Monthly Archive

The largest conference within IT, e-business, BI, security and CRM - the CNIT in Paris, is cancelled. 

I used to be there back in 2000, talking about the importance of multilingual e-business solutions in Europe. According to the press release below, the cancellation is due to technical security problems at the Paris Expo conference center.

The complete press release (French) is below:

As I have informed about earlier, I will be a guest lecturer at BI (Norwegian school of management) this autumn. And as I hate boring "read-the-manuscript" type lectures, I will do a two hour case study workshop with the students.

I want to take one or two security scenarios that are relevant for business managers and middle management, and have the students work in groups as the imaginary management of a corporation. The point is to teach them how security can and will impact their future job, and to prepare them to be proactive and resourceful when disaster strikes.

I would love to hear about relevant scenarios from my readers. I know there are many resourceful people among my readers with great stories to share. I also know that some of those stories might be even more relevant and exciting than the more local cases I have.

So, please post your stories as comments - or if you prefer, use the contact page.

Thanks you kindly :)

This is the last weekend of September, we are all very busy executing the plans for the autumn. Budgets to be met, contracts to be closed, projects to start and to end. Security news to break, and patches to be made.

So - this weekend - take some time off, and enjoy this collection of antiwar posters made by Micah Wright. Wright runs a project called the Propaganda Remix Project, and although there is a strong political message in the artwork, I find it fun and totally enjoyable. 

To view the complete project, click the link above, and then click the picture above the "View a slideshow of all 475 posters" text.

NOTE: There is a strong political message in the slideshow - you may or may not like it! YOU have been WARNED!

Enjoy your show, and your weekend!  

I am in need of your help now. Recently, I have got referring hits on Feedburner and Google Analytics from a couple of websites: www.securitynewsportal.com and www.snnx.com. 

It seems like they are republishing my RSS-stream. Which is all fine. I just get curious as to who they are. Thus, I have tried to visit their websites a couple of times, and all I get is a HTTP403 error (forbidden).

My question to you is simply - can you tell me what these sites are? Who are running them? Why do they not serve the info to the public?  

I may be paranoid - but I cannot help wondering if this is some kind of a fraud or harvesting system?

If you know anything about these services, please share with me! Use the comments below, or contact me using the contact page!

Your input is highly appreciated! Thanks! 

Anton is also the co-author of the book Security Warrior.

Anton came to security after reading the book Maximum Security by Anonymous. It was an awakening, and Anton knew what to do in his life. He claims he still do not know who wrote the book.

For Anton, Information Security is not obvious, even if it sounds like it: A: information security is about two thing: "securing" and "information", not only fighting hackers, fixing vulns, blocking attacks, protecting networks, deploying appliance, configuring firewalls, etc.

Nowadays, information pretty much makes the world go round and the missing of security is to protect information C-I-A: confidentiality (of course, for confidential info), integrity and availability for legitimate use. Yes, there are various extensions to the CIA formula, but it does describe the picture adequately for our purposes.

On key impacts IS has on business, Anton says:

A: In short: IS protects business information.

That is why it is called IS - "information security." As far as the impact of security on business, it might be dramatic and negative or dramatic and positive or none.

What determines the above choice is how well you understand the risks you face. If you have no idea what risks you face and then you go and buy a lot of security gear and use it to block random things, you are guaranteed a negative impact.

And if you know the top risks, you invest in security wisely and thus allow the business to, well, "do business." :-)

Anton is the evangelist at LogLogic. As such, he has hands on knowledge on the challenges business meet regarding information security.

A: Regulatory challenges: more new regulations, more details on the existing regulations, more bad regulations, the whole pile :-) It will have sometimes good and sometimes bad impact on security.

Commercialized, professional hacking (this has been beaten to death, so - no more comments)

Data governance (and, especially, identity information governance): who can access data, who does, who has the data, what do they do with it, etc. This will be growing in importance for at least a few years.

You can read more about Anton at his website.

Anton has his Security Warrior blog.

He is the evangelist at LogLogic.

His book is available at Amazon!

And the book PCI Compliance is available at Amazon as well!

We had election here in Norway a couple of weeks back. We use some sort of electronic counting system of course. And as you would guess, discussions of election fraud has arrived here as well.

But - this post is not about that! This is about a low-tech election fraud. According to the police in Drammen, the elections in the city was illegal. Why? Because someone decided to buy the votes of the drug addicts in the city.

Each drug addict was offered 50,- NOK to go to the election station, and vote for a particular party. IMO, a good incentive to raise the number of voters. Except that they had to vote one particular party, obviously. On the other hand, there is not way to know what they did vote, so the addict could vote something else, and get the cash, I guess.

Still, the amount they where paid is ridiculously low. It equals less than US$10, in a country where a pint of beer cost more than that. Unless the prices of drugs are extremely low, that bill they got paid would get them nothing but a pack of Kleenex and a chocolate bar.

The police in Drammen now calls for reelection in the city. Shouldn't they be praising the politicians for trying to activate the people who most likely entered an election room for their very first time?

I have strong feelings against abuse. And when I see young people falling for simple tricks and ending up as victims, I have to speak up.

Internet has revolutionized the way we communicate and how we network between people. I should know, I use tools like LinkedIn, Xing and Facebook actively. In a market there will always be companies that pushes the line. In Norway, one such site is Camfight / Penest.no, which I have covered in the past.

Last week, a girl was featured on national TV. Her story is as follows:

When she was 14, she met a guy on Internet. The boy was a couple of years older, and convinced her to strip for him on webcam. The girl was in love, and believe him to be too. She obeyed his request.

As soon as the stripping was done, the boy ended all contact. Some time later, the video with the girl stripping shows up on Internet. Without her consent.

Her friend turned their back to her, and she ended up having to relocate and change her name.

As tragic as this is, this kind of stories are only starting to surface. When you are young, you do not have the experience, knowledge and understanding necessary to safely use the technology. He*k, many adults lack the very same requirements.

To add to experience, "Line" got no support from her school nor from the police.

I believe that this serves to show how vulnerable young people are, and how wrong things can end up. It never pays to be naive. And when in doubt, say NO!

I am about to break a principle now. When I first started my blog, I decided I would not use it to promote services and products. I will break that principle today - as I am currently (this autumn) available as trainer/consultant. 

I am a great trainer (certified in JCI), and I get great feedback. Topics are mainly security related, with focus on user awareness and management training. I also do project management and consulting.

This autumn, I will be a guest lecturer at BI - the Norwegian School of management. 

If you know of anyone who might require my services (I will travel), I will be grateful to hear from you or them!

The past couple of weeks has seen an uproar against Sweden in general, and the Swedish artist Mr. Lars Vilk in particular.

Yet again, an artist has managed to piss of the Muslims.

Yet again the Muslims reacts as expected.

And yet again are we discussing whether or not freedom of speech as a principle stands higher than religion.

According to western tradition and belief, freedom of speech is a fundamental right for all mankind. It is a principle we love, and protect.

According to Muslim tradition and belief, Mohamed is sacred, and never to be depicted. Depicting him is a sin, and blaspheme.

All this is well known. And EU has come to the conclusion that when deciding whether or not you are free to speak you mind is to be decided by what your intent of the information is. With the above mentioned art as example - in EU, Lars Vilk is protected by law to make art of Mohamed. Even if some Muslims may get hurt in the process. So how do they know when to protect him? By his intent! If his intentions are good (ie. not to hurt their feelings), he is protected. If his intentions are bad (ie. he draw Mohamed as a dog only to hurt Muslims), he is on longer protected by law.

In other words - Freedom of Speech in Europe is all yours as long as you do not intently hurt someone. If it happens by accident, then it is all fine.

The question is how can I prove that my intentions in this post are all good? That I never mean to hurt anyone?

---

On the other hand, the decision by EU have second to no results on the intention of Al-Quida to put mr. Vilks down. And no matter how much I respect Muslims (and other religions people), I just cannot understand how they can take a picture like this serious, and why they care about it in the first place.

I agree that Mr. Vilk and other artists in the past has not been very kind in the depicting of the holy prophet - but as I understand, non of the artists where Muslims in the first place (nor is now). I have a hard time understanding why someone who is not following your religion has to follow those rules. Now, you may argue that I am stupid, ignorant, and some may even say arrogant, but I still do not get it.

But - I do believe in your right to have those rules. I do believe in your rights to believe in your religion. I will defend that right as well. And I respect your views and ideas.

As I do believe in the freedom of speech. And defend that right too.

What pisses me off is when people use the wrong reasons for their action. I defend your right to be a Muslim. But I strongly disagree with your use of terrorism, violence and your disrespect of other people, cultures and religions.

The same goes for Lars Vilk and other artists. I defend your right to make whatever art you like. But intentionally mocking other people and culture is not my kind of art.

There is one thing I believe is missing in both camps - respect! Respecting different opinions. Different views. Different ideas. Respecting that some call dogs with human heads art, and respecting that some prefer their holy figures to stay a fantasy.

My dear reader,

this post is only here to thank you!

During the time I have blogged, my audience has grown steadily in numbers and in geography. What started out as a project for fun, has evolved into one of my true joys and priorities. And the reason for that joy is you, my dear reader!

And not only are you reading my ramblings, you participate, you comment and you send me mails! We may not always agree, and I am not right all the time. But you keep hanging in there, and by doing so, you feed my joy.

I also enjoy the number of bloggers who link to me. I even appear on blog-rolls of bloggers I highly respect and enjoy. I cannot tell how much that means to me. (I probably should link to you all, but out of fear of not having found all links, I choose not too).

I truly enjoy my blogging, and knowing someone else is too, that is a great driver for me! So keep it coming - please let me know how you feel! Please let me know if there are stuff you'd like me to cover. And please keep sharing your toughts!

So, my dear reader, this post is entirely dedicate to you! I wish you a lovely weekend!

In these days the job market in the Nordics is very lucrative. It is hard for employers to find employees who can deliver, and when the option of paying the price, or hiring a newbie comes, smaller companies often chooses the low price, low competence solution.

They do so in the hope of saving. The price for that saving can soon be very high - as this weeks weekend laugh shows. You have heard some before - perhaps - like me - you have even uttered a few of them too!

If your background is not from the ICT/IT, then you can use the weekend laugh as a list to QA you sysadmin. The more of the list you tick, the lesser the quality!

I wish you a lovely weekend!

I got this in my mail today:

-------------------------------------

At last - almost two weeks after the initial attack - my body is recovering. I am now back in fit shape, and attacking my back-log on the blog.

In the backlog is the next security profile Dr. Anton Chuvakin - the Security Warrior. He is one of my absolute favorite bloggers of security, and I am proud to present his profile next week!

I have also had a dialog with a security manufacturer, and I will present a CEO-profile in a weeks time. Perhaps that is the start of a new type of profiles on my blog.

While I have rested and fighting the virus, I have picked up on a number of stories going on the past two weeks. I will try to cover a few of them too - so watch out for my comments on the new Mohammed drawings, privacy and exploiting young people.

No guarantees that it all ends up here shortly - my backlog is not only on the blog!

Thank you all for your kind comments and sharing up mails. Also, thank you my regulars for hanging in there with me! I love the blog, and obviously some of you enjoy it too!

I wish you a lovely weekend!

I guess this one gives away my sort of humor. I still hurt in my belly, chins wet with tears! 

Happy weekend to all my readers!  

I am taking a viral or bacterial hit on my body currently.

I'll be back - hopefully within a couple of days!

Regards from the plains of fever!