Aha! Can’t believe I managed to avoid the unbelievable hype flood that
swept across the interwebs in the last month. And to think that the last post
(long overdue, I know… had REALLY good reasons for not being able to post
anything) was somewhat oracleish in predicting that this would be the focus
of this year.
Just to set the stage right – we are at a point where I just saw a USA
Today “Money” section front page article on how Google’s engagement
with the NSA post the breach will affect the security vendor market, and a
few VCs were also quoted to the fact that we will be seeing IPOs this year
that will ride this trend.
Overhyped – definitely. Real – just as it’s overhyped. You must be
asking then what to do? If the hype is too much, then there must not be so
much behind these scary global cyberwar threats! Not exactly – the threat
exists, and countries do deal ... (more)
This is going to be painful, so hold on.
Instead of mumbling short tweets about things I think that suck, I decided to
keep everything in and just formulate a post on it.
This post is a rant. It’s a complicated rant by an “old” guy (my excuse
for cynicism) in the industry who’s had a chance to see a lot going.
Disclaimer: I’m going to give some examples here, real life examples from
my own experience in the security industry. Some are from my consulting days,
some from the vendor days, some from freelance and other gig days. If you
think you are someone who I’m describing here ... (more)
Here’s a common question I get asked a lot: “What technology should I use
to secure my server/network/[some technology]?”
The question is usually presented by someone who’s in charge of
“Security” in an organization. Now, I wouldn’t have had a problem with
this if this was a technician, or a pen-tester of sorts, but I get really
nervous when the CISO/CIO/Security manager is the one asking.
I think that this question is highly inappropriate for two reasons:
You should not be looking for “technology”. Buying a product is not going
to make you more secure or less secure. You should n... (more)
You have been living under a rock if you haven’t heard of the Turkish hack
a couple of days ago. Basically – a Turkish hacker forum that bolsters a
strong anti-Israeli attitude has been practicing hacking and mostly defacing
Israeli sites for the past few months (years).
Now, this is nothing new, and as I stated before, has been going on for
years. I’m not even going to go to the political discussion on whether this
is sponsored by the government (or have been turned a blind eye by it), as
opposed to Israeli hackers that would like to retaliate but know that they
would be charge... (more)
This just came in the mail: (twice – at two different mailboxes – I must
be a high value target for these guys)
A classic phishing email, with the only exception that it seems highly
targeted at the Israeli market! (yeah – I know, I sound a little excited,
but this is the first one I ever got…). Obviously, I am not the new owner
of a BROWN denim jeans (eeewww!), so as I am very interested in who may want
my PayPal details, a bit of digging brought this up:
The phishing site (the one led to by the obvious “CANCEL TRANSACTION”
link) is hosted on al3abnt.com. al3abnt.com is obvi... (more)