It must be the Chinese Hackers again….

May 9th, 2008 Drazen Drazic

Is there anything bad happening on the net not being blamed on “Chinese Hackers”? Forget the story….same old stuff. Some of the comments here are priceless:

www.theregister.co.uk/2008/05/08/belgium_india_china_warnings/comments/

Now just in case there is some language issues thing here in translation, this is a sarcastic post and in no way talking bad about Chinese Hackers. Point those probes in another direction. :-)

Posted in Bad Stuff, Dumb Security, To cool, WTF, cyber crime | 1 Comment »

IPv6 Ramblings…..

May 9th, 2008 Drazen Drazic

Interesting and good to see IPv6 get a mention/submission in Australia’s 2020 Summit. The submission is here. Not sure where it is headed as I couldn’t see any mention in the Initial Summit Report. Maybe others have heard more about this?

We haven’t lacked in some good write-ups on IPv6 in recent times. Thanks to Donal for passing this one from Arbor Networks onto me.

The Google IPv6 2008 Conference panel video is well worth seeing if you haven’t already.

Are we getting much closer?

Previous Beast or Buddha posts:
http://beastorbuddha.com/2008/03/31/some-good-ipv6-links/
http://beastorbuddha.com/2007/05/10/ipv6whenwhysecurity/

From 2001; IPv6 and the Future of the Internet.

Posted in Research | 1 Comment »

More on not logging - “Reverse Compliance”

May 8th, 2008 Drazen Drazic

Declan’s recent post on logging being a double edged sword started some interesting discussion. Anton Chuvakin follows-up further on his blog and writes:

“Reverse compliance” is a motivation to purposefully avoid technologies that have a chance of telling you that you are NOT in compliance. Sadly, logging is featured very high on the list of such technologies that a) tell you about all the problems with your compliance posture (e.g. direct violations of regulatory requirements, lack of controls, inefficient controls, policies not followed, etc) as well as b) are mandated by various regulations (e.g. PCI DSS) and c) actively used by auditors for finding compliance issues.

Read the rest of Anton’s post.

Posted in Disclosure Laws, Forensics, PCI, PCI DSS, Risk Management, cyber crime, governance | 3 Comments »

1.5 Billion Euro investment into Securus Global

May 6th, 2008 Drazen Drazic

The rumours about this company or that company wanting to buy into Securus Global continue but this one we are seriously considering. This should turn us into THE global force of Infosec Consulting:

> From: xxxxx xxx <xxxxxx@yahoo.fr>
> Reply-To: <xxxxxx.xxxx@yahoo.fr>
> Date: Mon, 5 May 2008 21:37:32 +0200 (CEST)
> To: <xxxxxx@yahoo.fr>
> Subject: INVESTMENT  PROJECT
>
> I WANT TO INVEST MY FUND {1.5BILLION EURO}IN YOUR COMPANY, LET ME KNOW
> YOUR TERMS ,IF YOU ARE INTERESTED TO INVEST WITH ME GET BACK TO ME
> WITH YOUR FULL DETAILS, I WILL SEND THE BOND FOR CONFIRMATION FOR US
> TO PROCEED THE PROJECT.
>
>
>
> MR XXXX XXXX
> OIL AND GAS

Look out world!

Posted in Securus Global | 4 Comments »

Read more Beast or Buddha