Patrick Hynds

Information Storage & Security Journal Co-Editor-in-Chief Patrick Hynds writes: The U.S. deparment of Homeland Security is performing a readiness test this month called Cyber Storm, after rescheduling. The Cyber Storm exercise is about ensuring and testing against a computer based attack or hack against public infrastructure targets as well as some parts of the private sector. This has caused some (on Slashdot.org for example) to decry it as idiocy that will only "break the Internet". These are likely the same people who would apportion blame if an attack came and we found ourselves unprepared. You can't have it both ways. Either organizations should prepare for and test against potential attacks or they should not. Anyone who understands security knows that what does not get checked does not get done (that also applies to pretty much everything else in the world as... (more)

Bill Gates Microsoft PDC Opening Keynote, Live From Los Angeles

PATRICK HYNDS BLOG LIVE FROM TH E PDC OPENING KEYNOTE I am writing this from Bill Gates' opening keynote at PDC in Los Angeles. "User experience" is definitely the message of the day. "Windows Vista" is a clear indication of the Microsoft belief that if you build a better interface then they will come (or stay as the case may be). Atlas, which will allow MS technology developers to build XMLHttp based, google map like, experiences is a prime example that this is the battlefield of this round. There was a bit of a history lesson that was likely very unneeded given the crowd, but th... (more)

Information Security - No Longer the Perennial Afterthought

Storage always seems to come first in technical discussions and security seems to be the perennial afterthought. This can be considered reasonable given how we shop for things in general, namely finding the thing that meets our expectations and then ensure it has all the bells and whistles. The good news is that this seems to be changing bit by bit as our industry realizes that security is no longer a nice-to-have feature, but is actually a core requirement. This movement was brought into focus recently when Patrick was involved in a meeting with Senator John Sununu of New Hampsh... (more)

Best Practices and Techniques for Building Secure ASP.NET Applications

When the enterprise depends on your application, careful attention to security is essential. This session provides specific recommendations to follow when developing secure ASP.NET Web applications and services, and focuses on the details of configuring IIS for security. Understand how to use: authentication  authorization  thread modeling  configuration settings secure database access This session will help you to to create secure systems, and learn common coding techniques for storing secrets, error handling, data validation, and code access security. When the enterprise depend... (more)

Random Salt - Preparing for real-world eventualities

It's a constant battle! Just when you think you understand security, someone or something reminds you of a whole aspect that you have been ignoring, usually at your peril. No matter how much you planned, prepared, worked, and worried about your plan of attack or defensive position, the job was literally never done! You had to settle for trying to be better prepared than the enemy - as opposed to being prepared for all things at all times. Computer system security has reached this point in the minds of many in the industry. To quote one of our favorite speakers, Ted Neward, "It is... (more)