This Week in Enterprise Tech 71
|Hosts: Fr. Robert Ballecer, Brian Chee and Curtis Franklin|
Guests: Raphael Mudge
Recorded: December 16, 2013
Published: December 16, 2013
This Week in Enterprise Tech 71:
Google Kills the Firewall
- Removing perimeter security is acceptable.
- Perimeter security guards only the border, but anything inside the network is fair game.
- After source code hack, Google is Windows free. OS X is also not secure, so Google has moved to a trust noone mentality.
- Google is using virtual desktops in the cloud for security, moving all nodes to the data center.
- At Microsoft, VPNs are in individual zones, not groups.
- IT departments can use regulation to force the issue of eliminating end-user devices (through auditing firms).
Patent Troll Legislation
- Patent trolling has caused millions is legal fees alone.
- Patent trolls must attack the larger company, not smaller entity.
- Shotgun lawsuits (sue 100 hoping for 1 win) will be prohibited.
- The legislation prevents evidence discovery until judge approval.
- In the UK if a barrister throws a frivolous lawsuit, the court will fine them.
- This does not solve the problem of the patent office not thoroughly vetting duplicate patents.
Armatage and Email
- If the server doesn't setup DNS SPF records, or the receiver doesn't validate the SPF record, there is no validation of the mail origin.
- DKIM allows mail servers to sign messages to verify origin identity with a public key.
- IT needs to push mail security as a step towards fighting spam.
- To look up SPF and DAMRX records use:
dig +short TXT domain.tld dig +short TXT _dmarc.domain.tld
- Unfortunately, since the people behind SPF wanted it to be implemented ASAP, they chose an existing record type, TXT. Now that an official record type (SPF) has been assigned, its uptake is really small, particularly because the information is duplicated, and therefore prone to errors such as the SPF and TXT records not matching. Also, many DNS servers, such as BIND, needed to be updated to handle that additional type.
- Rafael shows how to spoof a LinkedIn phishing email to Yahoo! on the show.
Hardware & Software Mentions
- ting ting
- Ad time:
- Ring Central Promo Code: TWIT
- Call: (800) 543-9980
- Ad time:
- Recorded Date: December 16, 2013
- Release Date: December 16, 2013
- Log line:
- Edited by:
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|