A recent article in the New York Times demonstrates just how helpless our nation is against hacker threats. Please notice my lack of using the word "Cyber" which in reality has nothing to do with the Internet or computer security, despite the media's attention to the word.

The revelation that a major defense contractor had their network broken into and extremely sensitive data stolen is nothing surprising. I think we can all assume it was the Lockheed Martin attack even though they haven't named which contractor was compromised. The timing makes sense.

Security Is Tough, Tracking Exploits Tougher

Today, LulzSec attacked Eve Online, Minecraft and Escapist Magazine. It looks like Minecraft and Escapist were simple DDOS attacks, but Eve may be more sinister with their claim to have wiped the login server.

The same group recently hacked a porn website and posted the emails and passwords for several hundred users online.

This brings up a really good question. Why would you trust anyone with "your password?" If I log into Facebook, they now now "my password." If I use that same password anywhere else I'm essentially trusting that not only will Facebook not be evil with my password, but that they are smart enough to keep ALL hackers out of their list of passwords so that "my password" is kept secure. It's like giving a stranger on the street a copy of the key to your car and hoping they won't either pass it on or use it themselves.

Never, never use the same password for multiple sites, unless you're comfortable with losing all of those logins at the same time. That means your bank account, email account and facebook account really must all have separate passwords.

Also, if you use any service that supports "two-factor authentication" please, please activate it. GMail and Facebook both support two-factor authentication methods now that require more than just your password to login.

A simple Google search will show you that many people consider phone app piracy to be a large problem. Many people believe they are losing huge volumes of income to software pirates.

I look at the problem and see things differently. When the average application on Android Market is under $4, who cares? I'm not suggesting piracy is good or that it should be legal. I'm not suggesting software pirates shouldn't be punished. What I'm suggesting is that there's nothing you can do about it, especially when your product is $4.

There's a reason that "The Dollar Tree" doesn't install $50,000 RFID theft detection systems in their stores. In fact, despite the appearance of camera's in many stores I'd chance to say they don't even have video surveillance. The simple fact is - their product isn't worth it.

That doesn't mean I don't use the market "copy protection" system - which is really just an API that verifies that the gmail account has purchased that particular app. But, how far am I willing to go to protect a $3 product?

In keeping with the tradition, here's my predictions for 2011 as related to computer security.

• Microsoft Improves

  There's a couple of things to say about this. First, improving from bad isn't really that hard. But, let's be honest. Since the days of Windows 98, Microsoft really has improved security. They didn't always go in the right direction (aka Windows Vista) but they are making an effort. Will it matter when everyone is using their Android tablet in 2012? Probably not as much. Half the people I know could give up their home computer for a proper Android tablet and never miss a beat. And really, enterprises relying on Microsoft security enhancements are doing it all wrong.

• Android Regresses

After spending last week at the HIMSS (Healthcare and Information Management Systems Society) conference in Atlanta, I came away with some good information and some interesting observations.

Unlike most vendors who work with hospitals, I was not there to exhibit. I was an attendee, and I go to get the latest information regarding healthcare IT and security. Some of the topics in the education sessions are more important to me than others, but that's the great thing about this conference - you get to pick what classes you go to and there's a wide variety.

Most attendees upon learning I was not exhibiting would ask "Why are you attending?" My answer is an emphatic "The real question is, why are your other vendors NOT attending?" If you are going to manage terabytes of healthcare information, I believe this conference is a must. They cover everything from "Meaningful Use" (which I'm not as interested in) to "HITECH Security" which everyone should be interested in.

For security reasons, many businesses are completely disabling USB storage devices on the computers at work. Particularly if you are like me and work with healthcare information, it's doubly important that not only no one can bring in a virus, but that they also can't leave with any private information.

In Linux the risk of viruses are small to nonexistent, however USB sticks automatically mount for reading and writing regardless. There's an easy way in recent Ubuntu distributions to disable USB storage devices. Simply blacklist the kernel driver:

sudo echo "blacklist usb-storage" >> /etc/modprobe.d/blacklist.conf

After that, nobody can use a USB memory stick in that computer, but still allows the administrator(s) to manually load the module and use it.

I'll be giving more enterprise Linux tips in the near future if all goes well.

I consider security one of my top concerns, and one of my major strengths. Given the volume of information that my servers hold, any potential breach could pose serious problems. We constantly audit our servers and security logs, use a custom firewall and intrusion detection software and take a "close everything open only what's necessary" approach to security. We also use full hard disk encryption on all laptops. I'm confident our systems are more secure than 99% of hospitals out there.

On a given day my servers detect and thwart a minimum of 5 to 6 all-out brute-force intrusion attempts. Identified attempts are automatically blocked from accessing any services on any of our servers. Our firewall logs and blocks at least 50 networks scans per day.

But, even I know that to assume we'll never suffer an intrusion is arrogant and dangerous. That's why I made it a point to attend the session on HIM breach notification laws. What was surprising to me was how few people attended that session. I guarantee a lot more will attend the session on the Government stimulus bill, but managing and planning for security issues should be even more important.

Yesterday I posted about implementing rate limiting on new connections. Today I'm going to cover how to take it a step further and watch failed login attempts and automatically block an IP address for a day.

First, you'll want to download BlockHosts from A C Zoom. It's a python script that can be run every time someone attempts to connect that will watch your log files and dynamically create your /etc/hosts.allow file to keep out the nasties.

So, in a traditional step by step method, here's what to do:

sudo su -
wget http://www.aczoom.com/tools/blockhosts/BlockHosts-2.4.0.tar.gz
tar -zxvf BlockHosts*
cd BlockHosts*
python setup.py install

Now you'll want to configure the /etc/blockhosts.cfg file, so open it with your favorite editor and make the following changes:

Look for "WHITELIST = ". You might want to add your own local network to this just in case.

Look for "LOGFILES" and uncomment the one that says:

LOGFILES = [ "/var/log/auth.log", ]

Look for "[mail]" and plug in your setup if you want it to send you an email periodically telling you what action has been taken.

Save and close that.