Security Wisdom Watch: Who Gets the Thumbs Up (and Down)?

The following is a monthly feature in the print version of CSO. Starting this month, we are also running it online. This installment covers the Security Wisdom Watch columns from the April and May 2009 print editions.

MAY 2009 SECURITY WISDOM WATCH:

Much has happened in security circles this past month, from all the hoopla over Conficker to the ongoing economic bloodshed in the industry. Here are a few that stood out — for better or worse.

• Thumbs up: Brad Dinerman — The National Information Security Group president was laid off in October, but quickly bounced back with a new business of lending IT security support to small businesses. An inspiration for anyone who finds themselves jobless. 
• Thumbs down: Premier Voice/Lone Star Power — These companies found themselves in the FBI’s crosshairs in April after allegedly duping telecommunication giants AT&T and Verizon Communications into providing more than 120 million minutes of telephone service to criminals. [FBI: ISP Stole Millions from AT&T, Verizon]
• Thumbs down: A fix for TCP flaw — Jack Louis, discoverer of the far-reaching TCP (Transmission Control Protocol) software flaw, died in a fire March 15. The sad turn of events left it to other researchers to fix the security hole. [Researcher’s Death Casts Pall Over TCP Fix]
• Thumbs both ways — Security vendors and Conficker: Vendors deserve criticism for fanning the flames of FUD last month over a predicted Internet meltdown at the hands of the Conficker worm, which did not come to pass. But there were some vendors, like Luis Corron, a director at Panda Security, who went out of the way to talk everyone off the ledge with this threat. Security vendors backing off from hype is no easy task. [Security Vendors Deserve Some Credit for Conficker Response] APRIL 2009 WISDOM WATCH

  In April we focused on the social networking forums that have come to dominate our lives for better or worse.

• Thumbs up: Zach Lanier — The senior network security analyst at Harvard Business School is ringleader of the Security Twits, a network of security professionals who exchange ideas and work to solve problems via the Twitter microblogging site. The site is sometimes compared to a loud bar where everyone is shouting to be heard, but Lanier has managed to organize an ever-expanding yet strangely tight-knit community.

Thumbs down: Facebook — It’s a nice place to visit if you want to find people you haven’t cared about since kindergarten, but what started as a promising site for exchanging security ideas has quickly devolved into such stupidity as online snowball fights and vanity exercises like the “25 Random Things About Me.” [Full disclosure: The author of this column admits to spending too much time on Facebook and filling out too many of those “Top 5” lists. He also confesses to doing his own 25 things list.][Slapped in the Facebook: Social Networking Dangers Exposed]

• Thumbs both ways: LinkedIn groups — This business-oriented social networking site is home to a rapidly expanding array of security groups, many of which have proven valuable for the author in his search for story sources. Those with groups include Black Hat, NAISG and ISSA. The problem is that there are now too many security groups, many of which share similar names. The full list is starting to resemble Twitter on a busy day.