IPS Improving

InfoWorld reports that independent security research and testing firm NSS Labs has released its most recent “Network Intrusion Prevention System (IPS) Comparative Group Test Report” for the 4th quarter of 2010.  A 2009 report found that security effectiveness ranged from a very poor 17.3% to a high of 89.5%.  Many of the previous year’s failures were due to vendors’ inability to detect and handle IDS/IPS evasion techniques.




NSS Labs has found significant improvements:

  • Security effectiveness, using the default factory-shipped settings, rose to 62%.  Be careful though, some default settings reached a mere 31% effectiveness.
  • A number of multi-function gateways rose to comparable effectiveness as dedicated network IPS gear.
  • Tuning is still required, adding an average increase of 21% more protection.
  • The improvements in security came with a price.  Performance of these devices decreased overall.  One vendor reached only 3 % of its advertised throughput.

Gear from Check Point, Endace, Fortinet, IBM, Juniper, McAfee M-8000, NSFOCUS, Palo Alto Networks, Sourcefire, and Stonesoft were tested.



Jan Microsoft Tuesday

As predicted, 2 patches, 3 vulnerabilities. 

Both are Remote Code Execution and both have exploit code available. 

SANS has the write-up, as usual.

Patch time, git ‘er done.

The Web Will Be “Gamified”

Gamification is the concept that you can apply basic elements that make games fun and engaging to things that are not typically considered games.  Gamify.com is set to soon launch a platform to help build ‘gamified’ Web sites to drum up some interest.  Gamify.com & Gamify.org are useful resources, and worth reading if you have an interest in online trends.

I’ve seen the concept applied to communications forums in the guise of leaderboards and badges, marketing campaigns, and even loyalty programs.  Interesting idea for developing into future Security Portals and Security Awareness sites. 

Be the first on your block to master Level-1 Security Concepts and earn your ID-10-T badge!  (Well, maybe not that…)

Stats Canada Security Breaches

Stats Canada is taking some heat from the Toronto Sun today.  “Internal reports obtained through Access to Information reveal a number of incidents in the past five years where the federal information-gathering agency has probed and quietly done damage control on security lapses.”




Recent Examples:

  • OCT. 2010: Purolator envelope containing 11 unencrypted, non-password-protected CDs for the Vital Statistics Program in Alberta addressed to Ottawa head office sent July 9, 2010 is discovered missing. It contains more than 21,000 electronic images of confidential information about individual birth, death, stillbirth and marriage registrations. It is found Nov. 30, 2010 locked in a rarely-used filing cabinet.
  • SEPT. 2009: Stats Can library’s password access protocol constitutes “major security breach.”
  • DEC. 2008: A briefcase with documents and personal notes is stolen from the car of an interviewer from Quebec. Confidential addresses of respondents were included.
  • JULY 2008: An error in transmission meant e-mails of 108 subscribers of Health Reports notifications were “inadvertently revealed” to all recipients of message – constituting a breach of Privacy Act and Stats Can policy.
  • JUNE 2008: Stats Can is informed that on Feb. 12, 2008 Surrey RCMP and Canada Post recovered completed 2006 census questionnaires from a private residence in a bust of a major identity theft ring. Other items included equipment related to credit card/ID theft, drivers’ licences, 3,000 pieces of stolen mail, government-issued cheques, fake currency and more than 100 CDs with thousands of personal data profiles. Census questionnaires were not in the hands of census staff – it is believed they were obtained by tipping mailboxes or break-ins to homes and cars.
  • AUG. 2007: A laptop containing personal information about individuals who participated in the Labour Force Survey or Canadian Community Health Survey is stolen from the residence of an employee in Abbotsford, BC. Password was written on a sticky note stored in laptop case. Police called, affected people are informed and interviewer receives verbal reprimand.
  • JUNE 2007: Laptop with three completed household spending surveys stolen in home break-in in Delta, B.C.
  • MARCH 2007: Edmonton regional office reports two laptop thefts from field interviewers’ vehicles. Staff are reminded about protocol for securing material.
  • MARCH 2007: Privacy Commissioner’s office advised of inadvertent disclosure and loss of personal info after surplus filing cabinets with Records of Employment about 66 2006 census workers were sold at a Crown Assets Auction in Edmonton. Affected individuals are contacted and Stats Can implements more stringent procedures to avoid a recurrence.
  • JULY 2006: Enumerator leaves completed questionnaire instead of blank at Scarborough, Ont. respondent’s home.
  • APRIL 2005: Blank forms faxed to a business include additional pages of confidential information related to two other businesses. Staff receive retraining and posters/notices are displayed as reminders.
  • FEB. 2005: Marketing information collected for one user is reviewed by another user and possibly four other unknown individuals in a Corporations Returns Act survey.
  • FEB. 2005: Laptop being shipped from Williams Lake, B.C. to Edmonton containing 23 Survey of Household Spending cases – including 11 completed ones – goes missing. A flurry of e-mails ensues among senior managers at Stats Can and officials “pester” Canada Post to find the lost item. Confidential statistical info is encrypted. Laptop is found two weeks later.


Hungry? Ewwwww

Scientists in the Netherlands have discovered that insects produce significantly less greenhouse gas per kilogram of meat than cattle or pigs.  Their study, published in the online journal PLoS One, suggests that a move towards insect farming could result in a more sustainable – and affordable – form of meat production…

Ready for a Big Mac?  Want flies with that?


Canadian Internet Use To Cost More

According to CBC News, Surfing the internet is about to become a little more expensive for many Canadians as Shaw and Primus have announced plans to join Bell & Rogers in imposing new fees and caps on internet usage.  Customers who download a lot of data will begin seeing higher fees beginning Feb. 1.  Primus rents bandwidth on Bell’s networks and said Bell is inflating the costs for everyone, including them.  “It’s not meant to recover costs.  In fact these charges that Bell has levied are many, many, many times what it costs to actually deliver it.'”