Wednesday, October 12, 2005

Moves to professionalise Infosec

Was at the ISC2 Secure London conference yesterday. Interesting day, and lots of interesting info. Check out uksaint.org which is a site supported by Intellect, the trade body for the UK hi-tech industry. It is currently hosting the working group info for the move to professionalising the information security industry.

Another interesting URL mentioned was www.staysafeonline.org which could be of use to your average user.

Interesting stats - from Gartner originally

75% of attacks are at application level
70% of vulnerabilities as at application level

and

Reducing the number of application vulnerabilities by 50% should lead to a 75% reduction in costs!

Nice

Non photo realistic Quake



How cool is that?

Security from the start

Dana Epp discusses building security into code and applications. This seems absolutely obvious but you would be astonished at how many organisations do not have secure coding guidelines or even best practices. This should help any application developers.

Thursday, October 06, 2005

The end for simple vulnerability scanning?

Nessus is dropping the GPL



Could change the way a lot of security consulting firms run the basic section of a security assessment, as nessus - even though it has its issues around false positives - has always been a staple part of the toolkit.

Monday, September 26, 2005

Tuesday, September 13, 2005

YARRRRRRRRRRR!

Erm - amusing....I guess it describes me well:-) Remember the 19th of September!!!







CALICO JACK!
You are 28 %Treasurer, have 46% Seafairability, crave 29% Bloodlusting, and lust 98% in Wenchwanting!
Jack Rakam, or Calico Jack, as you like to be called, there's more to being a pirate than Wenching! Sure you love the ladies (and occasionally the cabin boy), but you can't plunder, pillage, navigate or brutally mame if you're constantly 'dipping your wick'. Forget Anne Bonny, she was a lesbian anyway! And you're undying affection for her got you and your entire crew hanged!







My test tracked 4 variables How you compared to other people your age and gender:

















free online datingfree online dating
You scored higher than 0% on Treasurer





free online datingfree online dating
You scored higher than 7% on Seafairability





free online datingfree online dating
You scored higher than 4% on Bloodlusting





free online datingfree online dating
You scored higher than 99% on Wenchwanting
Link: The What Kind of PIRATE Are You Test written by JosephineGreen on Ok Cupid

Friday, June 03, 2005

It's all go

Well, I've been hectically busy so failing to post here, but have been able to post at moblog while on the move. Now that blogger allows mobile blogging I might do that here....

Bought a new house, which is nice, and I know it's in a nice area, because it's 2 doors down from my current one. It just has an extra bathroom, bedroom, conservatory, shed, two extra public rooms, bigger garden, longer driveway. Yay!

Just got to sell mine now...know anyone who wants a nice 4 bedroom detached house in a very desirable bit of central scotland?

Preparing to go to Portugal for 2 weeks, then Belfast, London, Cowes, Amsterdam and then Kent. Luckily I get the last week in July at home. Which will keep Claire happy...that'll be our 7th wedding anniversary!

Friday, April 22, 2005

Paris - miles better

Well, I ran the Paris Marathon on the 10th of April...what a lovely city, and what a lovely day for a run. Up until half way I was making reasonable time, on course for around a 4hour and a bit run, but slumped badly towards the end and came in at 5hr 35...I suppose I should have trained, hey ho.
I'm so impressed with Paris, especially after my disappointment with New York.
And the shopping is great, if a tad pricey...

Monday, April 04, 2005

New York

Well - was a bit disappointed with my visit to New York. Grand Central station, although nice, is pretty small. Way smaller than they make it look on the telly. And Manhattan is small as well.
And the gadget shops are pants - many of them but very limited product ranges, and the prices weren't competitive, even with the great exchange rate.
And I couldn't even get much for the wife - better shoes/perfumes/clothes etc in Edinburgh.
And the nightlife was a bit sucky too - so all my preconceptions were dashed except one:

The Empire State Building - it is quite spectacular from the top. Old an dknackered inside - we queued for 2 hours in decrepit, dingy corridors - but absolutely worth it!

Thursday, March 17, 2005

A Plan For Scams

Gerv has some good ideas here. Okay, so they have all been discussed before, but they all make sense in the right environment, and together can significantly improve security.

Thursday, March 03, 2005

Sunday, February 27, 2005

Blimming Windows XP

Just when you are about to do a backup, 'cos you've been a bit lax for a couple of weeks, it starts acting up. I started getting IRQ_NOT_LESS_THAN_OR_EQUAL BSODs. After hunting around forums, it appeared to be connected to pagefile issues, so I removed and recreated my pagefile.

Then I started getting POOL errors, which quickly escalated to the classic symptom of only getting to mup.sys on boot. Sadly this wouldn't let me boot from an XP CD either. After much faffing, Knoppix came to the rescue. I built an XP installation on another hard drive (with my faulty one unplugged, otherwise it wouldn't do it!) then rebooted with both drives connected, using Knoppix CD. This at least let me get all my data across. I was going to use captive-ntfs to mount my old drive read/write but the screwed up filesystem wouldn't let me.

So today I finally wiped the old drive, reinstalled and am now downloading all the relevant updates. At least I had used Slipstreaming to give me an XP SP2 CD before all this happened, but it still wants many updates, and the amount of downloads I need for my Audigy Platinum is staggering.

The only upside is that all the cruft will be gone and the machine will run faster for a while:-)

Thursday, February 10, 2005

The joy of SOx

Financial Cryptography has another interesting article on Sarbanes-Oxley. The funny thing is the number of companies I have seen who aren't listed on the US Stock Exchange who want to go through something comparable to or exceeding Section 404 requirements. Just in case.

Friday, February 04, 2005

Integrated WIFI Laptop Hack

This is pretty cool. Okay, these days all laptops are likely to have wireless capability anyway, but for those that don't, here's Nermal's Integrated WIFI Laptop Hack

Thursday, January 20, 2005

Anti-forensics

As this Hack In The Box article shows, there is good information out there for those who do not wish to be caught out by forensic analysis of their computers.

Makes relying on forensics that bit trickier...

Monday, January 17, 2005

How to make windows more like Linux

12 steps to becoming more l33t. I think it's supposed to be pro MS, but some of it definitely looks the opposite to me.

Sunday, January 16, 2005

This article over on Bruce Schneier's blog is interesting, but what is more interesting is the comment and debate fuelled by this. Remarkably similar to the whole open/closed debate in IT Security but for the physical security world.

Want that one!

Little Britain. Gotta love it. Even the BOFH does!

Sunday, January 09, 2005

Thursday, January 06, 2005

Wired News: India's Odd Couple: Cops and Tech

Wired News: India's Odd Couple: Cops and TechThis poses some major issues for IT outsourcing! Cripes.

Mobile users need for power

The New York Times has an article: Power Users, Ready for a Refill which points out something I hadn't really thought about - the need for power when mobile. For me, even if I use my mobile all day, a charge lasts a day - more than a week on standby, my laptop lasts 5 hours (if I'm just working on documents etc) and my main mobile mp3 device is in the car so I hadn't come across this issue. But it seems people with high current devices are desperate for a charge:-)

Sunday, January 02, 2005

A new year - a new dawn

Finally -after much procrastinating...I am broadbanded. Just 'cos I got Doom 3 and Half Life 2, so I thought I should.

I guess the other upside is the speedy downloading of ISO files.

Need to go and get that linksys box though - blimming Voyager 205 broadband router from BT is a bit pants.

Happy New Year anyway