Kudos to Netflix
You gotta love it when you hear about a company that finds out they have a potential security issue and they fix it BEFORE it becomes a problem and BEFORE it even becomes public. I'd love to see more companies be this proactive instead of the trend of many to deny a problem and hope that we are dumb enough to think it will go away on it's own.
The Week of the Trojan
I posted on Monday about the McDonalds MP3 Trojan and since then there have at least 2 others that have made the news. One was a mistake and the other was probably intentional. Apple shipped some of their popular IPODS with a Windows virus. The thing that gets my goat about this is that in what has become typical Apple fashion they don't just admit that there is a problem they have to attack someone else. In this case they put in a jab at Microsoft saying "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it," compare this to the Netflix story above. The other story is a website promoting the zcodec was actually a trojan. This one was probably meant to be malicious from the start.
Microsoft and Privacy
I'm not sure how I feel about this yet. Microsoft has published their internal privacy guidelines hoping that other companies can learn from them. I'm glad that they are taking proactive steps not only internally, but also to help others. What I'm not sure about is their exact motives. Given their record of past privacy issues I can't help but think that this is a PR scheme. Even if it is if it helps others do a better job then I can live with it.
Schneier's Top Ten Security Trends To Watch
Here is a link to Bruce Schneier's Top Ten List that he spoke about at Hack in the Box a couple of months ago. As usual he has good insight and I'm not here to dispute any of the things on his list. I did want to comment on number 10. He says that Regulations will drive security audits. I think we all agree with this and know it to be true. This is why I think it is so important that we have a good understanding of the various regulations that affect our business. Maybe I'm preaching to the choir here, but I know too many security professionals who think that regulations are a different group in the company and they don't have to know them. They are looking for trouble.