We’re located in the northern Virginia area – where Friday night brought a derecho which is basically a hurricane on land. Unfortunately, our county lost 911 service, and 3 days later, it’s still not quite back up. The 911 service is run by Verizon, which said that both primary and backup power was lost. Amazon Web Services lost Netflix, Foursquare, Pinterest, and other sites. So – assuming that these services were in a traditional data center, what happened? These buildings are supposed to have backup generators – why didn’t they kick in? Did they not test the generators, or the ATS (automatic transfer switch)? People pay data centers for continuous power – and most offer 5 9s of power (~5[…]

While I did my thesis on this topic back in 2001, I haven’t used the knowledge or skills I gained from it much – or really at all. But I think it’s an interesting topic, and one that security folks and system administrators should at least be passingly familiar with. The technology has certainly changed since I did my thesis. When you look at an IP address or even domain name in your logs – where is that person coming from? You might need to know for forensics purposes, or even “cyberwarfare” purposes. Keep in mind that spoofing an IP address isn’t rocket science, and just knowing if the IP address in your logs is the one doing the activity[…]

The current “hot word” in security is SCADA (Supervisory Control And Data Acquisition) systems. The rumors of Russia attacking a water pump system in Illinois and the actual attack of a water treatment plant in Houston have all been in the news in the last few months. SCADA systems are used in many industrial applications – water treatment, chemical manufacturing, product manufacturing, etc. More and more industries are becoming automated with robots and all kinds of other neat technologies replacing humans (and theoretically human error). Something has to control these systems, otherwise, you’re just replacing the labor force with folks who know how to control these automation tools. But something important to take away is that SCADA systems can literally[…]

There’s a new GPGMail app – installed with GPGTools – that works on Lion: http://www.gpgtools.org/installer/index.html Unless you’ve got S/MIME set up. If you do have S/MIME set up, the bundle won’t display the settings, nor will it “work”. You’ll have a GPGMail preferences pane in Mail.app, but the only options you get are enabling OpenPGP under Composing and Reading. You’re supposed to have the choice of keys, etc. The previous GPGMail (a *long* time ago), allowed both S/MIME and OpenPGP, so this is a bit disappointing. Their bug tracker has that functionality scheduled for (possibly) version 2.1, and I’ll be trying it again at that point. There are definitely challenges to having S/MIME and OpenPGP running the same mail client.[…]

I recently acquired a new iMac at work to replace the 4yr old one I was using. The new iMac came with Lion on it, and since I had upgraded to Lion on my work machine, I went ahead and upgraded all of my home machines as well. My Macbook Air is my primary “workstation away from work”, and keeps client data. Because it does, I use FileVault on it. Under Snow Leopard, that only encrypted my home directory. Under Lion, FileVault now encrypts the entire drive, not just $HOME. However, if you upgrade, you have to explicitly convert your machine to use the new FileVault. And you need a lot of disk space to do it… I have a[…]

Let me first start off with the disclaimer that I am a CISSP and (nominally) a member of (ISC)2. I’ve been part of very few professional organizations throughout my career and college days. I even shied away from the women in engineering groups on campus, although I knew a lot of women in them. I tended towards the ad hoc, social groups instead. Blame it on the Cotillion club I was (forced to be) a part of when I was in high school, I just don’t like paying to be part of a “club”. I pay (ISC)2 only because I have to to keep my CISSP (and to other organizations for the same reason), I’m not a member because I[…]