Video: Striking Back at Cell Phone Thieves

In the DEMOfall pavilion I had the chance to speak to the CEO of a company that put on one of the more entertaining presentations of Day 1 at DEMOfall 08.

Maverick Mobile Solutions demoed Maverick Secure Mobile, an application that protects data on stolen cell phones and then makes it possible to monitor and strike back at the thief remotely.

In this video I talk to Maverick Mobile Solutions CEO Sujit Jain about this intriguing application.

Live from DEMOfall: Security and Mobility Rule the Afternoon

The afternoon session of Day One at DEMOfall featured a discussion on technology by the Wall Street Journal's Walt Mossberg and Kara Swisher, as well as a number of presentations about new products.

By far the presentation that got the biggest reaction from the crowd was Maverick Secure Mobile by Maverick Mobile Solutions. The product is a mobile device security solution with a bit of a revenge streak. When installed on a phone, it can protect the data on a stolen phone, encrypting it and also letting users remotely retrieve their contacts. However, the product also makes it possible to strike back at the phone thief by monitoring and logging their calls and text messages, disabling the phone, and even making the phone emit an alarm and display a message telling the thief to return the phone.

Other interesting presentations from the afternoon session included g.ho.st, the Web-based virtual computing platform that has added mobile device support, and Usable Security Systems, which demoed UsableLogin, a very user friendly and secure solution for managing web-based passwords.

IE 8's Private Progress

Click here to see the screenshots

REVIEW: Beta 2 of Internet Explorer 8 shows promise with strong privacy controls and new usability features.

Despite its market dominance, Internet Explorer has been in many ways the browser that was left behind. IE 6 has lasted well beyond its freshness date and IE 7 was at best a small upgrade that still left the Microsoft browser behind competitors.

But based on initial tests of Beta 2 of Internet Explorer 8, it looks like Microsoft may be on track to release the first significantly improved version of its browser since the release of IE 5 in 1999. IE 8 Beta 2 includes many new features that improve the usability, stability and security of the browser and while many of the new capabilities are basically Microsoft playing catch-up to Firefox and Opera, IE 8 actually showcases a few browsing innovations of its own.

Of course, keep in mind that this is definitely a beta and in the first few days of testing IE 8 Beta 2 has proven to be very unstable (though I did a get a very good and frequent look at the new tab and site recovery features), and a surprisingly large number of popular Web sites needed to be viewed in the browser's IE 7 compatibility mode. Because of this I recommend that only Web developers and the technically curious try out this beta and anyone needing to do serious work with a stable browser should stay well away.

Online Identities: Forgotten but Not Dead

Nowadays there's a lot of concern and discussion about identities, about how to manage them and keep them secure and private. But there are some identities that many people are forgetting about. And that's no surprise, because the identities I'm talking about are clearly "forgotten identities."

As someone who has been testing and using web-based services and applications since the early 1990's, I've signed up for and created user accounts on easily a thousand different services. And in most cases I use these services for a short time and then never return.

But what happens to these forgotten accounts? Do they get deleted? Especially in the cases where I ask a service to remove an account? Or do they sit around forever?

In most cases they sit around forever, in fact in many services, such as Facebook, it is impossible to delete an account. And the fact that we all have these forgotten but not dead accounts could add up to trouble.

This Week In Emerging Technology - July 24th

Here are the emerging technologies stories for the week of July 21st.

Put the CPU in the Fridge - An interesting project at Purdue University where researchers are working on a terchnique to use micro components to refrigerate PC processors.

Highly Predictive Security - The folks over at SANS and SRI will be presenting a service that uses detailed analysis methodologies and DShield to improve network blacklisting techniques.

Your Next Gadget CPU - Intel is talking about their next line of system on a chip processors which are destined for the next generation of gadgets.

The Future Rosie the Robot - A French company is offering a humanoid robot at a comparatively low price. Though still very high for essentially a toy.

DMCA Takedown Shakedown

As a company IT manager your job is plenty hectic enough as it is, and the last thing you need to deal with are threats and legal notices from movie studios and record companies. So you've put in place strict usage policies that all employees must follow, policies that forbid the use of file-sharing applications and the illegal downloading of copyrighted materials.

For a while this seems to work, but then one day it arrives: a dreaded DMCA (Digital Millennium Copyright Act) takedown notice claiming that an IP address in your company network was caught downloading the latest Indiana Jones movie. That's it, you decide; this person is going to pay for breaking company policy and, worse, putting you through all this hassle.

So you track down the IP address and find the culprit. It's your networked HP printer. Guess you didn't know it was such a big Harrison Ford fan.

Video: Discussing the Challenges of the Internet

Click here to watch the video

At the Berkman@10 conference at Harvard, I had a chance to speak to some of the many attendees and speakers at the conference about the challenges facing the internet today and in the near future.

Phillip Hallam-Baker, author of the dotCrime Manifesto, says stability is the missing ingredient in the Internet in the fight against Internet crime; Kathy Higgins, Educational Technologies, Dept. of Education, N.H., sees a shift to more use of social networking and community voices gaining traction; and Dr. Jim Morris if Carnegie Mellon University comments on the battlegrounds forming for the soul of the Internet.

Click here to see the video of these interviews at Berman@10 about the fate of the Internet.

Protecting Your Site from Google Hacks

Most people understand that if there is information visible on the Web, then Google knows about it. But what about the information that many people think is invisible? Chances are, Google knows about that too.

That's because many Web sites, including big corporate sites, expose much more information than they realize. Everything from customer credit information to administrator passwords has turned up in Google searches.

In corporate Web security, this is clearly a serious problem. But many companies pay little attention to it because they don't know how to perform the Google hacks that can find this sensitive information. Until now of course.

GoolagScanner is a free open-source tool from the Cult of the Dead Cow that makes it possible for Web site administrators and security personnel to quickly perform tests to see if their sites are exposing sensitive information to complex Google searches. The tool is mainly based on Johnny Long's Google Hacking Database, which lists all of the potential Google hacks (or googledorks, as he calls them) that can be used to find sensitive information on Web sites.

Don't Waste Good Security Practices

Stop using anti-virus and patch management systems! They don't work and they are a waste of time and, worse, a waste of money. OK, I'm kidding. I would never say that.

But John Stewart, Cisco's chief security officer, would. At the AusCERT (Australian Computer Emergency Response Team) conference in Australia May 19 to 23, Stewart essentially said money spent on anti-virus and patch management is completely wasted.

Now, it's true that using anti-virus and patching systems is really just the most basic first step to security and shouldn't by any means be seen as a complete security solution. But saying that it's a waste to even use anti-virus and patch management is sort of like saying it's a waste to have locks on the door of your car because any serious crook can get by them.

Just as leaving your car door open with the keys in the ignition is an invitation to any passing thief, unpatched and unprotected PCs are an open invitation to any viruses or malware passing by, even ones that are old and would be easily stopped by patching and anti-virus. Just because your company could still fall prey to more advanced malware and bad guys doesn't mean you also want to have all your systems polluted by things that could have been easily prevented.

Fighting Botnets with Botnets

When it comes to defending technology assets against malicious hackers and other bad guys, I've always been a firm believer in understanding and even using the tools and tactics of the enemy.

In most cases, this means having familiarity and even a working knowledge of the tools and methods that are used to scan and compromise networks and systems. But I've also been in favor of more proactive means of protection, from the use of tarpits and honey pots to the use of good worms to seek out and patch systems with holes that could be exploited by attackers and worms.

So it should be understandable that I was very, very interested in a paper that was presented at the recent USENIX Symposium. This paper, by several researchers at the University of Washington, advocates the creation and use of friendly botnets in order to slow down and even stop the evil botnets that are used to attack and bring down Web sites and servers.