Journalising, Journalism and Blogging…Restrictions on Posting

Posted on July 5th, 2009 by Drazen Drazic

I had a few comments sent to me about my last post. Some of the feedback; “It wasn’t inspirational”, “Its perspective wasn’t that unique”, “What was the point?” etc…. All fair points. My only response is that at times, I will use Beast or Buddha as my journal to write about things that aren’t necessarily meant to change anyone’s world or inspire, (though I did think the PCI post tried to do that)……just reflections on my day, week and thoughts going through my head about the good, and the bad in our industry, (though the latter motivates me far more to dissect and rant). I started Beast or Buddha for these reasons. Read on:

To a large degree, this blog, like many out there (I guess), are crippled in what I/we can post….or at least what I am willing/able to talk about. I’ve mentioned before that IT Security journalists do have a tough job, but I suppose IT Security bloggers to an extent can have it tougher at times. At least journalists can report just about everything that comes across their desks. We cannot – unless it’s about someone else’s work.

I can’t write about things relating directly to Securus Global’s day to day work (…at the time of the work, later without it falling into a generic topic, related in a generic way to other case-studies etc…..you get my drift)…the results of say our penetration testing work for example, the outcomes of research projects we’ve been engaged on etc etc……things far more interesting, newsworthy and many times worrying and scary as hell. :) I read about things in the press that months beforehand we’d been working on ourselves, discoveries we made that could never be reported, hacks of new technologies that now are world-wide “news”….. wow; iPhone vulnerabilities, ATMs again open to new attack vectors, etc etc (and we’re not the only ones who sit back reading and hearing about such news and thinking how much “news” it actually is not!).

So I suppose what I am trying to say is that the scope of topics for many posts are somewhat constricted….maybe more than “somewhat”… but there’s been enough room for me within those restrictions to bring out new ideas, present some recommendations and as always, upset a few people while I am doing it. I can’t guarantee it for every post. (……wonders how far down the chain this post itself is). :)

8 Responses to “Journalising, Journalism and Blogging…Restrictions on Posting”

  1. Wade M Says:
    July 5th, 2009 at 10:37 am

    Stop reading about the news and make it. I’m sure you can comment on ATMs being an open attack vector again in a generic way if you broke them. Media won’t ask for details, as you’ve seen. Only the techies who you need to tell you’re working with the Vendor, and details released after fix.

    You CAN sit in both worlds here.

    Peace,

    Wade

  2. DevilsA Says:
    July 5th, 2009 at 5:17 pm

    It is a bit of a gamble but if the balance can be there with relation to specific entities not evident; direct and or with research, news would be far more interesting for the masses than the usual.

    It’s not a case of hiding the truth but rather just not talking about it and that is a sad thing for progress, growing awareness and education for all.

  3. Drazen Drazic Says:
    July 5th, 2009 at 6:07 pm

    Similar discussions in the past and it’s not just black and white.

    NDAs, Client Confidentiality and other legals are at play as many would know. It does amaze me though seeing some of the things others post about things they do in countries I know cyber crime acts exist.

    I suppose they push the boundaries until they either wake up to the fact they shouldn’t be doing what they are doing or someone taps them on the shoulder. LOL – I suppose there’s a lot of grey areas that we contend with.

    @Wade, sent you DM in response also. Thanks for the responses guys. Nothing has really changed since day 1 of BorB but good to talk about it every so often. And I do expect to be pulled upon BS posts and follow-ups. :)

    DD

  4. FIGs Says:
    July 6th, 2009 at 7:39 pm

    Integrity brings credibility. To many other tossers in this game who over rate themselves and their work.

  5. Dumbos Says:
    July 7th, 2009 at 8:48 am

    If I am really bored with a new post here, I’ll click onto this category and have a laugh; http://beastorbuddha.com/category/dumb-security/
    Followed closely by; http://beastorbuddha.com/category/wtf/
    If still not satisfied, I will go and talk to my manager and get him to tell me how things should be. Have a good day all!

  6. DD Says:
    July 7th, 2009 at 9:23 am

    Thanks for the comments guys. Hey, if I impress only one person………….nah..that would be a pretty lousy percentage. :)

  7. Drazen Drazic Says:
    October 29th, 2009 at 7:30 pm

    If you are reading this, please respond here:
    http://beastorbuddha.com/2009/10/29/wondering-why-this-post-gets-the-most-hits/

  8. Matthew Hackling Says:
    November 6th, 2009 at 3:35 pm

    I battled with what to put in a blog for a while. After a while and a bit of practice i was able to twist what I am currently working on for my clients into best practice style articles. Can’t talk about the clients, their vulnerabilities in any shape or form due to personal and corporate NDAs. I think vendors are still fair game tho :)

Leave a Reply