Log-in | Register Username:   Password:   forgot password? Logged in as | Log-out

blog home blog structured search InfoWorld power search InfoWorld metadata explorer The Screening Room all screencasts popular / general-interest screencasts Friday podcasts Friday podcasts with transcripts Friday podcasts: RSS feed all podcasts all blog items LibraryLookup subscribe with rss: send Jon an email: reading list as opml reading list as html

<<  Tuesday, September 26, 2006  >> Show me my account activity! Security pros know that there's no perfect defense against a determined attacker. So when an identity thief strikes, it's vital to detect the theft. But who's going to be the detective? As applications migrate into the network cloud, the presumption is that IT administrators will be the detectives, vigilantly looking for clues that might spell trouble. But such vigilance will never suffice, because nobody can care as much about my own interests as me, or as much about yours as you. [Full story at InfoWorld.com] This column aired a longstanding gripe that I think of as The Myth of the Managed Network, which explains why this never happens: "Mr. Udell, there's been a routing glitch that affects your subnet. We're aware of the problem and we're working on it. You'll hear back from us as soon as it's fixed." But it also proposes a best practice for web applications: Show me when I -- or more precisely, my account -- was active on the system. If there's been account activity that wasn't mine, nobody will care about that more than me, and nobody is in a better position to detect it than me. Think about it. If somebody were using your bank or webmail credentials, how the hell would you know? Visualizing account activity in ways that make it easy for people to see anomalies at a glance is an interesting second-order problem. But the first order of business is just to show us that data. Comments

Recent Entries Why can't Johnny download? Because he's stuck in a semantic muddle. Justifying the feel-good labels Screen-sharing's long tail Why can't Johnny download? A conversation with Rajiv Gupta about fine-grained access control XBRL use cases: better late than never Tantalizing hints of the Knowledge Navigator Denise Getts wires the web Beyond the election news cycle A conversation with Jim Russell about the Pittsburgh diaspora The SALT talks All roads lead to VNC Mobile speech recognition The Screening Room #10: Dabble DB Scaling the Tufte effect A conversation with John Schneider about Efficient XML What's the video threshold for face-reading? So many social networks, so little time Conversational dynamics in the blogosphere Intense, simple, active demonstrations A conversation with Cricket Liu about the Domain Name System Drowning in a rising tide DRM by asking nicely In search of non-gratuitous 3D A conversation with Mark Ericson about communications-enabled business processes Levelator! Talk to the avatar WordPress for loosely-coupled comments, part 2 Compound documents for the web A conversation with Ellen Ullman about living close to the machine At the Paris SOA Forum ID card anthropology Second Life, MTurk, and on-demand education The Screening Room #9: Windows Live Writer A conversation with Tim Fahlberg about mathcasts, clickers, and the future of education A conversation with Jeff Bezos about Amazon web services Kim Cameron on why business protocols aren't user-centric yet Show me my account activity! WordPress as a loosely-coupled comment engine How translucency could defuse the Turnitin/McLean High controversy A conversation with Cyril Houri about annotating the planet using a GPS/WiFi/cellular hybrid Turk work Screencasting of tacit knowledge Ongoing discussion of translucency and selective disclosure Half-baked ideas Google Earth live and in realtime The politics of data control Audio editing on the move A conversation with Phil Windley about identity in the real and virtual worlds

Sponsored Technology Links
Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit CA - Manage your IT more effectively. Efficient - Flexible - Compliant CA - Plan better, manage better. Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. Rackspace - Fanatical Support Promise: Live Support 24x7x365 HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW Collabnet - Virtual Test Lab Automation: Manage development infrastructure HP - StorageWorks All-in-One Storage Systems. hp.com/betterstorage HP - Improve Resource Utilization and Lower Operating Costs Ipswitch - WhatsUp Gold V12 - network management & monitoring for any size network. HP - Webcast: 5 Things You Need to Know About Storage Virtualization Xerox - Typhoon 8860: Enter to win a Xerox PhaserTM 8860 network color printer! BEA - Webcast: Dialing up Agility with Business Transformation Verisign - Protect Your Data with SSL HP - Speed, agility, flexibility - The HP BladeSystem c-Class. InterSystems - Development, integration, BPM, and BAM together in Ensemble Citrix - Need simple, low cost server virtualization? AMD - We're putting more and more of our energy into saving IT Xerox - Enter to win a Xerox Phaser(TM) 6180 network color printer! Mindreef - Key Strategies For SOA Testing		Citrix - Go green.Virtualize servers with Citrix XenServer(TM) - FREE Citrix - Instant server virtualization. Citrix XenServer(TM) - Free! HP - Virtualization: A Step by Step Approach to Success Microsoft - Tech-Ed 08|Microsoft's largest tech conference|June 08 in Orlando Neterion - The Missing Piece of Virtualization Seagate - Maxtor OneTouch(tm) 4 Mini backs up your PC on the go Box.net - Upgrade Your Classic Collaboration Tools Overland Security - The Data Protection You've Been Looking For Lefthand Networks - Free White Paper on Matching Server & Storage Virtualization Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Tripwire - Secure your virtual and physical environments with the same software. Crosscheck Networks - Accelerate Your SOA Projects Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM Microsoft - Microsoft Forefront security products for business. Learn more. Oracle - Fueling the Responsive Enterprise Microsoft - Meet Windows Server 2008. The server unleashed. Microsoft - Tech-Ed 08|Microsoft's largest tech conference|June 08 in Orlando Microsoft - {Open Source} Heroes Happen Here Xerox - Enter to win a Xerox Phaser(TM) 6360 network color printer! Vizioncore - Vizioncore has solutions for virtually any virtual need.

	HOME  NEWS  BLOGS  PODCASTS  VIDEOS  TECHNOLOGIES  TEST CENTER  EVENTS  CAREERS  IT EXEC-CONNECT	About | Advertise | Awards | RSS | Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist