Sean’s Blog

I though I was good about keeping my house in order when I went away for vacation.  Apparently I’ve been slacking.  ISECOM has published a Home Security Methodologies paper that is not for the faint of heart.

Some of the tips are common sense, some seem to me to be a little much, and some seem to be just insane.

Some of my favorites:

#5    If you have a safe, make sure it’s out of sight and bolted into concrete. Thieves can and will take it with them otherwise. If you don’t have one and want to buy one, get one from a hardware store far away, pay cash,carry it out yourself, and install it yourself. If there are potential thieves working there then they shouldn’t have your address. If you are really paranoid you could rent a van to pick it up so they don’t get your plate numbers. Remember that every person you involve in the process makes more people who know you have a safe.

#57    If you have a house-sitter or babysitter remove all phones in your house except the corded, main one in the central house location usable only at a standing location. This way if you need to say something in private to your child on the phone, you can be sure the sitter is not likely listening on another line. Furthermore it will make it more likely the sitter will not have a comfortable location for chatting long periods on the phone.

#65    Clean up the house, and wash down the doors, frames, and windows. Put small rip stickers (like stores use for price tags) at the base of doors that even your trusted people should not be entering. If you are snooped or robbed you want to be able to notice that something is changed or out of place.

All these and 67 more can be found here (pdf)

thanks to Brian Krebs at Security Focus for spotting this one.

Over at Security Focus, Brian Krebs has published a report from the FDIC detailing the overall trend in computer crimes for 2007.  It may look heavy, but just glancing over it provides some good data.  Although the report focuses on the financial sector mostly there are some interesting points that it makes.

Some interesting points in the report:
Read more »

Maybe you have heard of Tor, a way to anonymize your internet traffic. Maybe you have even used it. I have and occasionally do. But as it gains popularity, it becomes more important to understand the limitations of Tor and internet anonymity. Most users confuse anonymity and privacy. Tor provides anonymity, but not privacy.

If that statement is confusing to you, your not alone. Recently a Swedish security researcher set up a sniffer (a computer with a network card that captures all network traffic) on the 5 Tor servers his company ran. He ended up capturing login credentials and messages, from embassies, human rights groups and corporations.

Read more »

Bruce Schneier has penned an interesting article over at Wired in defense of leaving your wireless network unprotected. Basically his argument is that the chance of a protected network saving you from some sort of abuse is small, and that open access points are a courtesy too your neighbors.
Read more »