Why geek get togethers are important (security security security)

Why geek get togethers are important (security security security).

Getting
together with other geeks has been part of this industry for more than
30 years and it's no less important today than it was back in the mid
70s when Wozniak showed his Apple I to the Homebrew Computer Society in
Silicon Valley.

Today I had another example of that.

They are a way to warn companies and insiders of things that they are doing wrong.

Several discussions today centered on phishing, spyware, malware, viruses, and worms. Dave Winer said
something real important “I can't trust my computer anymore.” I hope
I'm quoting him correctly, but he's recently been hit with spyware and
can't get rid of it. Unfortunately I didn't get a look at his computer
this week, so couldn't debug it.

Chris Pirillo, in his blog “why Microsoft is going to lose the OS wars” nails it home again.

Dan Appleman is one guy doing something about it. He has a quiz
that very few people in this industry get completely correct. It sure
shocked me (and at the geek dinner a week ago where he gave a talk it
shocked most of the people who came). His book, Always Use Protection: A Teen's Guide to Safe Computing,
opened my eyes to what is really going on out there and just how much
work we need to do (it's a book that everyone should read, but probably
won't).

Yes, Windows XP Service Pack 2
improves things quite a bit, but you still need to practice safe
computing. Appleman's book shows that teenagers are actually turning
off their firewalls (to play networked games) and getting their
identities stolen at a huge rate (and in a way that you might not
expect — teenagers share computers with other teenagers quite readily)
because of the way that they use their computers and also because of
their familiarity with computers.

One thing I'm doing is learning about “good enough” security. Dan
Appleman and I have spent a bit of time recently talking about what
that is. Dan says that if computers are houses that most people's
computers are run akin to leaving the door open and putting a sign on
the front lawn saying “I have cool stuff, come in and get it.” He
thinks it is far more important to simply get people to lock their
doors and windows at night than to build Fort Knox around your
computer, the way many security experts want you to.

Also, Dana Epp,
another great security expert, has been yelling and screaming at me for
running in administrator mode, so we're going to do a “security
makeover” on me soon.

One other thing I learned recently: if at all possible keep a
hardware firewall (or a NAT, like what I'm using here) between you and
everyone else. That's hard to do at Starbucks or hotels, but I've been
hearing of people buying new machines, plugging them into the corporate
network at where they work, and getting viruses. Why? Because those are
unpatched machines and corporate networks are open to the public
Internet. Dan says that university networks are far worse, too, so if
you're sending your kid off to school this fall you need to make sure
they are protected.

How about you? Who's doing the best security work out there today?
What rules do you follow? How do you protect yourself? Certainly
visiting microsoft.com/protect is
a good start, but we need to do more. What's even more troubling is
that as our computers get more secure the bad guys are switching to
social attacks like phishing. I've gotten emails that look exactly like
they were from eBay or my brokerage house — but they weren't, they
were fake emails aimed at fooling me into clicking on them and putting
in my passwords and personal information. So, not only do we need to
become computer security experts but we need to be far more educated
about what to believe and what to click on.

Oh, and yes, I expect the “switch to Macintosh or Linux” comments.
But that won't protect you from a phish (social) attack, and those
systems have security problems that are exposed every week too, so that
clearly isn't the answer. Heck, I linked to Chris Pirillo's post where
he said to switch to a Macintosh above. I'm not switching, though, and
anyone in the same boat as me needs to be protected.

Dan told me that we need both education and infrastructure changes.
He likened computer users to drivers. Drivers, he said, in the early
days didn't need to worry about safety laws or traffic limits. There
were none. But, as more cars got on the road the world became a more
dangerous place. So, drivers needed more education to safely operate
their vehicles. Automakers, too, needed more safety mechanisms built
in. I remember as a kid that some cars I was in didn't even have seat
belts. Today my car has three point seatbelts for all passengers and
airbags all around.

Anyway, I'm talking to everyone I meet about this stuff. Both inside
and outside of Microsoft and I'm watching the blogs for interesting
tips or discussions. Let me know if you see anything along these lines. [Scobleizer: Microsoft Geek Blogger]

Leave a comment