Some Mindmaps Online

Over the years I have developed many mind maps when writing articles, and I have also used them as a way of collecting information and organising it. I was a fan of Freemind, and with effort, I uploaded some maps to the Freemind gallery. Later I switched to Freeplane but it still did not give me a simple way to share maps. I have now taken out a membership at MindMeister as the site can read and publish mind maps in a collection of formats. You can find about 20 or so maps here, mainly from past articles, with new ones to follow. There is a large map on Trends & Analysis from 2008, giving you some idea how complex and from which sources you need to collect information to get a handle on IT Security.

All Posts on Security with FreeMind and Flash

I have collected all my posts derived from research outlined in a FreeMind map here for convenient reference from my blog homepage. Also, some of the mind maps below have been uploaded to the FreeMind site and converted into a Flash format, suitable for viewing over in a browser (without the need to download). The Unix-like format of the bullets is

Freemind Source -post [ -link to Flash ]

• Anonymity on the Edge -post -Flash
  
• The Cold Boot Attack -post - Flash
  
• OpenSSL key generation in Debian -post - Flash
  
• Breaking A5/1 GSM encryption -post -Flash
  
• Ranum Anatomy of a Security Disaster -post -Flash
  
• The Positive Trust Model and Whitelisting -post -Flash
  
• Quantum factoring with Shor's algorithm -post
  
• How many people have ever lived? -post
• GPS Service Risks -post
  
• Karsten Knol and A5/1 Rainbow Tables -post -Flash
  
• US Border Digital Border Search Directive -post
• NIST Password Guidelines -post

Security FreeMind map sources

I have started to upload the FreeMind source of my MindMaps to my Google site here.  I will eventually upload all my maps, including those that were used just for reference and storing links (17 have been uploaded at the moment).

Three Security maps in FreeMind and Flash

Here are the Mind Maps that I constructed to help me sift through information on three security topics from last year - an improved attack on A5/1, the Cold Boot Attack, and the Debian Crypto flaw. In each case there is a considerably more detail and references in the Mind Maps than the posts that were derived from them.

In February 2008 an improved attack on A5/1 was announced, the cipher used in the encryption of GSM mobile phones. While A5/1 is not considered strong, the new attack claimed faster recovery of keys using less assumption and data. This Mind Map provides an overview of the issues and what was claimed.

Also in February last year, the Cold Boot Attack was devised by Princeton researchers. This Mind Map gives an overview on what was claimed, what were the reactions and a lot of opinion on how this attack came about. In short, many professionals knew the attack could work in principle but it took an actual demonstration to convince them thoroughly.

In May 2008 Luciano Bello discovered a flaw in the random number generator of OpenSSL, which lead to the discovery that the Debian Etch distribution had been producing weak (public) keys for well-known protocols such as SSL and SSH over the previous 18 months. This Mind Map provides an annotated set of links on the topic.

Related Posts

• The Long Tail of Vulnerability for A5/1
  
• A Blackish Swan for Debian Crypto
  
• The Cold Boot Attack
• Freemind and Flash #2

FreeMind and Flash #2

About a year ago I posted on a new feature of FreeMind that enables maps to be rendered in Flash and accessible via a browser. The FreeMind wiki contains a gallery of such contributed maps on a wide variety of topics.

Under the Technology category I uploaded two maps - the first on issues in designing Publish and Subscribe content distribution systems, and the second was the map behind the research for my post Anonymity on the Edge, a not-so-minor scandal over the exposure of passwords in the edge nodes of the ToR anonymity network.

I have now uploaded the map behind my post on The Positive Trust Model and Whitelists, as well as a map providing a summary of an excellent Cisco report from February 2008 on the risks of remote working (telecommuting), announced here. I hope to make a full post on the report "real soon now".

While I find FreeMind a wonderful tool, I occasionally look at developments in other mind mapping tools. I have been watching XMind for a while and, until recently, it out of my price range at $200. But now XMind has gone open source, available for free (definitely in my price range) with the business model switching to paid hosting and collaboration service for the professional version. I downloaded the free version, a Java Eclipse application, and played around a bit. At least on my machine it was a little clunky, and on first impressions, the additional features did not outweigh the simplicity of FreeMind for me. But you can decide for yourself.

Related Posts

• Three Security Mind Maps
• FreeMind and Flash
  

FreeMind and Flash

I have been investing quite a bit of time lately looking at various tools that can help me better organize and correlate information. In the mind mapping camp, FreeMind is making a concerted comeback after a period of arrested development since the last major release in 2005 (v0.8). The new and upcoming features are quite impressive for an open source development, and FreeMind may yet rival more professional tools such as MindManager.

One of the interesting features in the current version of FreeMind is the ability to publish interactive mind maps onto web pages using a Flash plugin. The FreeMind wiki contains a gallery showing many uses of mind maps rendered with the Flash plugin, and I have added a map I brainstormed on Issues in Publish and Subscribe systems for content distribution (this is a biggish map so right click the central node, selecting fold all from Node, to start from the main topic).

You can also find the mindmap used to write Anonymity on the Edge in an interactive Flash format here.

I often use mind maps as the first stage in defining the scope of a risk or threat assessment. There are several interesting examples of security mind maps available on the web on including threats to mobile devices, ISO17799:2005 areas, general IT security, and a colourful map on password awareness.

Related Posts

• FreeMind and Flash #2
• Three Security Mind Maps