Skip to main content

Gas is stupid expensive, and Security 2.0

Yeah, I get it. If oil prices go up for this reason or that reason, gas prices are soon to follow. But costing me 60.00 to fill up the tank?

Come on. Is that truly necessary? There is nothing that can be done
about that at all?

On another note--

I've thinking about writing a blog entry about the state of modern security in computer networks. Does it work? Where are we at?  Are all the extremely restrictive policies in your corporate work environment working?  What can be relaxed?  Why?

Like to hear your thoughts. What does "security 2.0" mean to you?  


Anonymous said…
People complain too much about gas prices. When it reaches $8 a gallon, then I will start to worry. Right now, it's ok, and people need to cut down on their driving and also get rid of their gas guzzling cars.

Joel Esler said…
I can agree.

It's over 3.00 a gallon where I live, and I remember the days when it was .69 a gallon.

I have two cars, both are rather fuel efficient (even though one is an SUV), but I still believe gas prices are too high.
Jason said…
When you look at the total impact of gas (war, pollution, etc), even $5/gal is too low.

The rest of the world is following the USA's lead in using cars to go everywhere. Wait until everyone in China and India are driving. You'll wish for $8 gas...

You did say that you think they're too high, though. What do you suggest to lower them?
Joel Esler said…
That's the million dollar question. What would you do if you could.

You say the rest of the world is following the USA's lead. I agree. We all do our part to try and cut back on the use of gas, drive less, work from home if you can.
Tom said…
What would I do? Quit chasing ethanol (all it is going to do is drive up food prices) and create incentives to develop better battery technology so we can use sun and wind power to generate electricity. Then electric cars will mean something.

Security 2.0? Let security people implement policy instead of people whose eyes roll when you talk about mitigating a risk and think that they should implement every security control possible "because it's there". Availability is part of C-I-A, after all...

Best regards,

P.S. -- I still remember 30 cent gas -- and I read about a price war back in the early 70s where one station in Missouri was selling gas for 12 cents a gallon. That won't even pay the taxes now (and for the rest of the world, taxes account for over half of the high cost of gas in Europe! Don't give the US government any ideas, OK?)
Joel Esler said…
The taxes aren't that much different here! Taxes comprise almost half of the price of gas.
Anonymous said…
I am an IT Director with a background with IT security.

It seems everyone keeps chasing their tails when it comes to keeping networks and computers safe, why don't we just open everything up wide open so it will be a less interesting target. LOL

All kidding aside, it's an ongoing battle just like spam. IT and security are always going to have a job because of this.

Joel Esler said…
You have an interesting idea. Kind of the reverse psychology way of doing it. Let everyone do what they want. Maybe it'll avoid risk ;)
Anonymous said…
I would say that, having worked in DoD for the last 10+ years, many times sites/services are blocked for bandwidth conservation or to prevent timewasting by unit members. These include sites such as Pandora, MySpace, and Itunes. I'm not sure how effective some of these blocks are. For instance, Pandora is blocked but there are dozens of other sites that are easy to find and access.

MySpace and and their ilk were blocked I believe because people spent WAY too much time updating their blogs rather than working. (I overheard conversations regarding how people would spend 6+ hours a day updating their MySpace) Also, I believe information was put on these sites that shouldn't be on the web. But again, is that the best way to moderate this? Blocking the sites addresses the first concern, but not the second as again their are dozens of other social networking/blogging sites to use.

Your question about how effective all the regulations and policies are is another matter entirely. Like I said, I've worked in DoD for 10+ years, doing IA for most of that time. Have things gotten better over that time period? Yes and no. DoD is a LOT smarter about IA, but as we all know, it only takes one hole for the bad guys to get in while we have to defend every wall, door, window, nook and cranny. And DoD is not immune to similar demands that occur in the commercial world; namely that the General and/or his staff (CEO equivalents) want to do X and that want to do it now and this app is mission critical and IA doesn't have the power, and isn't included in the planning... you know the story and how hard it is to secure all that. Add to that how fast technology is moving and how hard it is to be REALLY sure that the neat new app you just installed doesn't have a security hole that allows remote access to your domain. And then there are home grown apps and did your developers (contractors or government) really follow best practices (or did they even know about them)? And finally, how can you stop users? Even smart users (see the recent break-ins at the labs in Tennessee and Los Alamos which I believe were attained through spear phishing)?

Like I said, it only takes one hole. DoD is a lot smarter, but then so are the bad guys and at the moment, they outnumber us. I don't believe they are smarter than us, but we have limitations they don't.

So, the final question is: Is it harder for the bad guys to get into DoD networks with all the current regulations as compared to 5 or 10 years ago? I think so, but without an objective external verification, it's hard to say for sure.

Popular posts from this blog

Offset, Depth, Distance, and Within

Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people sometimes misunderstand.  They aren't difficult, and hopefully after this explanation and a few examples, I can clear some of the air around these five modifiers.

The five modifiers that I am talking about are
OffsetDepthDistanceWithinnocaseThese five modifiers are not keywords of themselves, but rather they apply as modifiers to another keyword.  That keyword is "content". The content keyword is one of the easiest pieces of the Snort rules language as all it does is look for a particular string.  So for instance if I wanted to look for the word "joel" within a packet.  A simple:
content:"joel";Would allow me to do that.  The interesting part comes into play when you want to specify where inside of a particular packet you want the string "joel" to be looked for.  If you are running just a plain content ma…

Writing Snort Rules Correctly

Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical.  I don't want to discourage this person from writing articles about Snort rules.  It's great when people in the Snort community step up and explain some simple things out there.  There are mistakes, it comes with the territory.  If you choose to be one of the people that tries to write Snort rules, you also choose to be someone who wants to learn how to do it better.  That's why I write this blog post, not to bash the writer, but to teach.

I noticed this post today over at the "Tao of Signature Writing" blog, and to be honest I glanced over most of it figuring it was a rehash of things I've already read or things that have already been written from countless people about "Here's how you write Snort rules!".  I scrolled down quickly skimming, not reading at all really, and noticed this part:
Now, let us look at the second questio…

Safari 5.1.4 now available

Safari 5.1.4 now available, fixes issues and improves performance | TUAW - The Unofficial Apple Weblog:

Improve JavaScript performanceImprove responsiveness when typing into the search field after changing network configurations or with an intermittent network connectionAddress an issue that could cause webpages to flash white when switching between Safari windowsAddress issues that prevented printing U.S. Postal Service shipping labels and embedded PDFsPreserve links in PDFs saved from webpagesFix an issue that could make Flash content appear incomplete after using gesture zoomingFix an issue that could cause the screen to dim while watching HTML5 videoImprove stability, compatibility and startup time when using extensionsAllow cookies set during regular browsing to be available after using Private BrowsingFix an issue that could cause some data to be left behind after pressing the "Remove All Website Data" button