Glenn Kramer


Glenn is president of Network Security Services. He is a 30-year veteran of the technology industry, and he has served in a number of management capacities throughout his career.

Defcon Buzzword Bingo 3
Sights and Sounds from the Defcon Security Tradeshow
A Black Hat Glass Half Full 1

On the final night of Black Hat (which is the first of two InfoSec conferences in Las Vegas in the same week), I have to report my Black Hat experience this year as a glass half full. On one hand, the show is getting bigger every year. It's starting to outgrow even the massive confines of Caesar's Palace, where it's held. On the other hand, many of the sessions were watered down or simply had bad speakers. One session I was in had a French speaker who not only spoke with a really strong accent, but also mumbled and didn't speak into the mike.

BlackHat and the DNS Non-Event

Well I'm out here in sunny Las Vegas to attend the IT Security trade shows Blackhat and Defcon which happen to occur during the same week (luckily for those of us who want an excuse for a week long junket to sin city). Anyways, I'll be reporting in several times on the goings on. The big event is supposed to be Dan Kaminsky's presentation where he will reveal a huge hole in DNS, the address database that is the underpinnings of most of the Internet. While this sounds impressive, it promises to be mostly a non-event for several reasons.

Gotcha CAPTCHA! 2

In the category of “What will they think of next?” is this next item. In case you weren’t convinced that the best and brightest minds in our field often wear the other side's uniform (the black hats), this should convince you.

Microsoft 0, Yahoo 1 3

So goes the first round in what is surely going to be a 15-round slugfest. I for one was glad to see the Bellevue brawler knocked back into his corner for a change. They are so used to their pursuits falling gratefully into their arms, swooning to be the momentary affection of the ultimate beach bully.

Fearless Security 2008 Infosec New Years Resolutions 2

So it’s a new year…Another year, another thousand virii and worms released into the Internet ‘wild’ to attack our computers, millions of more Identites released, and untold more spams mails sent.  Well if some of the powers that be would make some Infosec New Years Resolutions (and keep them!) those numbers wont be quite as high.   Then again, if these New Years resolutions go like most of mine, the spammers, hackers and crackers have nothing to fear.  So without further ado, I present the Fearless Security New Years Infosec Resolutions with something for everyone:

Taking the C.I.S.S.P. test
Maybe you've noticed the slower pace of blogs lately (OK, maybe you haven't). I've been traveling and cramming for a shot at some real prestige...the coveted title of Certified Information Systems Security Professional, or C.I.S.S.P. Maybe you happened to notice that the title seems to be one word too long. Generally, organizations spend a lot of time to create short, snappy acronyms.
New Software…Look Before you Install…and After!
Did you ever wonder what happens AFTER you successfully install a new software application on your server? From a pure IT standpoint, the job is pretty much done when the user begins to input data and use the app. For security personnel, it’s a different story. Installing new application software can create all sorts of new vulnerabilities. Even software from large developers can open ports, run extraneous services and broadcast sensitive information. This goes double for smaller developers or niche applications.
Obligatory 9/11 Post, a day late
I suppose me being someone involved in “security” and it being the sixth anniversary of 9/11 (I guess 9/11 has become a noun now, like Christmas or Easter), I’m supposed to put out an obligatory post on my thoughts on the matter related to IT Security. Well, what I would ask of all you IT security folks, similar to Reagan’s campaign pitch in 1980 is “Are our networks and computers more secure” now than pre-9/11 (again, we need a word here for dates before 9/11 and after 9/11, how about B911 and A911). Have we learned anything from this? Well the short answer is yes and no.
I'm Back! 1
I’M BACK Went to a Lincoln car show this past weekend in Chicago. Stayed at a Westin. We got a “good deal” on the rate because over 100 people attended. $129 a day. REAL good deal, because the rack rate is $209. Now, I’d guess you’d get a load of amenities for that price, right? Not exactly. Let’s look. Free Internet access? Not exactly, $10 per day extra. How about a complimentary bottle of water? Sure, but it’ll cost you $4.95. What about TV? You get cable, but it’s pretty limited. Of course there are lots of pay-per-view options. Free breakfast? Right.
Hey FDIC, what about Wells Fargo?
It occurred to us that, while Wells Fargo experienced a “single point of failure” the other day, they were almost certainly passed on their latest FDIC IT Security Examination. They probably also had an outside audit firm come in and examine them. My question is how can Wells Fargo pass an FDIC IT exam and still experience a catastrophic failure? Like most (rhetorical) questions, there’s an answer.
The New Liquidity Crisis

The Cashless Society or The New Liquidity crisis With all the talk of the liquidity crisis at the major banks and mortgage lenders these days, maybe it’s a good time to talk about something that is a little closer to home for all of us. I’ve been ranting about the Big Wells Fargo outage last week and it seems, so far, that I’m the lone madman in the wilderness. While the outage last week was bad, the effects were short lived and relatively minor.

Suddenly, It's 1980
Today I bought tickets to a concert on Ticketbastard, er, TicketMaster. In addition to a really complex site, the fees were almost 30% of the ticket price. And the brass plated, uh, nerve of these people to call the fees by names like “convenience charge”, “order processing fee”, “delivery fee”, for chrissake, it’s the INTERNET! So, I ended up paying $96.66 for $69.00 worth of tickets. Thank you, TicketMaster, thank you Verizon Theater for your inability to manage your own ticket process. The “convenience” was overwhelming.
The Wells Fargo Alternative
Tony’s last post highlighted (or lowlighted) the Wells Fargo outage earlier this week. The outage points out a real problem with mega-banks…the farther you get from the point of control, the worse your chances of quick recovery after a problem. When Wells went down, their electronic systems failed and all the branches were totally down. Why? Because there is no way that you can give 5,000 branch managers any sort of authority to disburse funds on their say so. Now, take a look at a typical community bank. We have about 50 community bank clients.
Cashless Society: Not so Fast Wells Fargo!

Well this week, we were treated to the Great Banking Outage of 2007 sponsored by Wells Fargo and most of the customers were treated to a day of 100% illiquidity. While it has been under reported, this has to rate as one of the top major corporate e-meltdowns of the year, perhaps the last few years. The worlds 5th largest financial institution just decided to go offline for a day. Now, in the old days, this wouldn’t have been much of a big deal.

Microsoft Stack Master Class

Master-Level Microsoft Stack Class with John Savill
Online Class: Thursdays Oct. 12th-Dec. 21st
30 Hours of Training for $995!

Understand the complete Microsoft solution stack, how the products work together, and how to implement and maintain for a total datacenter and desktop solution. This course covers the latest technology updates including Windows Server 2016 and Windows 10 and will enable the new capabilities to be leveraged in your organization.


Join the Conversation

Sponsored Introduction Continue on to (or wait seconds) ×