Recently I bought a Nokia 9300i. Phone cock-swaggering aside, it allows me to be connected to the internet, permanently. I can ssh to my machines, I can look up facts on the internet and I can read without moving my eyes further than a few square centimeters of screen. This is nothing new, what is new is that I can now do this all the time. I can do it in the middle of speeches, in restaurants or on the toilet.
[geeking musings to follow]Continue reading "Digital Entropy"
Today we (Deloitte) hosted the ISGA (formerly WhiteHat) meeting. I was in charge from Deloitte's side. Apart from a few hiccups related to broken amps and late coffee it went off fairly smoothly. I got the chance to present, my presentation was entitled: "Threat Monitoring: Reading Risk the Wrong Way".
It basically provides a justification as to why threat monitoring is important, and how people ignore the "threat" component of the risk equation. A component of threat monitoring is having decent threat models. For this I discussed how security researchers have gotten the vulnerability life cycle wrong, and provided a corrected model based on combining the conclusions of several researchers.
The slides can be found here.
I am really enjoying watching how these turn out. The recent 0day's have seen unofficial patches, Microsoft entering the threat monitoring game, a significant amount of community effort and all sorts of discussions.
1...2...3...go
Wow, it seems Microsoft managed to get their MS06-015 cumulative IE patch rolled out with only a few compatibility problems with older HP, NVIDIA, Siebel and Kerio Firewall products. Pretty good given the non-security ActiveX change they bundled in there.
Oh, they also fixed that security vulnerability that was activley exploited in the wild since March 23rd. Now given the lag time in patch deployment (current research suggests 19 days for internal machines), it should just be just over a month that attackers have been able to wade through the average windows box.
Can someone tell me why Microsoft decided that the best way to get a patch out as quickly as possible was to bundle a huge, non-security modificcation into it?
I really appreaciated this from the Easter liturgy:
Our commandment was to love one another as we love ourselves, not to assist God in meting out punishment.
Happy Easter everyone.
After trying to download M$ patches behind an awful ISA server and equally failing to update McAfee, this Dilbert comic popped up. How true.
Daniela has recently started her work for Creative Commons South Africa. It seems they are in charge of the iCommons, an organisation trying to extend the reach of the Creative Commons into other free culture areas. Lessig explains it better. Daniela has been hard at work and already regularly writing for the iCommons blog. Check it out.
Continue reading "iCommons"