good advice or candy from strangers? a field guide to the security internet
DESCRIPTION
Good Advice or Candy from Strangers? A Field Guide to the Security Internet. Hart Rossman, SAIC Bob Mahoney, Zanshin Security 2/6/07 - CONS-108. Intro. Who we are: Hart Rossman, Chief Security Technologist, SAIC, Enterprise Security Solutions Bob Mahoney, President, Zanshin Security. - PowerPoint PPT PresentationTRANSCRIPT
Good Advice or Candy from Strangers? A Field Guide to the Security Internet
Hart Rossman, SAICBob Mahoney, Zanshin Security
2/6/07 - CONS-108
Insert presenter logo her on slide master
Intro
Who we are:
• Hart Rossman, Chief Security Technologist, SAIC, Enterprise Security Solutions
• Bob Mahoney, President, Zanshin Security
Insert presenter logo her on slide master
The Problem Statement
Security blogs, podcasts, vlogs, and wiki have become significant channels for industry news, analysis, and advice. As they continue to multiply, their accuracy, technical depth, and bias all become issues. We will consider author expertise and the impact of corporate bias to draw conclusions about these channels & offer insights to consumers and providers on how to best utilize these new media.
Insert presenter logo her on slide master
Disclaimer!
• We'll mention some sites or specific resources, but unless we explicitly say otherwise:
— We do not have an opinion on their trustworthiness, utility, or performance.
— We don’t know anyone personally, but we feel sure their mothers love them.
— Every cloud has a silver lining.
Insert presenter logo her on slide master
Some Terms
• Blogs, vlogs, podcasts, linklogs…
• RSS Feeds and Aggregators
• Tags and Metadata
• Blogrolls, Permalinks, & Trackbacks
• Marketing: SEM/SEO, Astroturf
• Authority
• Wikis
• Social Networking
• Invisible Web/Deep Web
• Anonymous and Pseudonymous channels
• Open Source Intelligence
• Stability
Insert presenter logo her on slide master
• Public Interest [Internet and Online Privacy]
• Vendors [Defense-in-Depth Guide]
• Consumers [Identity Theft Resources]
• Info outlets [Industry Media- Magazines and Blogs]
• Security Community [Groups like FIRST]
• Niche community sources [Private Mailing Lists, etc]
• The Individual [You!]
Points of View
Insert presenter logo her on slide master
Sources
• Technorati
• Del.icio.us
• iTunes Podcast Directory
• Feedburner
• Podcast.net
• Podcastalley.com
• Yahoo Podcasts
• Podcastdirectory.com
• Wikipedia.com
Insert presenter logo her on slide master
• Del.icio.us
• Technorati
• Feedburner
• iTunes Podcast Directory
• Many others…
Sources
Where do people go to look for information?
Insert presenter logo her on slide master
1. Attempt to discover relevant blogs, wiki, and podcasts
2. Review academic research
3. Identify non-obvious bias or influencing factors
4. Compare treatments of similar issues or events across resources
5. Compare accuracy or discernible foresight across resources & time
6. Draw anecdotal conclusions
Methodology: What We Did
Insert presenter logo her on slide master
Raw Data
• Google Searches— 251,000,000 results returned for Security Blog. #1 is Schneier on Security blog
— 48,000,000 results returned for Security Podcast. #1 is Network Security Podcast (mckeay.net)
— 365,000 results returned for Security Vidcast. #1 is del.icio.us/cdorian/vidcast
— 1,140,000 results returned for Security Videocast. #1 is thenewsshow.tv
— 45,000,000 results returned for Security Wiki. #1 is en.wikipedia.org/wiki/Security
• iTunes— Podcast hits for "security": 138
— Actually related to security as we think of it: About 100 Hard to classify the "DJs and Bands from the Black & White Ball" from DEFCON…
• Podfeed.net: 20 items tagged "security”.
• Del.icio.us: — 1115 hits for "security podcast" (But many dupes)
— "security blog" gave up over 10,000 (but again, many duplicates)
Insert presenter logo her on slide master
Technorati: Blog Directory
• 64 results for Information Security. Most “authoritative”: “7.62mm Justice” followed by “Digital Common Sense”.
• 48 results for Computer Security. Most authoritative”: “7.62mm Justice” followed by “El Blog de Loretahur”.— #10 is http://go-symantec.blogspot.com/, run by VirtualGrafitti.com which
also runs: MXMailWorks.com - MX Logic, CPGuard.com - CP Secure, IronPort - IronProtector.com, NetworkScreen.co... - Juniper Networks, SCDefense.com -
Secure Computing, EiconWorks.com - Eicon, WideEyeSecurity - eEye Digital Security, CloudGuard.com - Cloudmark, APCGuard - APC, ThreatDefender.c... - St. Bernard, AstaroGuard.com - Astaro, PortProtector.com - Safend, OptimizedWan.com - Exinda, CymphonixWorks.com- Cymphonix, GuardBotz.com - NetBotz, ShaperWorks.com - Packeteer, EdgeDefender.com - Metavize, SSLGuard.com - AEP Networks
• 1 result for CERT: SchultzNY.net
• 105 results for Hacker. #3 is StillSecure’s blog
• 6 results for RSA. #2 is RSA’s blog
*Authority= Unique inbound links
Insert presenter logo her on slide master
Technorati: Blogosphere
• 38,689 results for Information Security with “ A LOT” of authority
— #6 is Instapundit (??)
• 12,845 results for Computer Security with “A LOT” of authority
— If you dig deep, you’ll find articles from well known sources & “hackers”
• 1,254 results for CERT with “A LOT” of authority
— #4 CERIAS (cerias.purdue.edu)
• 6,051 results for Hacker with “A LOT” of authority
• 1,054 results for RSA with “A LOT” of authority
— Schneier is #44
Insert presenter logo her on slide master
Logic & Rhetoric
• “Being Logical: A Guide To Good Thinking”by D. Q. McInerny discusses 28 forms of illogical thinking or fallacies
• We’d like to highlight a few dangerous ones in the security blogosphere:
— Denying the Antecedent/Affirming the Consequent
— False Assumptions/Straw-man Fallacy
— The Democratic Fallacy
— The Uses and Abuses of Expertise
Insert presenter logo her on slide master
• “FTC Moves to Unmask Word-of-Mouth Marketing”
• Word of Mouth Marketing Association:
— Ethics Code
— Ethics Assessment Tool
— Ethical Blogger Contact Guide
• Disclosure & Transparency
— Journalistically
— Semantically
Ethics
Insert presenter logo her on slide master
• You KNOW there will be an MS08-001 vulnerability, so:
— Set a google news alert for that string.
— Track likely tags ("ms08") at places like del.icio.us
— Do the same for any specific software you might have in your critical operation
• Feed Aggregators
• News & Meme trackers
• HUMINT- Let your online social network know what you’re interested in
Roll-your-own Open Source Intelligence
Insert presenter logo her on slide master
Ethics: Some Examples
• Disclosure & Transparency
— /Message (http://www.stoweboyd.com/disclosure/)
— Edelman PR, “Working Families For Wal-mart” campaign (http://www.edelman.com/speak_up/blog/archives/2006/10/a_commitment.html)
— Mini-Microsoft (http://minimsft.blogspot.com/)
— Lonelygirl15 (http://www.youtube.com/profile?user=lonelygirl15)
— Mac wireless controversy (http://daringfireball.net/2006/08/curious_case)
— Digg/Netscape Controversy
Insert presenter logo her on slide master
User Considerations
• Detecting Conflict of Interest is hard
— http://www2006.org/programme/files/xhtml/4068/p4068-aleman-meza.html
• Support your investments; frequent “official” news sources
— Encourage transparency, timeliness, and accuracy
• Cultivate a repertoire of 3rd party sources and share them
— Peer review
— OPML exchange
• Participate in the “conversation”!
• Learn to speed read.
Insert presenter logo her on slide master
Metrics
• Stability vs last edit for wiki entries
• Inbound links (permalinks)
• Ranking in public directories
• RSS & mailing list subscriptions
• “Accuracy”
• Frequency of new content
• Degree of insularity in the social network
• OPML popularity & Meme tracking
Insert presenter logo her on slide master
Creating Effective Communities
• Produce logical arguments and quality content
• Exchange Links
• Utilize Trackback links
• Peer Review
• Publish directories
• Form associations
• Promote accurate and positive memes
Insert presenter logo her on slide master
Additional Resources
• Tag: CFS07
• http://del.icio.us/tag/cfs07