Quantcast
103
Posts
1
Comments

About Dan Morrill

Dan Morrill runs Techwag, a site all about his views on social media, education, technology, and some of the more interesting things that happen on the internet. He works at CityU of Seattle as the Program Director for the Computer Science, Information Systems and Information Security educational programs.
Looking at Joost Beta

Finally got a chance to install and look at Joost Beta, and it might just end up being the killer app.

Strategy Before Tactics

If you have no defined strategy then what ever tactics you employ probably won’t meet your goals. How many of us in the information security business bought a product, tool, policy or process from a company because we needed to meet a legal requirement, a passing interest in a neat new toy, or a recommendation from a group or consultant without really visualizing how it will fit into our strategic and tactical goals for the company?

Crook’s Apology to the Internet

In a sweeping court enforced statement to the internet Michael Crook apologies to the internet for abusing the DMCA.

While this probably would not have been done to a major corporation, the issues with copyright continue on unabated, the EFF and 10ZenMonkies have gotten an admission from one of the internet’s more notorious personalities. The reputation that Mike has on the internet (for those that follow the darker seamier sides of the internet) is not a positive one, and is generally held in disregard.

Public Affairs via Web 2.0

Everyone who owns a forum, a blog, a bulletin board or otherwise knows that to accept user content is to monitor what that user content. Does it makes sense for the web site, is the content that the user supplies something that fits in, makes sense, and is appropriate.

We have heard about all the spamming that happens in these systems, but a larger question posed by CIO today is:

Reputation 1.0 – Complications

Recently I wrote that whoever coded for Reputation 1.0 would own Web 3.0; this is the second part in a series that addresses the issues of "internet reputation"

Web 3.0 (the Semantic Web)

Innovation in making data relevant to the one or two words that we type into a search engine is Web 2.0. Adding to the plethora of data is the advent of social networking, Ajax; shared apps across the back end internet cloud, there are already frameworks that are proposed in making Web 3.0 and reputation 1.0 reliable in the greater context of the internet.

Reputation 1.0 Not Working Yet

Media 2.0 meets Reputation 1.0, the interoperability is a little shoddy, but hey, that never stopped us before.

Web 2.0 and Information Security

All it takes is one person

As we move the common denominator down to make web2.0 appealing, we run the risks of more social engineering attacks. There is so much technology out there, that trying to figure out how all of it works, and how all of it can be made to work safely is an entire industry vertical for information security.

Quick Ajax Training

TechNet Ajax web casts have a ton of Ajax related training videos that can help out security folks, and developer folks better yet, it’s all free.

If you have never used or taken a TechNet web cast, and if you are interested in Ajax, and what Ajax can do for you, this is a great place to start to get your feet wet. The link is here.

Scoble’s Corporate Weblog Manifesto

Rules to at least read and get to know better, blogging on any level means that you are claiming to be an expert in something, even if you are an expert in rambling about the iniquities of life.

People do read what you say, and they form an opinion of the company you work for, or even just you when they read your weblog/blog or other communications. If you are corporate blogging you are the window to the world, you are a direct representative of that company when you blog.

Wrong About Google Apps

Sometimes I just get it plain old wrong.

Yesterday’s entry on using Google Apps as a risk management decision, and then to consult your internal legal team.

Then as one reader pointed out, the idea was sound, but then I advocated using Drupal and Linux on any old shared environment. So basically, I advocated against Google Apps, and then said to do the same thing that Google Apps do, which is provide a shared collaborative environment that the company does not control by buying some 5 dollar a month hosting company.

Will Joost Live Up to the Hype?

Lots of promise, the hype is there, will it make it, and what will the impacts on the corporate network be?

The folks who brought you Kazaa, and then Skype are taking a long hard look at IPTV, and will most likely shape how that media channel will look for the next 4 or 5 years. I have applied for a Joost beta key, but have yet to get one (so hint, if anyone has a joost beta key that they don’t want, let me know, no its not worth money to me).

Google Apps and Risk Management

Risk management is a huge portion of information security; we gauge risk and in many cases accept risk because we can’t build a ROI on the technology or issue.

However, Google Desktop Applications, or Google Apps is a risky decision to be making, small company or big company it does not matter, it’s a risk, and here are the risks involved.

Social Networking: Redux

Sites like Stumbled Upon, Digg, Reddit, and others might drive traffic, but the issues remain the same, who is really clicking on those recommendations?

Citizen Journalism, Blogging, Web 2.0, Democracy Player and management systems, Podcasts, and the whole host of other systems that we use to communicate with each other also drive other social issues and concerns.

Infosec and Corporate Blogging

Zeltzer and Villafranco have probably the most coherent list of Do’s and Don’ts when it comes to corporate blogging out there, its an absolute must read.

The Law.com has a great listing of Do’s and Don’ts when it comes to Corporate Blogging out there. Here are two don’ts that I have seen in a lot of corporate blogs that defy the imagination for being out there.

Action or Inaction

Why is it so hard to make a decision in business? Business requires that people make decisions, and every decision is a risk in some form or another, yet as we deal with business risk management, it seems that management has become more paralyzed by managing risk to such a point that decisions often go unmade.

Project managers dealing with this kind of problem often have to go to great lengths and burn work cycles just to get someone to commit either for or against a project or work.

Novell Could Loose Access To New Linux Versions

Make a deal with a big closed source company and the FSF (Free Software Foundation) may pull your access rights to Linux Distro’s. At least that is what Novell is facing this week.

When The Paranoia Meter Pops

Bad security days happen, when the paranoia meter pegs and there is no substantiating facts behind it, some days it’s bad to be a paid paranoiac.

Review: SpiDynamics Web Inspect

Every once in a while, you run into a tool that becomes an essential member of your tool kit, like snort for IDS, Nessus for scanning a network, the new version of Web Inspect by SpiDynamics has become just as essential.

Security Event Manager Review

Over the last few months I have been fortunate to beta test, or test a number of information security tools to see how well they would work in a high volume environment.

What is it with These Recruiters?

I love recruiters, they form a very important niche in our economy, they call people, and they ask them if they would be interested in a job, but are they paying attention to what people want?

Specializations for Outsourcing

Google’s in the press again, and this time about information security, and a host of other “specializations” that can be, and maybe should be outsourced.

Good Information Security Resources

The month of Apple Bugs is just about over with, and the Month of Kernel bugs is over with, but still the zero day tracker keeps on plugging along and giving out some interesting information that is of a lot of use.

Corporate Email Wanders

Technewsworld is running a story on company personnel who forward company e-mail to their MSN, Google, Yahoo, or other hosted e-mail accounts.