tag:blogger.com,1999:blog-9126889845924473010Fri, 16 Jan 2026 00:46:45 +0000Information Securityinformation centric securityantivirusblogsAndy the it guyFirewallsITpredictionsthe hoffbusinessdlphackersoff topicpci2008Informationalan shimelbackupsfacebookgooglehackingprivacysecurosissouth africaunix20097 habitsGovernmentTJXawarenessbloggingdata breachesenatishackinternetitwebmicrosoftopen sourcepasswordspressriskstephen coveyweb70s90sBloggerCISSPNACSecurity Bloggers Networkanalogyapplecloud computinggovernanceiso27001legalmalwarememoneypoliciessecuriosissmall businessspamsymantecthe agethe timeswormCIAFNBFifth Annual Global State of Information SecurityNokiaPCsROIaaronapplicationsauditorsaustraliaceosclientcool technologycrimedelldisaster recoverydominic whiteemailexcelexpertfirefoxgartnergoogle gearsintellectual propertyitweb09linuxmanagamentmike rothmanmosesopen standardspatchingperfect securityperfect stormphishingpresentationpresidentsprocessprocess-centric securitysecurity conferencesoxsteve jobsthe athe futuretorahtrainingtrojanusersverizonvirtualisationwsj1970s20072010 fifa world cup3picsATMsCIOConscious Competence Learning ModelDHCPData loss preventionECT ActFATFirst National BankGPLIBMIRCISPITweb11KPAKevin KellyLotusManto Tshabalala-MsimangNTFSPC Inspector File recoveryPIISLASSAATYadrian laneadsladvertisingagilityamatomuandroidarchitectureautopatcherbeetrootbig picturebill gatesblack and whitebrandfailbreaking rulesbruce whitfieldbusiness continuitycaliforniacaptchacd backupscell phonescellphoneceochristmaschromechutzpahclaritycommunicationcompanycomplaintcomplexitycompliancecompromisecomputersconfickercontractscontrolcostscoveycraftscrafty nookcreative commonscreativitycredit cardcsipcsodark readingdeep thinkingdepartment of transportdisclaimersdisk worlddisqusdoctordocumentationdocumentsdosdr seussduckyelectricityelucidateemployeesencryptionend point protectioneraserfirst postframeworkfreewarefuelfungenerations of securitygeniusgmailgreg dayhanukkahhappy new yearharry potterhenry fordhome pchomecoming revolutionhotmailhumansie6ie7image spaminciteinformation classificationintermittent variable rewardintroductionipsisc2isg africaitweb10javelinjeremiah grossmanjewishanswers.orgjobskevin mitnickkittknight riderkool-aidkreepy kraulylawleaklicenseslinus torvaldsliquid damagelisteninglord kelvinlosseslucidmarriagemeasurable securitymeasurementmessagelabsmetricsmicrosoft officemodel-drivenmonitoringmozillams07-0056mxitnetpcnetworksnew ideanew york citynewsnick taylornirvanap2pparadigmparis hiltonparisexposed.compatch advisepatchespatient recordspdfspelzman effectpetitionpetrolphil zimmermanphilosophyphysical securitypinpiracypolice commemoration poetrypoliticspresentation zenpretoria newsproductivityproject managementpuzzlerabbi seinfeldraperapperreal world mirrorrebecca heroldremoteretailrichard bejtlichrichard stallmanrisksm dosrootkitrulessabsasanssapssecurity 2.0security catalyst forumssecurity in depthsecurity plansecurity.comseparation of dutiesserverssimplicitysmssohospam. hackersspin doctoringspywarestandardsstate of fearstate of riskstealth hackersstethoscopestocksstrikestripshowsugarsunsunday timesswimming pool theorysymbiantelkomtemet nosceterry pratchettthefttourismtrickstwitterviagravirginia techvpnvulnerabilitieswall of wisdomweb 2.0websitewife. customerwikipediawindowswrongxmlyahoozimbabweA blog dedicated to thoughts about Information Security.http://securethink.blogspot.com/noreply@blogger.com (Allen Baranov)Blogger180125tag:blogger.com,1999:blog-9126889845924473010.post-7643814215759418303Tue, 20 Jan 2015 04:23:00 +00002015-01-20T06:23:39.558+02:00I was looking at my old posts and found this prediction from 2009 for 2009: http://securethink.blogspot.com.au/2009/01/prediction-number-1-for-2009.html I essentially predicted that the market for cards would drop off and that "hackers" would start looking at stealing other information. Remember that, in most cases, they have access to the entire network. All the juicy intellectual property is http://securethink.blogspot.com/2015/01/i-got-it-right-my-timing-was-just-off.htmlnoreply@blogger.com (Allen Baranov)tag:blogger.com,1999:blog-9126889845924473010.post-8651645543874627703Mon, 21 Jul 2014 23:17:00 +00002014-07-22T01:17:43.772+02:00[The South African State IT Agency awarded former provincial top cop Mzwandile Petros's company a R10m deal to recover three stolen laptops. Even at this price, they may not get them back. Intact. With all the data. I have a better plan.] Read this article on how the South African State IT Agency awarded former provincial top cop Mzwandile Petros's company a R10m deal to recover three stolen http://securethink.blogspot.com/2014/07/how-to-save-millions-with-desktop.htmlnoreply@blogger.com (Allen Baranov)tag:blogger.com,1999:blog-9126889845924473010.post-5219795401014701281Wed, 27 Nov 2013 04:58:00 +00002013-11-27T06:58:49.025+02:00[TL/DR version: Is it ethical to "connect" with an interviewer on LinkedIn during the hiring process?] As a professional and a contractor, my name is my most important asset. So therefore ethics are everything to me. This is especially important because of the fact that I am an Information Security professional and usually have access to information that is confidential. I need to be http://securethink.blogspot.com/2013/11/linkedin-ethics.htmlnoreply@blogger.com (Allen Baranov)tag:blogger.com,1999:blog-9126889845924473010.post-4920082818102390690Tue, 04 Jun 2013 02:31:00 +00002013-06-04T04:31:01.447+02:00architectureFirewallsInformation Securitypoliciessabsasecurity in depthstandards A Practical Example to Using SABSA Extended Security-in-Depth Strategy from Allen Baranov Following on from my last post, this is a practical way of using the extensions I proposed for the Security in Depth part of SABSA. It gives an example of creating a Firewall Standard using the extensions. I found this to be easier to do with a presentation than explaining it on the Blog so there http://securethink.blogspot.com/2013/06/slideshow-practical-example-to-using.htmlnoreply@blogger.com (Allen Baranov)Melbourne VIC, Australia-37.814107 144.96327999999994-38.6164245 143.67238649999993 -37.0117895 146.25417349999995tag:blogger.com,1999:blog-9126889845924473010.post-2287862439846350018Mon, 20 May 2013 08:04:00 +00002013-05-20T10:04:25.874+02:00 [Extending SABSA's Strength-in-Depth Strategic Controls] SABSA is brilliant. In one short week, I had my head expanded to exploding point. I highly recommend it to any Security person who is looking to understand more how what they do impacts on a Business.  What is very interesting is that Business people understand risks. That is what they do. They understand governance and they also http://securethink.blogspot.com/2013/05/a-more-positive-and-comprehensive-sabsa.htmlnoreply@blogger.com (Allen Baranov)tag:blogger.com,1999:blog-9126889845924473010.post-6507828615693684125Thu, 09 May 2013 12:47:00 +00002013-05-09T14:47:23.140+02:00[The best advice you can get (today anyhow)] Information Security, like any other profession or specialisation has a lot of technical confusing terms and jargon. It has tools that only experts can use and statistics that only the same experts can read. It creates a brotherhood (and sisterhood) of professionals and this is fine. But, also like other professions, Information Security has its http://securethink.blogspot.com/2013/05/if-you-know-nothing-else-about.htmlnoreply@blogger.com (Allen Baranov)tag:blogger.com,1999:blog-9126889845924473010.post-750537400657059394Fri, 05 Oct 2012 13:33:00 +00002012-10-05T15:33:23.955+02:00Anyone who has spent enough time in Melbourne would have caught a tram and would have probably seen this poster: It is a warning on the how dangerous it could be to be hit by a tram published in the interests of passenger safety by Yarra Trams. My brain did a bit of a wobble and came up with this question: "What would happen if magically each of the trams in Melbourne were to turn into 30 http://securethink.blogspot.com/2012/10/what-if-trams-actually-turned-into.htmlnoreply@blogger.com (Allen Baranov)tag:blogger.com,1999:blog-9126889845924473010.post-844739622891662225Mon, 01 Oct 2012 07:42:00 +00002012-10-01T09:42:40.921+02:00[IT is out to kill the business - Business is out to kill IT. We all win!] My dad has essentially worked for 2 companies in his 50 or so years in business and had he not emigrated, he probably would have stayed at one. I worked at 2 companies in just my first 5 years of full time employ. And this is not strange. No one viewed me as unstable or a "job hunter". It is just the way it works. "http://securethink.blogspot.com/2012/10/it-vs-business-war-we-dont-even-know-we.htmlnoreply@blogger.com (Allen Baranov)tag:blogger.com,1999:blog-9126889845924473010.post-8090829642409377044Fri, 14 Sep 2012 05:21:00 +00002012-09-14T07:21:22.612+02:00HD Moore's Law is a joke. And not a very funny one either being a pun and having a requirement of being very technical and requiring knowledge of the IT Security community just to get half way to understanding it. It usually requires the user of the term to explain why it is funny and that is a serious faux pas when it comes to jokes. So, let me explain the joke. :) Moore's Law is pretty well http://securethink.blogspot.com/2012/09/hd-moores-law-how-can-you-tell-if-you.htmlnoreply@blogger.com (Allen Baranov)tag:blogger.com,1999:blog-9126889845924473010.post-4787109661540297856Tue, 04 Sep 2012 01:13:00 +00002012-09-04T03:13:59.463+02:00 Habit 4 is the first habit to deal with “others”. The first 3 habits are internal – 4 is external. Think “Win-win”. This is almost impossible for a security professional. Almost. The issue is that every change to a system (from a lonely PC to a worldwide network) has some risk to the system itself and mostly in terms of availability. In some cases the risk is 100% - for example when a http://securethink.blogspot.com/2012/09/seven-habits-of-highly-effective_4.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-506564315532530198Tue, 04 Sep 2012 01:10:00 +00002012-09-04T03:10:39.367+02:00Steven R Covey died on July 16, 2012. This is sad news indeed. I really liked his 7 habits work. It was (like ISO27002 and the like) a good framework but not a good standard. And therein lies its power. It is like powered milk – without adding something then you have nothing. I took the 7 habits and started (5 years ago!) to make a series called the 7 habits of highly effective security policies.http://securethink.blogspot.com/2012/09/seven-habits-of-highly-effective.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-4082557190544392823Tue, 24 Apr 2012 09:55:00 +00002012-04-24T11:55:18.513+02:00 [Almost every country in the world protects its citizens' person information. Almost.] This is an example of a Membership Application form that I needed to fill in to be able to rent a video. You'll notice that besides all the usual stuff, they have asked for my date of birth, ID number, employer. They need to know my next of kin which is interesting.. in case I die while hiring a videohttp://securethink.blogspot.com/2012/04/why-privacy-bill-is-important-to-you.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-7265162814048303127Fri, 09 Mar 2012 10:31:00 +00002012-03-09T12:31:27.925+02:00[Your Firewall does nothing...yet] This is the third time I am writing this blog post because I just couldn't seem to get the thought straight and the tone and level right. My first two attempts took a whole bunch of text to say this: Basically Firewalls came before NAT. NAT is a magic network concept that creates a type of one-way-mirror allowing devices on the inside of the firewall to http://securethink.blogspot.com/2012/03/meaning-of-life-part-1-firewall.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-3320309497308051358Fri, 09 Mar 2012 08:22:00 +00002012-03-09T10:22:52.962+02:00[Hire Me... Please.] I am currently searching for a job so if any of my dedicated readers know of anything...please let me know. I have about 10 years of experience in Information Security and am currently an Information Security Analyst for The South African Breweries Ltd. I have built up a wealth of technical knowledge but my most recent experience is in management which means http://securethink.blogspot.com/2012/03/information-security-analyst-available.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-408212353736222988Tue, 22 Nov 2011 13:55:00 +00002011-11-23T09:59:46.059+02:00androidcool technologygooglekittknight rideroff topicthe hoff [A company owned by geeks - its obvious what is next: KITT] I think, after spending quite a while putting all the information I have together and filling in the blanks what Google's next big aim is. So, from what I can tell the original founding members of Google - Larry Page and Sergey Brin put this list together as things to do with their lives: Create cool geeky technology  http://securethink.blogspot.com/2011/11/googles-next-big-thing.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-517234756073407591Mon, 24 Oct 2011 13:40:00 +00002011-10-24T15:40:14.666+02:00 [Dennis Ritchie died at the age of 70.] He was one of the most influential computer engineers ever. I could go into details as to what he did but lets look only at how his work contributed to Steve Jobs becoming a household name. Ritchie created the C programming language and with Ken Thompson, Ritchie created the Unix Operating System. With out Unix, Jobs would not have had a basis for his http://securethink.blogspot.com/2011/10/great-loss-to-it-world-one-of-its-great.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-3579404927765059345Wed, 27 Jul 2011 07:55:00 +00002011-07-27T09:55:52.788+02:00[Are Facebook Saints?] Just adding an extra point to my recent Blog post. The question I posed in my last post about email sharing was triggered by Facebook stating that it is wrong for a person to mass move private details such as email addresses and telephone number etc to a new service provider without the person knowing. It is an interesting (and perhaps valid) argument which covers uphttp://securethink.blogspot.com/2011/07/what-are-your-rights-regarding-personal_27.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-5769326140986306947Thu, 07 Jul 2011 13:41:00 +00002011-07-07T15:41:19.720+02:00[I'm not talking legally...just ethically] So, someone gives you their business card with all their details. Can you load it on Outlook to make it easier for you to contact them. Can you add them to you phonebook on your phone? What if your phone gets stolen? Can you give it to a colleague? What if the colleague has some work for the person? What if the colleague is an annoying git? Can you givehttp://securethink.blogspot.com/2011/07/what-are-your-rights-regarding-personal.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-6770331119497810410Fri, 20 May 2011 10:56:00 +00002011-05-20T12:56:34.033+02:00[Some good stuff from the conference] I really wanted to write something longer but this will do for now. I just want to get something out there that is not a tag-cloud. Stuxnet and Spy Wars Patrick Gray from Risky Business Podcast and Tony Olivier both spoke about a world that we are only starting to understand now where Governments are playing with Information and changing the world with http://securethink.blogspot.com/2011/05/itweb-security-summit-wrap-up-part-one.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-4840938749088976802Mon, 16 May 2011 08:48:00 +00002011-05-16T10:48:49.971+02:00This is an updated to the previous post. I have cleaned up the data a bit. Again I left out the words "HTTP", "ITWebSec" and "RT" as these added nothing to the cloud and common English words such as "The" and "And". Including these words, there are 2307 different words. The top names (chosen by "@" in front) are: @itwebsec, @haroonmeer, @MushiD, @mattdoterasmus, @abaranov and @DeepPurple77. The http://securethink.blogspot.com/2011/05/itwebsec-tag-cloud-part-2.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-3139882408065878394Wed, 11 May 2011 01:42:00 +00002011-05-11T03:42:47.326+02:00There was too much information at ITWeb Security Summit for me to make a sensible post of all of it just yet. So, I thought I would hack something together. I ran a search against the latest 100 twitter comments: http://search.twitter.com/search.atom?q=%23itwebsec&rpp=100 ,got the feed as XML. Grepped for "title", popped that into tagcrowd.com , fiddled the results a bit and: http://securethink.blogspot.com/2011/05/itwebsec-tag-cloud.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-7077497582549389501Thu, 05 May 2011 09:43:00 +00002011-05-05T11:43:27.721+02:00Information SecurityITweb11presentationI've been doing a lot of thinking recently about the last year. I basically run my professional year from ITWeb Summit to ITWeb Summit and around this time I think back over the last year about what has changed and what is new. I find that InfoSec is cyclical and this year is the unexciting one. Last year we were dealing with iPads and their ilk and Cloud and SaaS and all that good stuff was http://securethink.blogspot.com/2011/05/miscellaneous-ramblings-irony-security.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-3618697610146516258Fri, 01 Apr 2011 11:21:00 +00002011-04-01T13:21:29.519+02:00computersdlphumansInformation Securitypasswords[... at Sudoku] When I first started with Sudoku puzzles my interest was "how do I reduce these to an algorithm?" I wrote some code that would solve the puzzles and then started to try do it in my head. I got better and better and the simpler puzzles started to get very boring and the harder ones became easy. Then, recently I got hold of an advanced Sudoku book and I was hooked once again.http://securethink.blogspot.com/2011/04/i-cheated.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-6140766925852534985Tue, 08 Mar 2011 08:46:00 +00002011-03-08T10:46:07.188+02:00I was doing some "research" (Google search for "Allen Baranov") and found a little nugget back from 2001 when I asked how long until phone numbers become redundant. I think I was a bit ahead of my time - we are still waiting for a DNS for telephone numbers after all. But seriously, how many telephone numbers did you used to know? And how many do you know now? From someone with a short-term http://securethink.blogspot.com/2011/03/slightly-ot-whats-your-number-cucumber.htmlnoreply@blogger.com (Anonymous)tag:blogger.com,1999:blog-9126889845924473010.post-864429951282208042Fri, 04 Feb 2011 07:53:00 +00002011-02-04T09:53:32.142+02:00[Must Read Article To Get You Thinking] I usually don't repost blogs and articles that I find because I like this blog to my personal sounding post. The practice can also lead to a blogger feeling that he is accomplishing something but is really just posting links over and over. I have an RSS reader to do that for me, a Google to get the stuff I missed. However, I was drafting an http://securethink.blogspot.com/2011/02/hoff-asks-some-tough-questions.htmlnoreply@blogger.com (Anonymous)