Geez how did I miss this one?

While writing the previous post I stumbled across this article over at the NYTimes.  Gah!  This makes a great Anti two factor argument.  Why bother to deploy two factor RSA tokens….if they are already ‘broken’.  Sheesh.  Must think on this…..

Why does Malware not get the attention it deserves?

It’s kind of a strange statement to make but let me elaborate.  It seems to me that most people perceive malware as the annoying ‘stuff’ that gets ‘accidentally’ installed on their family or friends computers.  You know the stuff that makes their PC slow or worse.  Outside of the ‘computer industry’ people don’t truly seem to grasps the concepts behind a bot net and what its purpose is.  Case in point.  Today’s threatpost has an interesting post regarding the more sophisticated threats that are appearing in the wild.

I sometimes wonder how people can NOT get this.  The constant escalating ‘arms race’ when it comes to computer security is now a given.  Has been for years.  If the ‘bad guy’ is using a tool to make money because that is what it is all about.  Oh, sorry you didn’t know that it is now a money thing?  Not the geeky kid in the basement hacking into the WOPR.  Sorry, I digress.  Back to the point.  Um….oh right.  The attackers are now MORE sophisticated than ever.  They are combining attacks.  What is the current weakest link in the Corporate Enterprise?  The desktop.  It’s a much easier target.  Softer, squishier and well there are a heck of a lot of them.

I could keep going but I won’t.

More to follow.

Nortel is DEAD people move on.

Given that Nortel is now basically a defunct company can anyone explain why you would go ahead with purchasing equipment from them.  If it’s enterprise VoiP you want surely it would make more sense to switch to Cisco or Avaya.  When the Avaya purchase is complete does it make sense for them to maintain Nortel’s Equipment?  Highly unlikely.  Forklift upgrade path to their equipment.

Why then are we purchasing an deploying Millions of dollars of Nortel equipment?  As if this wasn’t a predictable outcome even six months ago.  The question was asked but because no one listens to Architecture (that’s another blog post) the Telephony folks went ahead.  Politics, job insecurity, lack of foresite, blind faith in a vendor, all of these and more.

Dumb, dumb, dumb.  Total waste of money and time.  Nobody gets fired for buying…IBM, Nortel, Cisco…um time to reconsider.

Nortel is DEAD people move on.

Oh yeah….

I wish I was at #blackhat and #defcon.  Ooops I put the twitter hash tags in there by reflex….*sigh*

Information Sharing

It’s nice to sit and talk to other Security folks who share your same pains.  It’s even better when they are in the same industry.  Case in point today.  I attended a very useful meeting where 7 or so companies spared they’re respective security types for 3hrs.  We talked about some common pain points and talked about what some people were doing about compliance.  It was very refreshing to get some different opinions and perspectives on topics that I struggle with everyday.

I’m looking forward to the next meeting.  Should prove to be just as informative.

For obvious reasons I have left out the industry and the companies in question.

TOGAF and Security Part…x

I don’t remember where I left off with TOGAF and Security.  However a lot of things have changed in the last 6 months.  TOGAF 9 came out and expanded the security (one page) section in version 8 to a whole chapter.  A much needed improvement.  Also since then I have attend the Opengroups Enterprise Architecture Practioners Conference in Toronto.  And yes I crossed over on the Wednesday to sit in on a couple of the security sessions.  I have to say that I was very impressed with the quality of the Panelist in the Cloud Security debate.

What I will say about all this ‘stuff’, is that there seems to be a convergence of sorts on the way.  I’m seeing Cloud Security(CSA), TOGAF, COBIT, NIST, ITIL, PCI and a couple of other acronyms start to coalesce into something more tangible.  Could be very interesting.

Ouch….a Month (ok and a bit).

Well things have been flying along around here.  To many things to mention in a single post.  Lots of great stuff.  Now the big question is, to blog or not to blog?  Most of the blogoshpere seems to have moved to Twitter.  Now while I like twitter I don’t think I will abandon the blog (such as it is).  I think I will keep it to post relevant info that I can reference back to.  Which I think was the whole idea in the first place.  So…..

Very Busy lately….

OK so I haven’t posted anything lately.  My apologies.  I’ve been busy with a couple of different things.

So…..now what?  OK, I’ll be posting a bunch of stuff later this week.  Stay Tuned.

Datacenters (Datacentres)….

The industry is a buzz with material on datacentres and the technology therein.  I’ve found many good articles on large scale, net new, next generation stuff.  As a for instance, check out this video of Google’s container datacentre. Cool stuff.  However it doesn’t look like a traditional datacentre at all.

In the case of net new I can see this happening.  My question is, going forward as a mid range organization what do you do if you need a second datacentre?  I’m really liking the concepts that Cisco, VMware are putting forward with their Network Virtualization strategies.  Of course my paranoid security mind agrees with The Hoff.

I’ve been and am busy….

Lots of stuff going on these days.

First, I’ll be doing a presentation to the combined security and audit groups of ISACA, IIA and ACFE.  Yikes.  I was asked by a member of the ACFE board to do a dinner presentation and I jumped at the opportunity.  So I’ve been spending a bit of time building a presentation deck.  It’s slow going, but very interesting.  When you start to pull a lot of different pieces of information together you start to see trends and patterns.  Nothing earth shattering just interesting.

Second, work is very busy.  Lots of great stuff around future state and security.  It’s going to be a very interesting year.

Third.  Well the weather is finally letting up (for those of us in the Great White North, eh).  What does that mean….well more outdoor time for a start.  Less time to blog….not really too much of an issue considering my infrequent attempts at actually bloging.

Happy Easter!!