There are many varying opinions on almost everything, but Compliance is one of those topics like economics, everyone has a different opinion it seems.

I was reading an article by one of the Systems Engineers at Network Appliance entitled, "Six Tips for Archive and
Compliance Planning" and while I agree with most of the points Mike Riley makes, I had to think a bit about his words on Encryption.

He isn't saying not to use encryption, on the contrary, he is saying that encryption is a must, but the advice is sound.  Be careful what you do and the ramifications.  With compliance systems, often search and rapid retrieval are key and these are some of the most plausible arguements against specific applications of encryption.

As always, look before you leap.  I guarentee that if you think about where you should be using encryption you are already ahead of most.

It seems that even though we all know we need to patch our system, we are now having to do it faster and faster to avoid the vulnerable time between patch availability and exploit.  In an article on ZDNet there are details of how the latest exploit is being used, but soon you should see a post by Duane Laflotte on his security blog about how it isn't just being used on sites you might expect.  Even the super computer savvy gamers are getting hit and I have to think that in many cases we just know about this because they realize.  How many never figure out that they are maintaining a drone in the hacker army of some malcontent 15 year old with a grudge...

I have been casting about for .Net Best Practices and came across Adam Cogan's lists of how to do pretty much everything.  The funny thing is that I have known Adam for years and was aware that he had compiled quite alot of information on his site, but until I started to dig through it I hadn't realized just how much is there.

If you are trying to codify your companies "how we do it here" then make sure you check out Adam's site.

I am sure it is reported elsewhere, but I found an article on a proof of concept virus that targets AMD processors on a magazine site in Australia.  The article dismisses the threat of such an item and pretty much holds it up as just a curiosity in the fight against hackers, but I see it differently.

In order to win, eventually security has to be hardware based.  The whole Palladium (now known by the horrible NGSCB acrynym) effort is just the most public manifestation of this realization and even it has gone dark.  Hacking the hardware is hard, hacking the software is easy.  Software provides the security of a screen door while hardware security done well can be like a steel cage.  Watch as this develops.  Like gas prices driving the frantic (and belated) search for alternative fuels, it will be a mind blowing security threat that finally forces us to invest in security via hardware in real terms.

If the barrier to enter the hardware market in a significant way weren't so large, I expect this problem might already be solved...

I know it is simple and probably not an amazing tool, but I am finding www.dnsreport.com to be amazingly helpful in some troubleshooting I have had to do recently.

Sometimes the most important thing is to just have the right tool...