On the subject of security…

DOD reveals viral infection:

A virus infected two computers managed by the Army Space and Missile Defense Command operating on the Defense Department’s classified Internet recently, according to Lt. Gen Larry Dodgen, head of the command.

Dodgen, speaking here at the Army Director of Information Management (DOIM) conference said two computers in the Space and Missile Defense command connected to the DOD Secret Internet Protocol Router Network (SIPRNET) were infected because they did not have any virus protection.

At the same conference, according to the article, the Army Chief Information Officer said:

Despite years of emphasis, the Army still does a poor job of protecting its information systems…. But, he added, that will change now that “information assurance is a commander’s responsibility,” not just the job of the Army’s IT establishment.

Which takes us back to the question of, “Who’s responsible?” In the Army it is the commander (THE boss). Who is responsible in your organization?

And the biggest security threat in the IT age is…

If you said “Microsoft” you wouldn’t be too far off, but according to Bruce Schneier the biggest threat in the IT age is people.

Since the beginning of time, people have always been the biggest security threat. That hasn’t changed because of computers. People are why firewalls are invariably misconfigured. They’re why social engineering works. They’re why good security products are rarely deployed properly. Securing the computer and network is hard, but it’s much easier than securing the person sitting on the chair in front of the monitor.

“So, who is responsible for security?” you may ask. According to Schneier, in an interview at Neowin.net:

Right now, no one is responsible; that’s part of the problem. In the abstract, everyone is responsible…but that’s not a fair answer. In the end, we all pay. The question really is: what’s the most efficient way to assign responsibility? Or: what allocation of responsibility results in the most cost-effective security solutions?

We can’t survive with a solution that makes the user responsible, because users don’t have the knowledge and expertise to be responsible. The sysadmins have more knowledge and expertise, but they too are overwhelmed by the sheer amount of security nonsense they have to deal with. The only way to solve the security problem is to get to the root of it, and the roots are in the software packages themselves. Right now, software vendors bear no liability for the software vulnerabilities in their products. Changing that would put enormous economic pressure on software vendors, and improve computer security faster and cheaper than anything else we can do. I’ve written about this here.

Other topics addressed in the interview include a brief discussion of Microsoft (and why they aren’t overly interested in making a secure product) and his thoughts on what systems/apps are better from a security standpoint.

I’ve been a reader of Schneier’s Crypto-o-gram monthly newsletter for several years and highly recommend it. I also recommend his books. Beyond Fear and Secrets and Lies (my personal favorite) are especially good for a general audience interested in security in general, while some of the others are much more technical in nature.

Throwing down the gauntlet. or "You just don’t get it!" – The Gospel according to Joe Trippi

From Robert Paterson’s Weblogis this review of Joe Trippi’s The Revolution will Not be Televised: Democracy, The Internet, and The Overthrow of Everthing.

I have been feeling that we are indeed at a point of paradox where a new and better world is in sight just as we see the world of corporate power and alienation at its most powerful.

The new is no longer a theory. Companies such as eBay, Amazaon, Southwest are eviscerating their traditional competitors. Bottom up organizations will replace command and control, where ever it exists – in business, in politics, in government – everywhere. Community will be the organizational structure and where power will reside. Open Source will be the organizational model. The new is now inevitable. For those who lead organizations the time to decide has come. Do you vainly defend the indefensible or embrace the world to come?

It seems to me this has been building for several years now, since I first read The Killer App way back when. Every year we get closer, and every year the approach gets faster.

What do you mean, no e-mail?!?

Could you live without your e-mail for a day? That’s the question posed by Eric Mack in More productive with[out] e-mail? After a brief history of e-mail’s climb to the top, Eric points to They’ve got less mail, a Fast Company article about the Veritas Software marketing department making Friday a “no e-mail day”.

On Fridays, it’s half that many. Now his employees talk face to face. Or they pick up the phone. They’re more productive on days like today because there’s less miscommunication and less time spent crafting notes just so.

Has e-mail become a productivity drain? Based on the way it is used in most organizations today, I would say YES. Does it have to be that way?


Instructional Models for Using Weblogs in eLearning

From EduBlogInsights is a discussion of Instructional Models for Using Weblogs in eLearning: Case Studies from a Hybrid and Virtual Course, published in Syllabus magazine. The article includes survey results and observations from the integration of blogging into online and hybrid courses over the last year at the University of Arizona.

In various blogs and posts over the last few months, I’ve seen several discussions of what a blog isn’t, what a blog is, what blogs should have, what they shouldn’t have. This article, and some of the insights from it, go a long way to show that a blog is a blog. You use what works, you don’t worry about what doesn’t, and you do your thing.

My Brilliant Failure: Wikis In Classrooms

There are a lot of great tools out there: high-tech, low-tech, no-tech, and everything in between. Some tools are for individuals, some for organizations, some for both. Though all of these tools will likely work for some of the people some of the time, it is very unlikely that these tools will work for everyone. An example of a tool tried but not successful is documented in My Brilliant Failure: Wikis In Classrooms from Kairosnews.

I wanted to share with the participants my experience of collaborating in a wiki environment, and how it feels to have someone else edit your document, how you see a concept from someone else’s mind map…. But finally, I ended up using wiki as pumped-up PowerPoint. It turns out I changed the tool, but did not change the practice. It was WikiLite.

An experienced wiki developer told me that people come to him from “academia” and wanted to know questions such as: “how can I use this in my classroom”. What they don’t realize is that there is a great potential in this tool to be completely disruptive (in a good way) to the classroom setting. At this point, I made a connection to an article by Scardamalia and Bereiter about ‘Computer Support for Knowledge Building Communities’ which called for no less than restructuring our concept of ‘schools’ to allow for student to student interaction, negotiating meaning, and knowledge construction.

For my part, I’ve tried many new gadgets and apps over the years, some which I still use and some which never got past the early use stage. For the latter it was mostly because those gadgets and apps didn’t quite live up to my expectations (or their promises), but some were because they required me to change too much. This article is a good example of how sometimes it is a good thing to change my ways in the interest of progress.

In the Classroom, Web Logs Are the New Bulletin Boards

An article from the New York Times online, In the Classroom, Web Logs Are the New Bulletin Boards discusses the role that blogs can play in the classroom. An excellent example of how blogs can be much more than just a way to say something, they can actually be a way to help you say things better.

As the article notes, it is also a way to “even the playing field” so that the quiet students that may not get a spoken work in edge-wise can have there voice heard in the group.