs; I hope showing a personal interest in security doesn't
hurt my chances...
Posted by Marcin on Wednesday, December 27, 2006 in
Security.
Following everyone else and their "Security Predictions of
2007," I have
some predictions of my own:
- I will be graduating in August with a Bachelor's Degree
- I will be looking for an entry-level position in security
These are two predictions that I am 100% positive of for the year 2007.
In reply to Mike
Rothman,
Mike
Murray,
and the recent news articles reporting there's not much new security
talent for hire, well... I hope that I can contribute my skills
somewhere out there.
Posted by Marcin on Saturday, December 23, 2006 in
School and
Security.
