Just a few posts and articles that I saved over the last few days.
F-Secure post on selling domain names. Pretty clever on the part of the bad guys. We need to get the word out to others to pay careful attention to what is actually in the address bar. We may not get everyone to check certificates but this is a quick and easy check.
Another good F-Secure Post related to the one above. Having more TLD's that are specific to industry would help cut down on successful phishsing.
Here is a good article that Michael Farnum wrote for ComputerWorld about the debate between much of the blogsphere (too many to list) on Zero Day vs. Less than Zero Day exploits. I've got thoughts on the whole thing, but I'm tired of reading about it and don't want to add to the fray. That goodness it is slowing down.
Bruce Schneier points us to a good write up on a better voting machine. They still have a long way to go, but I think that the right technology implemented in the right way will make voting secure and reliable. It's far from there now. If it were up to me I would pull ALL electronic voting machines for this election and go back to punch cards.
Here is 2 cents of my input on the Risk Management debate going on. I'm linking to The Mogulls post but I would recommend reading the others that he links to. Hopefully I'll get a chance to put the other 98 cents in later. I like this topic. Risk Management can't be something that is accomplished by any one group be it management or IT staff. It does take a concerted effort by many different departments in order to do it effectively. You can't expect Management to understand how to implement the technology or even to know what technology to implement. Nor can you expect IT to understand how to come to an understanding of the what and why of Risk Management. I know that many in IT do understand, but they are a small percentage of IT as a whole.
That's all for now. I'll be with vendors all day tomorrow so you may not hear from me for a couple of days.