A few security holes in Mac OS X are already known, such as the unpatched ARDAgent vulnerability. But that’s not where the principal Mac security threat lies. From interviews with security experts and corporate IT managers, it’s clear that security concerns and potential risks are much more quotidian — exactly the kind of bread-and-butter stuff that is easy to ignore, especially for Macs, where IT’s familiarity with the Mac is slight because users have typically managed the computers themselves.

It’s time for IT to figure out where the Mac’s security holes are so that you can plug them before your corporate knowledge starts bubbling out. Here are the six main flaws you should focus on.

Read the rest

Here’s an article addressing the Bear Stearns debauchle and how e-mail played a roll in Cioffi and Tannin’s undoing.

I was talking to my wife about this last night… I can’t believe that these two boneheads were capable enough to leverage the kind of money and power they were privvy to and still manage to lack the common sense to encrypt their emails when discussing private and sensitive matters. As much as this sub-prime blow out should disturb anyone with any interest in the national and world markets, these folks total lack of discretion (not to mention reprehensible ethics and respect for their fellow human beings and clients) should send a signal of clear and approaching fucking catastrophe in the near future.

If Cioffi and Tannin’s complete ignorance about the visibility of e-mail - or complete disregard - is any indication of how many of this world’s top power players conduct themselves electronically it should be clear that those who want the world’s most valuable secrets probably already have them.

As of late we’ve been hammered over the head about China’s electronic espionage, but if you think China exists alone on that frontier you’re nuts. Every world power, every organized crime syndicate, every corporation and public and private body is either involved or about to be involved in this gaping wound of the invisible world we all inhabit, though only few have woken up into.

It’s high time that everyone take the time and interest to understand these silicon based machines which dominate nearly every aspect of our lives and demand that same level of interest and accountability from each person they conduct business and personal affairs with. Continuing to ignore the physics of the invisible world of information will soon prove to be as ill conceived and radioactive as when, back in the day, lunkheads used to make dinnerware from uranium.

Wake up folks, we’s in the future.

All the blood sucking and baby-tossing has really left Michael Chertoff either light on his senses or aloof about your security. You decide…

Read the article

The always intimidatingly brilliant Bruce Schneier from InfoSecurity Europe giving a follow up talk to his work on the “Psychology of Security“.

Listen or Watch it.