tag:blogger.com,1999:blog-9126889845924473010Mon, 20 May 2013 08:04:25 +0000TJXFirewallsitweb102009soxcontrolkittmanagamentnew york cityperfect securityend point protectionaaronhotmaildlpcellphonesmsnewsmeasurementmalwaresmall businessData loss preventionprivacyreal world mirrorbruce whitfieldbusiness continuityclaritysecurity catalyst forumsvulnerabilitieschromeanalogywall of wisdomcell phonesliquid damagevirginia techrisksm dospciisc2compromisespamgeniustelkomalan shimelhome pcemailconficker2008trainingIBMfacebookkevin mitnicksecuriosissouth africaleakautopatcherlegalisg africa2007philosophydata breachestrojancrafty nookcomputersviagrahappy new yearaustraliainformation centric securitySecurity Bloggers NetworkGPLrichard stallmanspin doctoringmodel-drivendisk worldstocksjeremiah grossmanie6cool technologyATMsphil zimmermaninformation classificationwormCIAgovernanceframeworkenatiscaliforniaInformationblogginggooglelinus torvaldsstripshowhenry fordauditorsNTFSConscious Competence Learning ModelsohointroductionclientNACcsogreg daypresidentsretailmessagelabschristmasthe agehackingadvertisingcreative commonsriskFATcreativitygenerations of securityelectricityISP7 habitsECT Actpretoria newsbig pictureexceladslswimming pool theoryipsthe hoffsteve jobsnirvanaIRCspywareoff topicproductivitycredit cardopen standardsadrian lanekreepy kraulyPCscoveyhacktricksROIbeetrootwife. customerp2p90ssunday timesmike rothmancloud computingjavelinparisexposed.comdominic whitedark readingremoteverizongoogle gearsfreewarepolice commemoration poetryterry pratchetthackerssansnetworksimage spamawarenesszimbabwecostscompanywikipediaphishingmeasurable securityITweb11serversunixtwittercompliancevpnproject managementvirtualisation2010 fifa world cup3picsrebecca heroldgmailsecurity conferencecd backupsPC Inspector File recoveryitweb09nick taylordocumentationPIIwebnetpcpredictionsparis hiltonsecurity 2.0puzzlesecurosisopen sourceagilitypatchespresentationKPAfirefoxdelljewishanswers.orgencryptionapplicationselucidatepatch advisefirst postAndy the it guyweb 2.0symbiansunpetrolrabbi seinfeldFirst National Bankpatient recordsiso27001chutzpahManto Tshabalala-Msimangphysical securityduckyblogsthe futurepresentation zenharry potterxmlparadigmdoctorbusinessblack and whiteitwebNokialicenseseraserspam. hackersthe timestorahtemet noscestethoscopeBloggerrootkitcomplaintms07-0056mxitlossesfuelinciteandroidFifth Annual Global State of Information SecuritytheftFNBmicrosoft office1970sseparation of dutieshanukkahperfect stormie7mosessugarfunDHCPceodisqusceossimplicityhumansdr seussusersyahoorulesstrikedeep thinkinglord kelvinstate of fearrappercontractssapsdocumentsappleCISSPITpasswordspiracylucidmarriagedisclaimersbrandfailInformation Securitysecurity.compresscomplexityLotusrichard bejtlichGovernmentCIOpdfsintermittent variable rewardSSAATYcsipmetricscrimeprocess-centric securitybill gatesstate of riskknight riderinternetpatchingwindowspinbreaking rulesdosdisaster recoverylinuxwrongmelawsecurity planprocesspoliticsemployeesrapethe atourismamatomuhomecoming revolutionmonitoringsymantecbackupscommunicationdepartment of transportwebsitepoliciesSLApetitioncraftslisteningKevin Kellyantiviruscaptchajobswsjstealth hackersintellectual property70smicrosoftstephen coveymozillakool-aidnew ideapelzman effectexpertgartnermoneyInformation Security Thoughts - Allen BaranovA blog dedicated to thoughts about Information Security.http://securethink.blogspot.com/noreply@blogger.com (Allen Baranov)Blogger176125-26.104928.0493tag:blogger.com,1999:blog-9126889845924473010.post-2287862439846350018Mon, 20 May 2013 08:04:00 +00002013-05-20T10:04:25.874+02:00A more positive and comprehensive SABSA Strength-in-depth Strategy [Extending SABSA's Strength-in-Depth Strategic Controls] SABSA is brilliant. In one short week, I had my head expanded to exploding point. I highly recommend it to any Security person who is looking to understand more how what they do impacts on a Business.  What is very interesting is that Business people understand risks. That is what they do. They understand governance and they also http://feedproxy.google.com/~r/SecurityThoughts/~3/_OJRf84LMPQ/a-more-positive-and-comprehensive-sabsa.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=_OJRf84LMPQ:WlINvs0cc80:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=_OJRf84LMPQ:WlINvs0cc80:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=_OJRf84LMPQ:WlINvs0cc80:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/_OJRf84LMPQ" height="1" width="1"/>http://securethink.blogspot.com/2013/05/a-more-positive-and-comprehensive-sabsa.htmltag:blogger.com,1999:blog-9126889845924473010.post-6507828615693684125Thu, 09 May 2013 12:47:00 +00002013-05-09T14:47:23.140+02:00If you know nothing else about Information Security... know this![The best advice you can get (today anyhow)] Information Security, like any other profession or specialisation has a lot of technical confusing terms and jargon. It has tools that only experts can use and statistics that only the same experts can read. It creates a brotherhood (and sisterhood) of professionals and this is fine. But, also like other professions, Information Security has its http://feedproxy.google.com/~r/SecurityThoughts/~3/bItotcNypns/if-you-know-nothing-else-about.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=bItotcNypns:53cjOxwDOOo:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=bItotcNypns:53cjOxwDOOo:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=bItotcNypns:53cjOxwDOOo:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/bItotcNypns" height="1" width="1"/>http://securethink.blogspot.com/2013/05/if-you-know-nothing-else-about.htmltag:blogger.com,1999:blog-9126889845924473010.post-750537400657059394Fri, 05 Oct 2012 13:33:00 +00002012-10-05T15:33:23.955+02:00What if - trams actually turned into rhinos?Anyone who has spent enough time in Melbourne would have caught a tram and would have probably seen this poster: It is a warning on the how dangerous it could be to be hit by a tram published in the interests of passenger safety by Yarra Trams. My brain did a bit of a wobble and came up with this question: "What would happen if magically each of the trams in Melbourne were to turn into 30 http://feedproxy.google.com/~r/SecurityThoughts/~3/Y24rzQDfWjI/what-if-trams-actually-turned-into.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=Y24rzQDfWjI:0590WOCUUHM:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=Y24rzQDfWjI:0590WOCUUHM:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=Y24rzQDfWjI:0590WOCUUHM:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/Y24rzQDfWjI" height="1" width="1"/>http://securethink.blogspot.com/2012/10/what-if-trams-actually-turned-into.htmltag:blogger.com,1999:blog-9126889845924473010.post-844739622891662225Mon, 01 Oct 2012 07:42:00 +00002012-10-01T09:42:40.921+02:00IT vs Business (The War We Don't Even Know We Are Fighting!)[IT is out to kill the business - Business is out to kill IT. We all win!] My dad has essentially worked for 2 companies in his 50 or so years in business and had he not emigrated, he probably would have stayed at one. I worked at 2 companies in just my first 5 years of full time employ. And this is not strange. No one viewed me as unstable or a "job hunter". It is just the way it works. "http://feedproxy.google.com/~r/SecurityThoughts/~3/9pdR2F3ewG8/it-vs-business-war-we-dont-even-know-we.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=9pdR2F3ewG8:SxJCuy50CNQ:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=9pdR2F3ewG8:SxJCuy50CNQ:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=9pdR2F3ewG8:SxJCuy50CNQ:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/9pdR2F3ewG8" height="1" width="1"/>http://securethink.blogspot.com/2012/10/it-vs-business-war-we-dont-even-know-we.htmltag:blogger.com,1999:blog-9126889845924473010.post-8090829642409377044Fri, 14 Sep 2012 05:21:00 +00002012-09-14T07:21:22.612+02:00HD Moore's Law? How can you tell if you are compliant?HD Moore's Law is a joke. And not a very funny one either being a pun and having a requirement of being very technical and requiring knowledge of the IT Security community just to get half way to understanding it. It usually requires the user of the term to explain why it is funny and that is a serious faux pas when it comes to jokes. So, let me explain the joke. :) Moore's Law is pretty well http://feedproxy.google.com/~r/SecurityThoughts/~3/JDxFUMmmc7c/hd-moores-law-how-can-you-tell-if-you.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=JDxFUMmmc7c:hAfS2q0oY90:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=JDxFUMmmc7c:hAfS2q0oY90:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=JDxFUMmmc7c:hAfS2q0oY90:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/JDxFUMmmc7c" height="1" width="1"/>http://securethink.blogspot.com/2012/09/hd-moores-law-how-can-you-tell-if-you.htmltag:blogger.com,1999:blog-9126889845924473010.post-4787109661540297856Tue, 04 Sep 2012 01:13:00 +00002012-09-04T03:13:59.463+02:00Seven Habits of Highly Effective Security Plans [Part 6] Habit 4 is the first habit to deal with “others”. The first 3 habits are internal – 4 is external. Think “Win-win”. This is almost impossible for a security professional. Almost. The issue is that every change to a system (from a lonely PC to a worldwide network) has some risk to the system itself and mostly in terms of availability. In some cases the risk is 100% - for example when a http://feedproxy.google.com/~r/SecurityThoughts/~3/-8fZf5z7erU/seven-habits-of-highly-effective_4.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=-8fZf5z7erU:DqCRx7-uQNE:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=-8fZf5z7erU:DqCRx7-uQNE:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=-8fZf5z7erU:DqCRx7-uQNE:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/-8fZf5z7erU" height="1" width="1"/>http://securethink.blogspot.com/2012/09/seven-habits-of-highly-effective_4.htmltag:blogger.com,1999:blog-9126889845924473010.post-506564315532530198Tue, 04 Sep 2012 01:10:00 +00002012-09-04T03:10:39.367+02:00Seven Habits of Highly Effective Security Plans [Part 5]Steven R Covey died on July 16, 2012. This is sad news indeed. I really liked his 7 habits work. It was (like ISO27002 and the like) a good framework but not a good standard. And therein lies its power. It is like powered milk – without adding something then you have nothing. I took the 7 habits and started (5 years ago!) to make a series called the 7 habits of highly effective security policies.http://feedproxy.google.com/~r/SecurityThoughts/~3/lHoOIwADtOM/seven-habits-of-highly-effective.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=lHoOIwADtOM:zX6zTBs4XMg:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=lHoOIwADtOM:zX6zTBs4XMg:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=lHoOIwADtOM:zX6zTBs4XMg:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/lHoOIwADtOM" height="1" width="1"/>http://securethink.blogspot.com/2012/09/seven-habits-of-highly-effective.htmltag:blogger.com,1999:blog-9126889845924473010.post-4082557190544392823Tue, 24 Apr 2012 09:55:00 +00002012-04-24T11:55:18.513+02:00Why the Privacy Bill is important to you! [Almost every country in the world protects its citizens' person information. Almost.] This is an example of a Membership Application form that I needed to fill in to be able to rent a video. You'll notice that besides all the usual stuff, they have asked for my date of birth, ID number, employer. They need to know my next of kin which is interesting.. in case I die while hiring a videohttp://feedproxy.google.com/~r/SecurityThoughts/~3/V99kYy-hrpo/why-privacy-bill-is-important-to-you.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=V99kYy-hrpo:jK1jkAkMReA:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=V99kYy-hrpo:jK1jkAkMReA:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=V99kYy-hrpo:jK1jkAkMReA:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/V99kYy-hrpo" height="1" width="1"/>http://securethink.blogspot.com/2012/04/why-privacy-bill-is-important-to-you.htmltag:blogger.com,1999:blog-9126889845924473010.post-7265162814048303127Fri, 09 Mar 2012 10:31:00 +00002012-03-09T12:31:27.925+02:00The Meaning of Life Part 1 - The Firewall[Your Firewall does nothing...yet] This is the third time I am writing this blog post because I just couldn't seem to get the thought straight and the tone and level right. My first two attempts took a whole bunch of text to say this: Basically Firewalls came before NAT. NAT is a magic network concept that creates a type of one-way-mirror allowing devices on the inside of the firewall to http://feedproxy.google.com/~r/SecurityThoughts/~3/NsIp5ZMtr3o/meaning-of-life-part-1-firewall.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=NsIp5ZMtr3o:mu-hFB7rS0Y:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=NsIp5ZMtr3o:mu-hFB7rS0Y:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=NsIp5ZMtr3o:mu-hFB7rS0Y:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/NsIp5ZMtr3o" height="1" width="1"/>http://securethink.blogspot.com/2012/03/meaning-of-life-part-1-firewall.htmltag:blogger.com,1999:blog-9126889845924473010.post-3320309497308051358Fri, 09 Mar 2012 08:22:00 +00002012-03-09T10:22:52.962+02:00Information Security Analyst Available.[Hire Me... Please.] I am currently searching for a job so if any of my dedicated readers know of anything...please let me know. I have about 10 years of experience in Information Security and am currently an Information Security Analyst for The South African Breweries Ltd. I have built up a wealth of technical knowledge but my most recent experience is in management which means getting vendorshttp://feedproxy.google.com/~r/SecurityThoughts/~3/oHjetUHrRSg/information-security-analyst-available.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=oHjetUHrRSg:bxc6umJNiJo:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=oHjetUHrRSg:bxc6umJNiJo:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=oHjetUHrRSg:bxc6umJNiJo:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/oHjetUHrRSg" height="1" width="1"/>http://securethink.blogspot.com/2012/03/information-security-analyst-available.htmltag:blogger.com,1999:blog-9126889845924473010.post-408212353736222988Tue, 22 Nov 2011 13:55:00 +00002011-11-23T09:59:46.059+02:00cool technologyknight riderkittgooglethe hoffandroidoff topicGoogle's Next Big Thing [A company owned by geeks - its obvious what is next: KITT] I think, after spending quite a while putting all the information I have together and filling in the blanks what Google's next big aim is. So, from what I can tell the original founding members of Google - Larry Page and Sergey Brin put this list together as things to do with their lives: Create cool geeky technology  Createhttp://feedproxy.google.com/~r/SecurityThoughts/~3/QM6YHj43L0M/googles-next-big-thing.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=QM6YHj43L0M:5zmxjFl2xII:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=QM6YHj43L0M:5zmxjFl2xII:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=QM6YHj43L0M:5zmxjFl2xII:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/QM6YHj43L0M" height="1" width="1"/>http://securethink.blogspot.com/2011/11/googles-next-big-thing.htmltag:blogger.com,1999:blog-9126889845924473010.post-517234756073407591Mon, 24 Oct 2011 13:40:00 +00002011-10-24T15:40:14.666+02:00A great loss to the IT world. One of its great inventors dies. [Dennis Ritchie died at the age of 70.] He was one of the most influential computer engineers ever. I could go into details as to what he did but lets look only at how his work contributed to Steve Jobs becoming a household name. Ritchie created the C programming language and with Ken Thompson, Ritchie created the Unix Operating System. With out Unix, Jobs would not have had a basis for his http://feedproxy.google.com/~r/SecurityThoughts/~3/1ZVNltv1WoU/great-loss-to-it-world-one-of-its-great.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=1ZVNltv1WoU:m7TUBk-v6eg:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=1ZVNltv1WoU:m7TUBk-v6eg:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=1ZVNltv1WoU:m7TUBk-v6eg:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/1ZVNltv1WoU" height="1" width="1"/>http://securethink.blogspot.com/2011/10/great-loss-to-it-world-one-of-its-great.htmltag:blogger.com,1999:blog-9126889845924473010.post-3579404927765059345Wed, 27 Jul 2011 07:55:00 +00002011-07-27T09:55:52.788+02:00What are your rights regarding personal email? [Extra Bit][Are Facebook Saints?] Just adding an extra point to my recent Blog post. The question I posed in my last post about email sharing was triggered by Facebook stating that it is wrong for a person to mass move private details such as email addresses and telephone number etc to a new service provider without the person knowing. It is an interesting (and perhaps valid) argument which covers up whathttp://feedproxy.google.com/~r/SecurityThoughts/~3/nqs-rvujkdQ/what-are-your-rights-regarding-personal_27.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=nqs-rvujkdQ:iO7f-L5bkBI:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=nqs-rvujkdQ:iO7f-L5bkBI:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=nqs-rvujkdQ:iO7f-L5bkBI:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/nqs-rvujkdQ" height="1" width="1"/>http://securethink.blogspot.com/2011/07/what-are-your-rights-regarding-personal_27.htmltag:blogger.com,1999:blog-9126889845924473010.post-5769326140986306947Thu, 07 Jul 2011 13:41:00 +00002011-07-07T15:41:19.720+02:00What are your rights regarding personal email?[I'm not talking legally...just ethically] So, someone gives you their business card with all their details. Can you load it on Outlook to make it easier for you to contact them. Can you add them to you phonebook on your phone? What if your phone gets stolen? Can you give it to a colleague? What if the colleague has some work for the person? What if the colleague is an annoying git? Can you givehttp://feedproxy.google.com/~r/SecurityThoughts/~3/WmzQHsonbxY/what-are-your-rights-regarding-personal.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=WmzQHsonbxY:a6u77MMNVro:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=WmzQHsonbxY:a6u77MMNVro:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=WmzQHsonbxY:a6u77MMNVro:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/WmzQHsonbxY" height="1" width="1"/>http://securethink.blogspot.com/2011/07/what-are-your-rights-regarding-personal.htmltag:blogger.com,1999:blog-9126889845924473010.post-6770331119497810410Fri, 20 May 2011 10:56:00 +00002011-05-20T12:56:34.033+02:00ITWeb Security Summit - Wrap Up [Part One][Some good stuff from the conference] I really wanted to write something longer but this will do for now. I just want to get something out there that is not a tag-cloud. Stuxnet and Spy Wars Patrick Gray from Risky Business Podcast and Tony Olivier both spoke about a world that we are only starting to understand now where Governments are playing with Information and changing the world with http://feedproxy.google.com/~r/SecurityThoughts/~3/B2cIg1x81rk/itweb-security-summit-wrap-up-part-one.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=B2cIg1x81rk:kqxcpex-4II:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=B2cIg1x81rk:kqxcpex-4II:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=B2cIg1x81rk:kqxcpex-4II:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/B2cIg1x81rk" height="1" width="1"/>http://securethink.blogspot.com/2011/05/itweb-security-summit-wrap-up-part-one.htmltag:blogger.com,1999:blog-9126889845924473010.post-4840938749088976802Mon, 16 May 2011 08:48:00 +00002011-05-16T10:48:49.971+02:00ITWebSec Tag Cloud part 2This is an updated to the previous post. I have cleaned up the data a bit. Again I left out the words "HTTP", "ITWebSec" and "RT" as these added nothing to the cloud and common English words such as "The" and "And". Including these words, there are 2307 different words. The top names (chosen by "@" in front) are: @itwebsec, @haroonmeer, @MushiD, @mattdoterasmus, @abaranov and @DeepPurple77. The http://feedproxy.google.com/~r/SecurityThoughts/~3/j7OzLdpOACY/itwebsec-tag-cloud-part-2.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=j7OzLdpOACY:jby9JoQWBQ4:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=j7OzLdpOACY:jby9JoQWBQ4:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=j7OzLdpOACY:jby9JoQWBQ4:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/j7OzLdpOACY" height="1" width="1"/>http://securethink.blogspot.com/2011/05/itwebsec-tag-cloud-part-2.htmltag:blogger.com,1999:blog-9126889845924473010.post-3139882408065878394Wed, 11 May 2011 01:42:00 +00002011-05-11T03:42:47.326+02:00ITWebSec tag cloudThere was too much information at ITWeb Security Summit for me to make a sensible post of all of it just yet. So, I thought I would hack something together. I ran a search against the latest 100 twitter comments: http://search.twitter.com/search.atom?q=%23itwebsec&rpp=100 ,got the feed as XML. Grepped for "title", popped that into tagcrowd.com , fiddled the results a bit and: http://feedproxy.google.com/~r/SecurityThoughts/~3/vJTZVxozWZE/itwebsec-tag-cloud.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=vJTZVxozWZE:PFLfCjl9uAg:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=vJTZVxozWZE:PFLfCjl9uAg:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=vJTZVxozWZE:PFLfCjl9uAg:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/vJTZVxozWZE" height="1" width="1"/>http://securethink.blogspot.com/2011/05/itwebsec-tag-cloud.htmltag:blogger.com,1999:blog-9126889845924473010.post-7077497582549389501Thu, 05 May 2011 09:43:00 +00002011-05-05T11:43:27.721+02:00ITweb11Information SecuritypresentationMiscellaneous Ramblings - Irony, Security Summit etcI've been doing a lot of thinking recently about the last year. I basically run my professional year from ITWeb Summit to ITWeb Summit and around this time I think back over the last year about what has changed and what is new. I find that InfoSec is cyclical and this year is the unexciting one. Last year we were dealing with iPads and their ilk and Cloud and SaaS and all that good stuff was http://feedproxy.google.com/~r/SecurityThoughts/~3/mgT-19OIfDc/miscellaneous-ramblings-irony-security.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=mgT-19OIfDc:EOIk1Fjrsv8:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=mgT-19OIfDc:EOIk1Fjrsv8:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=mgT-19OIfDc:EOIk1Fjrsv8:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/mgT-19OIfDc" height="1" width="1"/>http://securethink.blogspot.com/2011/05/miscellaneous-ramblings-irony-security.htmltag:blogger.com,1999:blog-9126889845924473010.post-3618697610146516258Fri, 01 Apr 2011 11:21:00 +00002011-04-01T13:21:29.519+02:00passwordscomputersInformation SecurityhumansdlpI cheated....[... at Sudoku] When I first started with Sudoku puzzles my interest was "how do I reduce these to an algorithm?" I wrote some code that would solve the puzzles and then started to try do it in my head. I got better and better and the simpler puzzles started to get very boring and the harder ones became easy. Then, recently I got hold of an advanced Sudoku book and I was hooked once again. Buthttp://feedproxy.google.com/~r/SecurityThoughts/~3/Lw4xz8nYz4w/i-cheated.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=Lw4xz8nYz4w:7YeSfdTPfE8:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=Lw4xz8nYz4w:7YeSfdTPfE8:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=Lw4xz8nYz4w:7YeSfdTPfE8:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/Lw4xz8nYz4w" height="1" width="1"/>http://securethink.blogspot.com/2011/04/i-cheated.htmltag:blogger.com,1999:blog-9126889845924473010.post-6140766925852534985Tue, 08 Mar 2011 08:46:00 +00002011-03-08T10:46:07.188+02:00[Slightly OT] Whats Your Number, Cucumber?I was doing some "research" (Google search for "Allen Baranov") and found a little nugget back from 2001 when I asked how long until phone numbers become redundant. I think I was a bit ahead of my time - we are still waiting for a DNS for telephone numbers after all. But seriously, how many telephone numbers did you used to know? And how many do you know now? From someone with a short-term http://feedproxy.google.com/~r/SecurityThoughts/~3/xAjJkUfD3hM/slightly-ot-whats-your-number-cucumber.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=xAjJkUfD3hM:qiicSnLvI8s:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=xAjJkUfD3hM:qiicSnLvI8s:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=xAjJkUfD3hM:qiicSnLvI8s:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/xAjJkUfD3hM" height="1" width="1"/>http://securethink.blogspot.com/2011/03/slightly-ot-whats-your-number-cucumber.htmltag:blogger.com,1999:blog-9126889845924473010.post-864429951282208042Fri, 04 Feb 2011 07:53:00 +00002011-02-04T09:53:32.142+02:00The Hoff Asks Some Tough Questions[Must Read Article To Get You Thinking] I usually don't repost blogs and articles that I find because I like this blog to my personal sounding post. The practice can also lead to a blogger feeling that he is accomplishing something but is really just posting links over and over. I have an RSS reader to do that for me, a Google to get the stuff I missed. However, I was drafting an article on http://feedproxy.google.com/~r/SecurityThoughts/~3/xNgYmUrXkmw/hoff-asks-some-tough-questions.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=xNgYmUrXkmw:3i3ZWGoe1Ps:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=xNgYmUrXkmw:3i3ZWGoe1Ps:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=xNgYmUrXkmw:3i3ZWGoe1Ps:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/xNgYmUrXkmw" height="1" width="1"/>http://securethink.blogspot.com/2011/02/hoff-asks-some-tough-questions.htmltag:blogger.com,1999:blog-9126889845924473010.post-5914432278944760590Fri, 14 Jan 2011 08:11:00 +00002011-01-14T10:11:55.218+02:00CIAphilosophyInformation SecurityThe CIA, the lead box at the bottom of the ocean and the sacred cow.[Where does Availability sit?] So, the first thing you'll learn when doing Networking is the OSI stack even though everyone uses TCP/IP which doesn't fit neatly into the OSI concept. The first thing you'll learn in InfoSec is the CIA triangle. This is our sacred cow even though we don't really work towards it. Or do we? Should we? I really respect the guys at Securosis and admire the way they http://feedproxy.google.com/~r/SecurityThoughts/~3/4LNlHfGBU7E/cia-lead-box-at-bottom-of-ocean-and.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=4LNlHfGBU7E:eFVwcKEYe9o:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=4LNlHfGBU7E:eFVwcKEYe9o:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=4LNlHfGBU7E:eFVwcKEYe9o:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/4LNlHfGBU7E" height="1" width="1"/>http://securethink.blogspot.com/2011/01/cia-lead-box-at-bottom-of-ocean-and.htmltag:blogger.com,1999:blog-9126889845924473010.post-8077458673230010406Wed, 05 Jan 2011 11:47:00 +00002011-01-05T13:47:30.844+02:00A WTF to the start the year.[Every once in a while a news story comes along that makes you wonder...] According to TechCentral :- Thieves steal Sim cards from Jo’burg traffic lights "The Johannesburg Roads Agency (JRA) suspects that a syndicate is stealing Sim cards from the city’s hi-tech traffic lights, and using them to run up phone bills." The article goes on to say "If all 400 traffic lights need to be repaired duehttp://feedproxy.google.com/~r/SecurityThoughts/~3/GqjhFMrIiBU/wtf-to-start-year.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=GqjhFMrIiBU:LgXr5Cde0Qc:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=GqjhFMrIiBU:LgXr5Cde0Qc:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=GqjhFMrIiBU:LgXr5Cde0Qc:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/GqjhFMrIiBU" height="1" width="1"/>http://securethink.blogspot.com/2011/01/wtf-to-start-year.htmltag:blogger.com,1999:blog-9126889845924473010.post-3645615570433131098Fri, 22 Oct 2010 13:18:00 +00002010-10-22T15:18:05.406+02:00Information Classification Like Creative Commons [Part 3]So it seems that at least one person reads this blog. I got email from Andrew Yeomans from Commerzbank AG about my ideas in my recent Blog posts - Information Classification Like Creative Commons. (Part 1 and Part2) I came up with the idea myself but it seems that I was beaten to it by a group called SPIDER in a document available on the 'net here [pdf].  They discuss using graphics as opposed http://feedproxy.google.com/~r/SecurityThoughts/~3/AKBJ0vXwamU/information-classification-like.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=AKBJ0vXwamU:QaTWMzMOu6g:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=AKBJ0vXwamU:QaTWMzMOu6g:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=AKBJ0vXwamU:QaTWMzMOu6g:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/AKBJ0vXwamU" height="1" width="1"/>http://securethink.blogspot.com/2010/10/information-classification-like.htmltag:blogger.com,1999:blog-9126889845924473010.post-4262685768091067648Mon, 13 Sep 2010 10:25:00 +00002010-09-13T12:26:18.798+02:00complaintkreepy kraulydocumentationcool technologyoff topicI bought a Kreepy Krauly BullShark...[... and the documentation came on CD-Rom.] I think this is totally missing the whole point. Why not just give me paper? It can't be more environmentally friendly to make a CD, copy the information onto it and then print a pretty design onto the CD. So my story is that on Sunday, I opened the box, took everything out. I decided to do the installation by the book. And there was no book. Just a http://feedproxy.google.com/~r/SecurityThoughts/~3/uW5ZcNcifNM/i-bought-kreepy-krauly-bullshark.htmlnoreply@blogger.com (Allen Baranov)<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=uW5ZcNcifNM:2pJXf0hBM-o:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=uW5ZcNcifNM:2pJXf0hBM-o:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=I9og5sOYxJI" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/SecurityThoughts?a=uW5ZcNcifNM:2pJXf0hBM-o:qj6IDK7rITs"><img src="http://feeds.feedburner.com/~ff/SecurityThoughts?d=qj6IDK7rITs" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/SecurityThoughts/~4/uW5ZcNcifNM" height="1" width="1"/>http://securethink.blogspot.com/2010/09/i-bought-kreepy-krauly-bullshark.html