emergency preparedness

When Personal Security is Compromised

Pete Silva — Wed, 02 Nov 2011 21:05:40 GMT

My Greatest Fears Realized

I debated about writing and/or blogging about this for a few days since it is very personal and didn’t want a pity-party coming my way. But covering security, often from the human behavior standpoint, is what I do and what better way to share a security incident than when it happens directly to you. Plus, being able to simply get it out is cathartic to some extent. So here goes.

I attended the London IPExpo on Oct 19-20 at Earl's Court Two. IPExpo is one of the largest IT infrastructure shows in Europe with many focus areas: Cloud, Storage, Security, Network, Virtualization and so forth - pretty much anything that touches IT. I was invited by the F5 EMEA team to present at a number of speaking sessions F5 offered during the conference. I also brought my family along since we hadn’t been to London in about 5 years and we really like the city.

A couple weeks ago while I was at work at our EMEA headquarters there was an attempted abduction/kidnapping of my 5 year old daughter at one of the underground stations in London. My wife and daughter were on their way shopping when a man grabbed her. He started with a little lure and when they got closer, he grabbed her arm and tried to yank her away from my wife. Luckily my wife was able to keep hold of her and said to another woman, ‘Did you see what that guy just did to my daughter?’ She responded with, ‘yes and it looks like he’s doing it to another little girl!’ At that point, my wife asked for assistance from the Underground personnel. The BTP (British Transportation Police) arrived and took him into custody while taking my wife and daughter to the station for statements. My daughter asked if she could tell the officer about what happened and she told the PC, ‘that man grabbed my arm.’ That was pretty much all they needed, especially after viewing the CCTV footage and they didn't want to pressure a grueling interview of a child.

I was finishing lunch with an F5 colleague when I got the call – ‘we are at the police station and you need to come now.’ At first I wasn’t sure if she was joking since she’s used that ‘I’m at the cop-shop’ routine before and I said, ‘What?!?, are you kidding?’ She then briefly told me about the incident, that he was in custody and at that point, it was no joke and my personal security had been threatened. My co-worker immediately said, ‘I’ll take you wherever you need to go.’ This is one of the things that I love about my working family at F5, personal family is always first. That was when the flood of emotions overcame me and the gravity of the situation hit. As an aside, I don’t worry about my family going anywhere since my wife is a former Federal Law Enforcement Agent and certainly knows how to handle such situations.

I often look at human behavior and the ‘feeling of security’ or ‘peace of mind’ when discussing the topic. I think that many of the fears about say, cloud security or any other topic that seems to take a few years to fully catch-on, has to do with the fact that we humans simply have a hard time with change. Add loss of control to the picture makes it even more daunting. Friends will say, ‘Let it go, it’s out of your control,’ and while you may understand, it doesn’t always make you feel any better. That day, I did not have a feeling of security, peace of mind or any control over the situation. I knew they were safe but I did not feel safe. The mind kept telling the belly ‘it’s OK.’ but the gut wasn’t listening. The stress increases, it’s harder to think, you’re sweating and it’s uncomfortable.

Finally arriving at the station, the Sergeant tells me everyone is fine, the guy is arrested and we’ll let your family know you are here. Some anxiety is finally released and soon, we get to hug. More stress leaves the body and thinking becomes more focused but still has plenty of questions. The BTP was great and gave us a ride in the blue and white back to our hotel. We were told on the way back that he is well known within the police department and a repeat offender. Not sure if that was good or bad news.

The following day, the BTP called and said that the guy is being charged with assault (of a minor). The CCTV caught everything. Now, I’m not a big fan of the increased surveillance everywhere but in this situation it helped tremendously. The next day it was determined that he needed a psychiatric evaluation and spent the next week in the mental facility. My wife was also asked to appear for his trial, which was scheduled for the following week. Wow, right quick as they fast tracked his trial.

My wife was at the Magistrates' Court most of the day. After a week in the mental hospital, one doc called him crazy and another said he was fit. That obviously determines which institution will be his new home. The judge had already watched the CCTV, received testimony from the responding officers, including the one who testified on my daughter's behalf and my wife's testimony only lasted about 10-15 minutes. The Magistrate just wanted to hear if her story matched what was on the video and other witness statements. His lawyer tried to make it seem like he was just being 'friendly.' She was let go after her testimony for the final determination.

Later that evening we got a call and was told he had been found Guilty of assaulting a minor. We dropped a huge sigh of relief and the flow of comfort came back again. I was starting to feel secure again, I started to feel somewhat in control again and I could think clearly once more. I believe we all go through stages when trying to make a security decision or faced with a security situation. It’s called Risk Analysis, Risk Management and Emergency Preparedness. This was an extreme case, of course, but the threat came unannounced from the outside like many that occur within the corporate infrastructure. My wife was prepared and I was uncomfortable yet, we still needed to handle the situation and mitigate the risk. With your corporate infrastructure, be prepared, have a plan, mitigate risk and you will feel secure and know that you are. And if an incident does arise, you’ll be ready. Find that common ground between the head and the heart. Often that’s hard when various groups have different fears and things that make them uncomfortable. Acknowledge the human factor, ask questions and communicate.

I truly appreciated the F5 support and warm wishes during this ordeal. I’ve been with F5 since 2004 and while we recently announced that we’ve passed $1 Billion in revenue, which is an amazing financial accomplishment - I have to tell you that it is the feeling of family that keeps F5 rolling.

Technorati Tags: F5, personal security, police, london, Pete Silva, security, BTP, vulnerabilities, crime, child, CCTV, the tube, abduction, identity theft

Connect with Peter:	Connect with F5:

Audio White Paper: F5 BIG-IP WAN Optimization Module in Data Replication Environments

Pete Silva — Thu, 20 Jan 2011 22:35:58 GMT

Data loads are constantly on the rise: where transmissions once included only plain-text email and a few static web hits, people now send rich text email, dynamic web pages including multiple AJAX requests per page, replication data, and a host of other data types. Replication data in particular is critical, especially to businesses. Businesses need their replication data to arrive at the appropriate destination, in a timely manner and with no doubt of delivery. The slower and less reliable your replication is, the less useful it is to your original purpose. Using the F5® BIG‑IP® WAN Optimization Module™ (WOM), enterprises can increase efficiency, decrease backup windows, offload encryption, and improve wide area network throughput to distributed data centers. Running Time: 22:36 Read full white paper here. And click here for more F5 Audio.

Download now or listen on posterous

AudioWP_F5_BIG-IP_WAN_Optimization_Module_in_Data_Replication_Environments.mp3 (21197 KB)

Connect with Peter:	Connect with F5:

Technorati Tags: F5, integration, disaster recovery, Pete Silva, security, business, education, technology, application delivery, data replication, cloud, backup, WAN, web, internet, security, hardware, audio, whitepaper,, big-ip

Oracle OpenWorld 2010 - Optimize Oracle Database Replication

Pete Silva — Tue, 21 Sep 2010 19:43:30 GMT

Peter Silva visits with F5's Chris Akker to discuss & whiteboard F5's solution to Optimize, Accelerate, Secure and Offload Oracle Database Replication with BIG-IP LTM and the WAN Optimization Module (WOM).

Technorati Tags: F5, infrastructure 2.0, integration, Pete Silva, security, business, education, technology, application delivery, cloud, virtualization, oracle, oow

twitter: @psilvas

Audio White Paper: Distributing Applications for Disaster Planning and Availability

Pete Silva — Tue, 21 Sep 2010 12:35:28 GMT

Managing applications in multiple data centers in real time can be a challenge, especially when the data centers are geographically distributed. F5 products such as BIG-IP Global Traffic Manager, BIG-IP Link Controller, and BIG-IP WAN Optimization Module help you manage and distribute applications between data centers. Running Time: 25:31 Read full white paper here. And click here for more F5 Audio.

Download now or listen on posterous

AudioWP_Distributing_Applications_for_Disaster_Planning_and_Availability.mp3 (23922 KB)

twitter: @psilvas

Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet

CloudFucius Ponders: High-Availability in the Cloud

Pete Silva — Wed, 05 May 2010 18:46:19 GMT

According to Gartner, “By 2012, 20 percent of businesses will own no IT assets.” While the need for hardware will not disappear completely, hardware ownership is going through a transition: Virtualization, total cost of ownership (TCO) benefits, an openness to allow users run their personal machines on corporate networks, and the advent of cloud computing are all driving the movement to reduce hardware assets. Cloud computing offers the ability to deliver critical business applications, systems, and services around the world with a high degree of availability, which enables a more productive workforce. No matter which cloud service — IaaS, PaaS, or SaaS (or combination thereof) — a customer or service provider chooses, the availability of that service to users is paramount, especially if service level agreements (SLAs) are part of the contract. Even with a huge cost savings, there is no benefit for either the user or business if an application or infrastructure component is unavailable or slow.

As hype about the cloud has turned into the opportunity for cost savings, operational efficiency, and IT agility, organizations are discussing, testing, and deploying some form of cloud computing. Many IT departments initially moved to the cloud with non-critical applications and, after experiencing positive results and watching cloud computing quickly mature, are starting to move their business critical applications, enabling business units and IT departments to focus on the services and workflows that best serve the business. Since the driver for any cloud deployment, regardless of model or location, is to deliver applications in the most efficient, agile, and secure way possible, the dynamic control plane of cloud architecture requires the capability to intercept, interpret, and instruct where the data must go and must have the necessary infrastructure, at strategic points of control, to enable quick, intelligent decisions and ensure consistent availability.

The on-demand, elastic, scalable, and customizable nature of the cloud must be considered when deploying cloud architectures. Many different customers might be accessing the same back-end applications, but each customer has the expectation that only their application will be properly delivered to users. Making sure that multiple instances of the same application are delivered in a scalable manner requires both load balancing and some form of server virtualization. An Application Delivery Controller (ADC) can virtualize back-end systems and can integrate deeply with the network and application servers to ensure the highest availability of a requested resource. Each request is inspected using any number of metrics and then routed to the best available server. Knowing how an ADC can enhance your application delivery architecture is essential prior to deployment. Many applications have stellar performance during the testing phase, only to fall apart when they are live. By adding a Virtual ADC to your development infrastructure, you can build, test and deploy your code with ADC enhancements from the start.

With an ADC, load balancing is just the foundation of what can be accomplished. In application delivery architectures, additional elements such as caching, compression, rate shaping, authentication, and other customizable functionality, can be combined to provide a rich, agile, secure and highly available cloud infrastructure. Scalability is also important in the cloud and being able to bring up or take down application instances seamlessly — as needed and without IT intervention — helps to prevent unnecessary costs if you’ve contracted a “pay as you go” cloud model. An ADC can also isolate management and configuration functions to control cloud infrastructure access and keep network traffic separate to ensure segregation of customer environments and the security of the information. The ability of an ADC to recognize network and application conditions contextually in real-time, as well as its ability to determine the best resource to deliver the request, ensures the availability of applications delivered from the cloud.

Availability is crucial; however, unless applications in the cloud are delivered without delay, especially when traveling over latency-sensitive connections, users will be frustrated waiting for “available” resources. Additional cloud deployment scenarios like disaster recovery or seasonal web traffic surges might require a global server load balancer added to the architecture. A Global ADC uses application awareness, geolocation, and network condition information to route requests to the cloud infrastructure that will respond best and using the geolocation of users based on IP address, you can route the user to the closest cloud or data center. In extreme situations, such as a data center outage, a Global ADC will already know if a user’s primary location is unavailable and it will automatically route the user to the responding location.

Cloud computing, while still evolving in all its iterations, can offer IT a powerful alternative for efficient application, infrastructure, and platform delivery. As businesses continue to embrace the cloud as an advantageous application delivery option, the basics are still the same: scalability, flexibility, and availability to enable a more agile infrastructure, faster time-to-market, a more productive workforce, and a lower TCO along with happier users.

And one from Confucius: The man of virtue makes the difficulty to be overcome his first business, and success only a subsequent consideration.

The CloudFucius Series: Intro, 1, 2, 3

Technorati Tags: F5, infrastructure 2.0, integration, collaboration, standards, cloud connect, Pete Silva, F5, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, blog

twitter: @psilvas

The First American Corporation Case Study - F5 Networks

Pete Silva — Fri, 23 Apr 2010 17:22:52 GMT

Watch how First American Corporation was able to consolidate and virtualize their infrastructure with BIG-IP LTM, GTM and FirePass SSL VPN providing them with the flexibility & speed to market their business required. From 750 machines to just 75, Jake Sietz of the Enterprise Architecture group talks about how they achieved performance gains, faster log in times, better service and disaster recovery.

Consolidate and Dedicate to Eradicate

Pete Silva — Wed, 03 Feb 2010 21:30:16 GMT

Whether it be due to cloud computing, last year’s economic mess, or just the general cyclical nature of the Tech Industry, Consolidation has been a huge focus of IT departments of late. Data Center consolidation, hardware consolidation, staff consolidation and tech sector consolidation to name a few. I remember the days of single purpose boxes that did one thing well. In fact, a decade ago at Exodus, that was one of my positioning points for BIG-IP over such LB units as Alteon, ArrowPoint and LocalDirector since they were switched/hardware-based appliances. I’d say something like, ‘It’s a Floor Wax and a Dessert Topping while the BIG-IP is software based, focused only on Load Balancing.’ Boy, times have changed.

Single purpose appliances, while still big business for their particular specialty, are becoming fewer and fewer – just look at the handheld your using. The printer was one of the first to go that route becoming printer/copier/fax/scanner in an effort to make them more useful and appealing to the customer. Ads tout, ‘No more bulky equipment to buy – it’s all here in this great new thing that you must have!! All for the incredibly low price of…..’ IDS graduated to IPS and now we have IDPS units and UTM (Unified Threat Management) systems or the Next-Gen Firewalls. They have firewall, anti-virus, spam controls, web filter, IDS and more. We are in a multi-task society and expect our devices to behave the same. For a while, adding more and more functionality to a piece of IT equipment would either slow it to a crawl or make it very difficult to troubleshoot. The processing power available today allows multi-function appliances to dedicate resources to ensure all the functions run smoothly.

Having multiple point solutions, interfaces and GUIs also makes it difficult to manage the various entities, especially if it’s a security device. Managing multiple points of entry and enforcing a consistent security policy across the board can be challenging. You got users connecting and requesting application access via VPN, some over the air on Wireless and others hooked right to the LAN. They also are probably using various types of computing devices; from IT issued laptops, to home/personal machines to mobile devices. You might have a specific policy for each type of access method/device or you enforce the same security, no matter what the connection. Why wouldn’t you do a host check on LAN users similar to the scrutiny your remote users must pass? In many cases, that might involve a NAC type controller and I thought we were trying to reduce the number of power suckers in the data center. Today, IT needs a single management interface and policy enforcement point that’s easy to navigate and quick to deploy. During a crisis, like a potential intrusion or breach, you can waste precious time trying to get to all the different appliances to assess the situation.

As consolidation continues, and more functionality is added to these multi-dedicated appliances, management of such an infrastructure especially if it’s part of a cloud, will continue to be an important driver for IT. So, as you consolidate and are able to dedicate, that will enable you to eradicate costs, multiple management interfaces, multiple point products and with the right device, eradicate many of the threats that appear every day, the CDE way!

Related resources:

In 5 Minutes or Less Video: Consolidate Access with BIG-IP Edge Gateway
BIG-IP Version 10.1: An Integrated Application Delivery Architecture [Whitepaper, PDF]
Unified Access and Optimization [Whitepaper, PDF]
F5 Delivers Next-Generation Application Delivery Services Giving Enterprises More Control with Context-Aware Networking [Press release]
BIG-IP v10.1 Now Available

External articles:

Technorati Tags: F5,BIG-IP,v10.1,Edge Gateway,WOM,application delivery,Pete Silva,F5,security,application security,network security

Catch some Zzzzzzzzzzzzz

Pete Silva — Wed, 16 Dec 2009 22:27:07 GMT

It used to be the ‘stuck to our side’ pagers that go off at 3am telling you that a server crashed that would keep you up at night. You’d drag yourself out of bed (or the chair at the data center that you fell asleep in), tippy-toe to the computer in hopes of gaining remote access or wonder to the car, still in your PJs, to drive to the facility. In February 2009, InformationWeek & Dark Reading conducted a survey entitled, ‘What Keeps Infosec Pros Awake at Night.’ They asked more than 400 IT pros, among other things, what are their most serious threats, how are they prioritizing their defense of these and what are they going to do to keep their data safe in 2009 and beyond. At the time, 52% said they were concerned about Internal threats – either employees or partners, accidental or malicious. This makes sense since there were several articles in early 2009 which looked at Laid-off workers turning to Cybercrime. They also feared the loss/theft of a laptop/potable storage device which might contain sensitive information that can lead to a corporate security breach. Their biggest wish was for end users to be smarter about security and understand the risks. Automated technology allowing IT pros to focus on emerging threats rather than day-to-day firefighting came in 2nd. They just wanted to have the time to find ways to make their systems more secure, and compliance was driving it.

Recent data from Verizon’s addendum to its Data Breach Investigations Report actually shows that most (73%) data breaches come from External sources, not insiders. Granted, the InformationWeek data was garnered from a survey (point in time opinion) and the Verizon info was generated by analyzing disclosed/investigated public data breaches (over time) and it doesn’t include undisclosed incidents with internal investigations. Verizon concluded that breaches which warranted public disclosure were primarily done by external sources. I’m sure that many internal incidents that didn't affect a large swath of the public were never disclosed, which could slightly sway the results but interesting nonetheless. So the fear was Insider threats yet the actual data implicates outsiders. I started wondering if this one of those Perception vs. Reality things or as Stephen Covey puts it, “We see the world, not as it is, but as we are.”

In February 2009, when the economic crisis was in full swing, layoffs were a daily occurrence. There were many documented cases in the early 1990’s of crime/fraud that occurred during that recession and many believed it would happen again – but this time with technology's help. Stories started to appear indicating that this scenario might happen again and when the few that did happen were spotlighted (like the current trial of Terry Childs) - folks believed, or feared, that a new wave was coming. The data that came out other end, seems to show that those internal threats were less than expected, except maybe in the financial industry. The other side is that sometimes perception is more important than reality. With the perceived immanent danger of rogue ex-employees, IT departments had a wake up call to reexamine how they handle access termination, a critical piece of data preservation. In life and security, our view of the perceived risk is based on our past experiences/beliefs and that ultimately shapes our reality. My reality and your reality might be very different but we always have the power in how we respond to events, even ones out of your control. So as 2009 winds down and you get some needed rest (maybe), revel in the fact that this challenging year is almost over, you did the best (hopefully) you could and there will be a whole new set of threats, breaches, viruses, vulnerabilities, scams, malware and many other incidents that put security at risk as thieves typically work through the holidays. Plan as best you can and take the new ones in stride as a challenge to all of us to get even better at protecting all our critical assets – including the living, breathing ones.

And there you have it – 26 Short Topics about Security. Yea, we made it! But wait, there’s more. Stay tuned for the Post-blog Report where we look back at the series, pick some favorites and share what I’ve learned about putting together a chain of blogs over the course of 5 months covering a single topic. Should be fun.

#26 out of 26 Short Topics about Security
Previous stories: 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1

Technorati Tags: Pete Silva,F5,security,application security,network security,virus,

IPv6 and the End of the World

Pete Silva — Fri, 06 Nov 2009 14:13:14 GMT

There’s always been a certain amount of conspiracy theories when security type events happen or instances where there is secrecy. There are those who don’t buy the ‘reported’ reason a security event (like a breach) occurred, those who claim to have inside information or just those who see a story and draw their own conclusions. The following is my take (Satire Alert) on Transmission Control Protocol/Internet Protocol v6 and the end of the world as we know it. That can affect our security, right?!?

Recently there have been more than the usual number of articles about IPv6 and the need to deploy it soon since the v4 blocks are almost gone. Yes we’ve been hearing this for years (RFC2460 was defined in December 1998) but now the hype may be over as indicated in this article. There are many security enhancements in v6 nicely covered here but that’s not where I’m going.

In my first blog post on DevCentral, aptly titled First Post, I introduced psilva’s prophecies. I’ve been in the Internet industry since ’94 and while not a ‘know it all’ I have seen my share of changes and have seen a bunch of ‘ideas’ over time come true. For instance, I had always thought that the Internet would eventually become our entertainment delivery method and some 14 years later, that’s the case. That’s not that wild as I’m sure many of you figured it was only a matter of time once we started to see streaming video and broadband to the home. In that First Post, I offered my prediction of how our nomenclature might change over the next 50-100 years. That now, we no longer give our full name/address for contacting/correspondence as we’ve done in the past – we just give email. The idea was that over time, our current first/last naming convention might dissolve to where we are known as users@domains or a single string of characters. Twitter is enforcing that with their @namingconventions.

IPv6, at 128-bits (v4 is 32-bit), gives us the ability to assign an IP address to just about anything – heck, all the portable mobile devices we carry each need one and consumer appliances like TVs, refrigerators, thermostat, DVRs, garage door openers, coffee machines and just about any electronic item could potentially have an IP address. Schedule your toaster via a Web GUI to perfectly brown your bagel when you get home. You can already control your lights and alarm systems over the internet. In addition, each one of us, worldwide, would be able to have our own personal IP address that would follow us anywhere. Hold on, I’m getting a call through my earring but first must authenticate with the chip in my earlobe. That same chip, after checking my print and pulse, would open the garage, unlock the doors, disable the home alarm, turn on the heat and start the microwave for a nice hot meal as soon as I enter. I could chip my child (like the dog) to be able to GPS their behind if they are not at the movies as indicated. Not so farfetched. That doesn’t sound so sinister, psilva, how can that be the beginning of the end?

OK, now the fun begins. While not a Nostradamus follower, although History/Discovery Channels have covered him often, he does have something to say about numbers. You might remember he got a lot of press and was the subject of spam after 9/11 due to this quatrain which his followers say indicates that he predicted that disaster. Conspiracy? He was very much into numbers and also indicated that when we are all identified as numbers, that will be an sign of the impending doom. We do have a numbering system in the states called a Social Security Number, which is our Gov’t identity and very much linked to our own security. With IPv6, now the entire world can be identified by number and thus fulfills psilva’s prophecy #2. The timing is right also. 2012 is getting a lot of play as the end of time. Both the Mayans and Nostradamus feel that 2012 is the end of days and Hollywood has taken notice. Now this does slightly negate my 1st prophecy since I’m giving our name change around 50 years but 2012 does sound about right for a full IPv6 transformation so it does fit nicely with doomsayers – if you’re into conspiracies.

#20 out of 26 Short Topics about Security
previous stories: 19, 18, 17, 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1

Don’t say a Word

Pete Silva — Thu, 15 Oct 2009 17:33:51 GMT

………………………………………………….….oh, you’re waiting for me? This will probably be a short post since there are not that many security terms that begin with the 17th letter of our alphabet. However, keeping Quiet is a common theme in security. As mentioned numerous times, locking passwords, logins, and other sensitive information in your mouth vault keeps them from leaking to others. Social Engineering has always been about compromising that vault. Recently there was a post by Roger Thompson, AVG’s Chief Research Officer, which actually suggested to Write Down your passwords, especially complex, hard to remember passwords. While this practice has been frowned upon for many years – as in the ever popular post-it’s stuck to laptops – there is some sense in creating (and writing down) difficult passwords that are extremely hard to guess. Just put that paper in a safe location. Our own Alan Murphy offered some advice about passwords just a few months ago.

Keeping Quiet is also what most companies do when they discover a breach, at least initially. A survey from the 2008 RSA conference showed that 89% of security incidents go unreported. More often it’s the insider breaches that say under the covers. Some of that could be due to just being undetected but many companies don’t want the public exposure of a breach. Laws have changed some of that and huge breaches, like the Heartland incident, must be reported so people can protect themselves. Even the Heartland incident wasn’t detected for a couple months, and when it was, it didn’t get reported for yet another month. Granted, sometimes law enforcement does ask victims not to say anything so evidence can be gathered and, as to not tip off the crooks. In any event, keeping quiet about a breach happens more often than you think and it’s often due to the fear of a damaged reputation. Of course there is an opposing view to the damage factor by Larry Walsh where he talks about the multitude of brands who have suffered major breaches and how consumers have either forgotten or forgiven.

While silence can be golden and rests are written into music for effect, when it comes to Data Breaches not saying a word can put your business in jeopardy and in the cross-hairs of the law.

#17 out of 26 Short Topics about Security
previous stories: 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1