Category: Security

SSD Sadness (and the Cloud to the rescue)

My first SSD, a 60Gb OCZ Vertex II ceased to be last week. I didn’t take “no moving parts” to mean “no pulse”. This wasn’t the vague threat of “SSD wearing” – but simple undetectable dead drive.

Luckily, I sync most of my data to the cloud, so the interruption was inconvenient, but not catastrophic.

SSD’s – great new tools, but they still fail. I mustn’t get complacent.

Unfortunately everything on my desktop was gone. The most commonly used “workspace” – but it doesn’t sync readily to the cloud. There goes quite a few hours work. I’ve since made a simple script to copy the desktop to the cloud folder each night – at least that will reduce the future impact to just a day’s work.

It did certainly get me to thinking though. A free consumer cloud service just saved my bacon (as I always hoped it would). How many of my customers are using this? It complies with no corporate standard, but offers so much value. And I have nothing that can compare or compete. Sure, I could buy some products, and run my own PC backup service. I doubt it would compare for features or functionality.

So, again we have the balance between great user experience, and poor corporate compliance.

I firmly believe the user experience wins in the long run. This has been proven time and again. PC’s proved it over IBM. Windows over Novell. Apple is busy proving it again.

So how is an IT team to meet yesterdays compliance requirements in tomorrows user driven world?

Microsoft Please Please KILL Share Permissions

It’s been 15 years or more since Microsoft launched Windows NT. No one has used a Windows 3.11 Server in production since Windows 2000 was around.

So why oh why do we still have share permissions in W2K3 and Longhorn? All they do is confuse Administrators and allow for weird security configurations and the problems that come with them. I frequently see mismatched configurations, confusion over remote and local access or confusion over other sharing methods such as HTTP.

There is a small supportive argument or them that goes along the lines of “but what if the NTFS permissions are wrong”. Well, lets look at the failure mechanisms.

1. Attacker has User Account and Password – Share permissions do nothing that NTFS wouldn’t – “All your base are belong to us”

2. NTFS vulnerability found – After this many years, I trust the NTFS ACL’s far more than I trust the Share Permission controls.

3. Mis-configuration of NTFS Permissions – This is generally due to an inadequate design for management of the user groups and permissions. If your change control is inadequate, Share Permissions are not going to save you. I’m working on a paper at the moment to smooth this problem out.

Microsoft, please get rid of them, they are a legacy solution that confuses many administrators.

In the meantime – Share Permission – EVERYONE FULL CONTROL

MS Office team to be shot – MS Project 2003 Auth

I firmly believe one of the reasons MS holds the position they do is due to their control of the Directory, and their integration with it. MS thought so once too, and tried to extend it to the Internet with Passport.

So why oh why then does this MS product NOT support any of the normal UI’s for authentication.

MS Project 2003 Professional connecting to a MS Project Server 2003.

It gives the option of connecting with your domain account, or using a “Project Server Account”. Here comes the crunch. NEITHER of these options works on a PC that is not a domain member. There is no popup UI to ask for a password.

Now, many many projects I know of are managed by external consultants, working for other companies, with laptops managed by IT teams that are DEFINATELY NOT on our domain.

Glad to see the thinking caps went on for this one boys.

Help the Terrorists

Well despite the well publicised and highly debatable restrictions on liquids on International flights, it appears Qantas and Virgin have decided that company profits are more important the the security theatre shoved in your face everywhere else.

It is now possible for anyone to board a plane in Australia without showing ID. Known terrorists sign up here, if you are finding it difficult to travel elsewhere, we’ll happily let you on board.

You see the new Qantas electronic check in terminals allow you to type in your name and destination, presto, instant boarding pass. No ID at the desk required. No ID at Security required. No ID at the gate required. No ID on the plane required. Now I can book a ticket as anyone over the phone through a travel agency, and pay via direct deposit, so still no proof me is me.

Now I won’t wade into the pro’s / con’s of the ID debate here, Bruce is covering that just fine. What I do want to say is this.

It’s interesting that the airlines have spotted a chance to save money and jumped on it, despite all the other guff going on. I guess the difference is the other security stuff comes out of the customers pocket in airport fees, as opposed to airline profits.

I remember it used to be common to buy airline tickets from others based on gender, as it was a little obvious if Paul traveled on Paulette’s ticket. The airlines tried to stop this for years by saying a ticket was not for a seat, but “a contracted agreement between two parties”. They finally came up with the “for security reasons” excuse and forced everyone to produce ID and shut down this exercise. Now I guess the money saved on check in staff exceeds the money lost on people re-selling tickets.

Money still rules hey boys…….Â