Both of tonight’s talks were very good. The first one was a technical discussion about how skilled intruders expand their accesses into corporate (or government) networks, and how they maintain access even after being discovered. A lot of information was presented on how to use a more effective incident response procedure, especially focusing on how to accurate gauge the scope of an intrusion. The speakers (Chris Daywalt and Eoghan Casey) were knowledgeable and engaging.

The second presenter was Johnny Long, and he was as entertaining as always - even at 9:30 pm. Of course, I’ve already seen his No-Tech Hacking talk a couple of times, so it wasn’t exactly full of surprises for me. I would say he should update the slides and the examples he uses, but I think all his spare time goes to Hackers for Charity, which he runs.

Overall, it was a great event, especially considering it was the first one ever. I hope it will continue to attract high quality speakers and grow in attendance.

The launch of A-Space, “MySpace for the intelligence community,” was very publicly announced as a new attempt to foster information sharing and collaboration across agencies. But whenever you deal with sensitive or classified data, security becomes a major hurdle to data sharing.

Anyway, this Federal Computer Week article, “Play it safe on the interactive Web,” caught my attention. It attempts to give tips to federal IT-types on how to avoid taking any risks while trying out some of the latest Web 2.0 tech. I couldn’t help but feel that the author misses the point of interactive, collaborative, service-based systems. It seems more like a list of how to safely give the appearance of venturing into these new technologies.

The very first suggestion is to isolate new cutting edge initiatives from the rest of the organization. Well, doesn’t that defeat a lot of the point? You can’t create a great new interactive, web-based analyst interface to query multiple, disparate databases across various agencies if you are going to keep things isolated (as an example). Tip number two: “keep an eye on XML.” Sorry, but XML is not some newfangled thing that might be useful. I’m positive that it’s already all over government IT systems. Sure, it can present new challenges in sharing data, but it also allows for new, innovative solutions to old problems. (Just remember that XML is not always the right tool for the job.)

I must say, the article isn’t all bad. It does bring out some issues with Web 2.0-type systems, such as the need to really validate untrusted user input. And I can’t argue with the last tip of embedding security into the development process. But overall, I think the government should be more aggressive in adopting new ideas and software technologies. Security should be included, but not a roadblock.

Some of the press coverage I’ve seen has been wrong, giving credit to UCLA mathematicians, when it was really just a computer that happened to be in UCLA, which was connected to the GIMPS network. GIMPS has thousands of computers from volunteers all over the world working on the problem simultaneously.

(2^37156667-1)  and  (2^43112609-1)  are both prime!

In this case, I’m talking more about programming - in particular with Django (the Python-based web framework). This Week in Django, which I had never heard of previously, has created an awesome series of screencasts to help users hit the ground running. They cover the basics, like installation and project creation, all the way to user authentication and the forms library.

The series is worth checking out even if you already know how to use Django in general. You might pick up a few tips, or discover a better way of doing something.

As detailed in the postings, the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search. [Threat Level from Wired.com]

This definitely makes a good case for two-factor authentication. That way just having the password would not be good enough to log in to her account - you would also need the physical token (like a SecurID) that she would own.

That basically means that there is a pretty good record of all your activity throughout the iPhone, including stuff you do in Safari, Mail, or any other apps. In theory, the screen shots are only temporary and get deleted automatically. But just like on any other computer storage device, deleting data usually does not really mean it’s gone.

The article below talks about how computer forensics investigators have been using this unintended consequence to their advantage. It’s actually helped them discover critical evidence in some pretty serious cases.

But from a personal privacy stand point, this kinda sucks. Assuming Apple wants to keep this pretty feature around, one solution would be to securely wipe the screen shot as soon as it’s done being used. Another possibility is to make sure that the image is always written to the same file and location on disk, so that you can only easily recover the most recent one. Anyway, I have a feeling this issue will stick around for a while, so just be aware of the consequence.

IPhone Takes Screenshots of Everything You Do | Gadget Lab from Wired.com.

The researchers’ new approach, called CloudAV, moves antivirus functionality into the “network cloud” and off personal computers. CloudAV analyzes suspicious files using multiple antivirus and behavioral detection programs simultaneously.

In general, that’s not a bad idea. It might save a few CPU cycles on your local workstation by not having to directly virus scan files. Then again, you have to use network resources uploading each file to the cloud, where it is scanned for you.

Each time a computer or device receives a new document or program, that item is automatically detected and sent to the antivirus cloud for analysis.

The privacy concerns here are obvious. Would you trust CloudAV to receive a copy of every file you want to virus scan? How sure can you be that they don’t use the contents for something else, or accidentally leak private information?

I think this idea has more merit as an internal virus scanning system for a large organization. That way sensitive data doesn’t have to leave the corporate boundary, or be sent to a third party. The benefit is that you have a more thorough and updated virus scanning engine, possibly using several different products at once.

Researchers develop next-generation antivirus system.

On a side note, I recently learned that Ruby treats zero as a true value. I find that rather irritating.