July, 2009

This is a great read for anyone even remotedly interested in Information Security and the principles that relates to attack vs. defense. Most security people seems to forget that security is merely (and sometimes marrily) parts of "business as usuall", meaning security is never a means in it self, it is only there to sustain business. As such, there should be no chock that security is very closely related to economics, not to technology.

This paper was released in 2001, and is equally relevant today!

Go on! Read: Why Information security is hard - an economic perspective, by Ross Anderson.

Should you not like it, you are allowed to kick your own butt!

The other day, I went into an elevator, and ended up on a ride much like the one in the Charlie and the chocolate factory movie. Except there where no chocolate. There where only the Cynic. Needless to say, I was stuck.

The cynic used his time good while I tried to control my panic. And he played me like a 3-year old. The resulting information leak is found here: http://www.infoseccynic.com/2009/07/30/kai-roer-stuck-in-the-lift-with-the-cynic/

Go on. It is probably one of the best interviews about me that exists.

Oh. Thank you, Cynic. Remind me to take the stairs next time we meet!

I am consolidating the look and feel of my blogs. First step is using the same theme/template, dn hoepfully it will enable a more consistent look and feel.

I will play around with the themes until I am happy. And you may add your comments and suggestions if you like :)

Thank you for your patience!

So I have finally taken the time to review the comment spam challenge I have had in the past. I do not mind that my blog is becoming more popular, but I do prefer real readers, not some bot filling it up with strange comments.

The past 2 years, I've used Akismet to control spam. And up until the past few months, it has done the job without complaints. The past few months, it has not been up to it. Some research shows that the Drupal module of Akismet is no longer maintained, thus no longer being updated. So much for open source, huh... And I have grown tired of deleting false negatives and finally today I found what I hope is the solution.

Its name is Mollom. It offers the same as Akismet, as free service, or optionally as a paid service if you need high availability, or a non-branded CAPTCHA. I need neither, at least not at this poin, thus the free service works great for me.

I will test Mollom over the next few weeks and see how it copes with the task. Hopefully false negatives will be down to zero now.

I am sick and tired of all the comment spam that clogs up this blog. Is it time for me to set up a captcha servcie or something similar?

The Akismet plugin certainly is no longer up to the task of keeping the new comment bots at a distance, so I need to do something. So far, I see three choices:

1. Leave it as is, and spend a lot of time cleaning up

2. Disallow comments all together, and loose the litle interaction I strive to build (I love comments from readers...it is those left by robots I dislike :)

3. Find a solution that enables people to easily add comments, and automatically keep the spam away

Option two is no option. So what I will do is go for option three, and until I find a viable solution, I will use option one - as it will continue to mess with my mind until I have found a solution. Or help me prioritize correctly, so to say.

Any and all tips and ideas are more than welcomed! I will write a post on what solution I choose, and why.

Thanks :)