How cool would it be if Gordon Ramsay was an infosec consultant?

April 3rd, 2008 Drazen Drazic

Each week he visits another company and sorts out their problems in his own unique way. I could imagine a talk with many CIOs going along the lines of:

“Oh ^%$ me….what the &*$# are you actually %*&*ing doing here? Okay, show me what you actually @%$ing know about *&^%ing security!?…..if your customers actually &*$^ing knew what the $*&$ you $*&$ing do and don’t *&$#ing do, you’d make them *&^$ing ill. And who’s this #&^$ing guy you have looking after $&##ing security. Why don’t you *(#$ing listen to him?!…… oh *&#$ me!”

Blunt or beating around the bush…..what works best? I would watch this show.

Posted in Ford Falcon | 4 Comments »

McAfee: Email is not intended for sending attachments….

January 7th, 2008 Drazen Drazic

Yep, you heard that right. Background: one of few Windows systems we use cannot send any attachments with email. We try everything and narrow it down to McAfee’s product. Numerous emails to support were like talking to a brick wall…. but you got to love this comment from the McAfee dude (thanks Dec), who tells us that email is not intended for file attachments. Trust me, there’s no hidden context to this email. Gees….here’s me doing the wrong thing for the last 15 odd years. Check this out! (oh, and by the way, this is just one part of a large email trail to get the problem fixed…many more funny parts to it….Dec…you want to post them?)….BTW, we gave up in the end.

Read the rest of this entry »

Posted in Bad Stuff, Dumb Security, Ford Falcon, To cool, WTF | 3 Comments »

Too good not to highlight……

November 1st, 2007 Drazen Drazic

I know this one about the House of Lords debating the liquid ban has done the rounds, but gees it’s worth a read. “The Register” dudes cover it well.

Posted in Bad Stuff, Dumb Security, Ford Falcon, To cool, WTF | 1 Comment »

The Worm fights back…..

October 25th, 2007 Drazen Drazic

Hot on the heels of the ABC and Press Club in Australia trying to defeat the Worm (part of the Australian election debate) - unsuccessfully, Security Researchers are also discovering that it cannot be beaten. In fact, the Worm is not only now defeating attacks to kill it, it is fighting back. Is it just coincidence that this all came to a head on Sunday night? Is this another reason to vote in the Worm friendly Labor Party? Hmmmm….you have to wonder.

The Worm has become a living entity now by the looks of things as reported in Network World and as verified by IBM - with AI powerful enough to allow it to make decisions on the fly to attack those it sees as a threat to it’s existence.

Reports out of Tihsllub where the Worm is believed to have originated are sketchy, with all IT services down for the last 4 days. We have though heard through reputable sources that have managed to get out of the city, that there are unconfirmed reports that the developers of the Worm confessed to having lost control. One of the developers, known only as “Eddie”, is reported to have stated before his untimely disappearance; “It was just for fun…no money…no government…no terrorism….just prank on my girlfriend……now it goes crazy…..it’s alive! I am in fear of my human!”

So the warning to all: whatever you do, if you come across the Worm, don’t approach it or try to engage it in any way, just pretend it’s not there. But, if you are backed into a corner and have no other options, just be nice to it. That may be enough!

Posted in Bad Stuff, Ford Falcon, WTF | 6 Comments »

“Ethical Hacking”….that term is a worry….

August 7th, 2007 Drazen Drazic

Courses that teach under-skilled individuals the basics of “hacking” are a worry to me. Companies that teach “ethical hacking” courses are worry…….most I know I would not hire to review a static one page site. What is that they are trying to achieve? I read the course objectives for pretty much all of these courses and they worry me.

So….big company that can afford to send netadmin to one of these courses now thinks netadmin can do network and web app pen test…..saving bucks now by not hiring a third party?!?! Akin to me reading the “Idiots Guide to Accounting” and professing to be able to manage the financial books of News Limited.

Come on….WTF….give the professionals some credit!

Posted in Applications, Bad Stuff, Disclosure Laws, Dumb Security, Ford Falcon, Vulnerability Management, WTF, Web Application Security, cyber crime, governance | 15 Comments »

IPv6….when…why….security?

May 10th, 2007 Drazen Drazic

Is this getting any closer? It’s funny that the security weaknesses are already being discovered – for a while - what many years now?

Most security presentations continue to deliver the message that we’re only facing these security problems today (forget that many apps are also doing it) because of the inherent in-secureness of the architecture we all work on. Isn’t v6 supposed to fix that?! Or is it still focussed on being the fix to IP addresses today running out one day? (Like coal, oil)..Who knows?

It’s funny that a whole generation of IT dudes missed the early 90s where we all (or most) saw Unix and TCP/IP as old and on the way out systems and protocol…and Novell NetWare (and somewhat Windows) and IPX/SPX as the new world.

Did we move backwards or what? You can tweek and tune an old Ford Falcon GT to go as fast as a Ferrari…but you can’t guarantee at those speeds it will be safe. Sounds like a pretty cool analogy or am I just living in the past?

Posted in Ford Falcon, Vulnerability Management | 2 Comments »