How unique and traceable is your browser? A lot more than you realise. This research project from the EFF looks at various characteristics from your browser strings, and in my case when I checked, uniquely identified me in the 1 million plus tests done so far.... Interesting privacy implications given that some companies on the web are starting to use this to track users uniquely across sites...
Just read an interesting article on Ars about hacking ATM's at the recent BlackHat conference.
Reading it reminded me about how important the basic foundations are in IT security. Get the physical security right first, in this case the ATM's used the same $10 security key available from eBay for all machines to increase usability. Then make sure you properly test before you release your software, product, or system. The hack on one machine could be stopped by reducing the attack surface and stopping the remote access facility... or ensuring that only signed code could be run.
It's not secure if you haven't tested!
We are in the process of revising the patterns in the library to ensure they are consistent, and simplify where possible. One idea is that we should create a few additional modules to reduce the number of controls that are specified on each pattern.
The set of modules could be:
- DMZ- new module to show standard DMZ environment for hosting applications or connections to untrusted networks or systems
- High Security Network Zone- new module to show high security environment for hosting sensitive applications such as Finance and HR systems, Payment processing, Source code repository etc
- Information Security Management System- new module for the baseline controls required for IS management of environment
- Client- existing module that shows baseline set of controls for clients
- Server- existing module that shows baseline set of controls for servers
Hoping to make some progress on these in the next month or so. Drop us a line if you want to contribute.