CF2 TechNotes Blog

Blowing off the Dust…

curtis_franklin — Fri, 28 Dec 2007 14:00:36 +0000

Boy, I knew it had been a while since the last post, but I didn’t realize that I was pushing toward three months. What can I say? Graduate school takes a lot of time and energy. If you’re interested in keeping up with my grad school musings, pay a visit to my other regular blog, the Mid-Career Grad Student. Of course, you’re also welcomed to visit my primary work blog, SMB IT at InfoWorld. I also contribute to the Test Center Daily Blog, so feel free to check in there on a regular basis.

I hope to be able to dress this place up in the new year — there are lot of technologies and products that should make it faster and easier to post to all the blogs. I’m using Windows Live Writer for virtually all my posts to TechNotes and Mid-Career Grad Student, and I find it makes a huge difference in the labor required for each post.

Speaking of technology, I’ve found Twitter. If you’ve joined Twitter, search for KG4GWA and you’ll find my posts. I know that several news organizations are now using Twitter for breaking news…I’ll look forward to seeing how well it works for me.

Thanks for stopping by to read this — I’ll try to have more interesting posts (and just more posts) in the coming year.

I am kg4gwa on del.icio.us
Add me to your network

Harry Potter Hack Article for PC Magazine

curtis_franklin — Tue, 03 Jul 2007 20:43:52 +0000

I’ve had a chance to write a couple of articles for PCMag.com recently. The first was looking at the reports of hacking into computers at the publisher of the Harry Potter books. Many thanks to Jordan Wiens for helping me understand some of the details of what purportedly took place. Let me urge you to run over to the article to take a look–and let me know what you think about the piece.

What do You Know?

curtis_franklin — Fri, 23 Mar 2007 03:12:04 +0000

Fellow journalists have pointed to an interesting issue for those writing about security. In a NY Times story about shoplifters the writer talks about a “boost bag” used by shoplifters, and describes in broad terms what the bag is. The issue: Has the journalist damaged security by including information in the story? Those of us writing about IT security face this question every day, as do journalists who focus on law enforcement, military, or homeland security issues. It’s one of those issues that can bear honest disagreement because judgement is involved.

I tend to come down on the side of “more information is better” in most cases. The information on how to build bombs, put together a boost bag, defeat an alarm system, or construct and SQL Injection attack is out there anyway–none of this involves a deep, dark secret. Trying to keep citizens from understanding these things is not only self-defeating, it diminished the opportunity to enlist the help of thousands (or millions) of intelligent men and women of good will.

Are there exceptions? Of course there are. I think you have to give serious consideration to publishing the details of an on-going operation, and if the subject of the article might endanger human life then a writer must weigh the consequenced very, very carefully before proceeding. I don’t write details like IP addresses in my articles, and I’ll tend to fuzz out the details of an individual’s vulnerabilities when writing about case studies. It’s not that I won’t write about the issues, including details of what’s possible–I just won’t put the key into the lock for someone who might be trying to decide which network will host their next cyber-joyride.

Some of the folks who operate in the political blogosphere talk about groups of citizens as “a pack, not a herd.” I like that. I think that most groups will form themselves into a pack and not a herd if given the opportunity. Part of that opportunity consists in being informed about what the Bad Guys are doing, or are capable of doing. Security Through Obscurity is, in the long run, an unsuccessful strategy and I don’t feel I violate my responsibilities either as a journalist or as a citizen when I make a security issue a bit less obscure. I strongly believe that a well-educated citizenry (whether of a nation or of the world) is best capable to defend himself and help defend other citizens.

Gear up–get educated.