Interesting Links

My (occasional) co-blogger Richard has passed me some very cool links.

The first is a site that creates hashes of files in your browser. Browser #ash allows you to drag and drop files on to the page and returns their hash in MD5, SHA-1 and SHA-256. Very cool!

The second is from Security Xploded and is a great reference of the location and encryption method of the passwords stored by many Windows applications such as browsers, IM clients and email clients. The safest way to manage these passwords - don't let the application remember them....

Toys for the boys

 I think anyone working in corporate IT (and especially security) is dealing with the headaches of the 'iPad invasion' (which extends well beyond Apple's 'must-have' products to all things new and shiny).

While I can understand the clamor of users who want the newest gadgets (IT staff can be the worst offenders), there is always the need to balance the implementation of such devices with the overall security requirements of the organization.

It's easy to argue that companies should just allow BYOD policies and protect the data rather than the perimeter or the endpoint, actually implementing these changes for many organizations can be a daunting task; and expensive in terms of dollars and manpower; with the business benefits not always apparent  - in terms of productivity rather than simply goodwill.

This recent article about the trial of iPads by the Western Australian Government highlights many of the problems faced today. I am personally appalled at the parliamentarians who "threatened "industrial action" if iPads were not considered in the list of devices available as part of their laptop allowance" and who are quoted as saying: "We told them, 'If you don't give it to us, we will turn around and pass a law so you will give it to us!'".
Way to abuse your powers, jerk.

Sharing Government documents was also highlighted as a problem with parliamentarians using cloud storage service dropbox (which has had it's own security problems), claiming "We are only one FOI [Freedom of Information] request away from having to hand it over anyway...So it's not something we have been focusing on".
If that is the case, why protect any parliamentary documents at all? Post everything on a public website. Because it's not like governments ever deny FOI requests.

Threatened abuse of lawmaking powers and throwing taxpayer dollars on a device based more on marketing than an actual use-case. I'm just glad I don't live in W.A....

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme