Security Pie

Finally a bold contester for the “big bucks spent for nothing in a marketing movie”, “what did they think” and “you are so cool. NOT” categories.

Someone from the Windows 7 marketing team thought that the following movie would be funny and interesting. Well, it is not. Personally I feel so stupid spending 6:14 minutes trying to understand if there is a hidden message. I even tried to run it backwards and looked at other movies in this channel, trying to determine if this is indeed an original / legal 
Microsoft publication (it looks legit).

They got the cast right: a young and an older women. The stereotypical geek and a black person (humm, is a real black person? ) but what about the plot?

WTF?

January – It’s this time of the year. Sales Kick Off. SKO. Many high technology companies are having their annual or bi annual sales meeting this week.  Flights to the Silicon Valley are fully booked, hotels are crowded and the bartenders are busy.  The company I’m working for is not different. We’ll have our bi annual meeting event in one of the Silicon Valley’s finest hotel later this week.  Some of us gathered together at the hotel to have more in depth discussion before the entire sales and marketing force will arrive. 

This hotel was chosen by a different company as their SKO launch pad. Apparently, this company competes with one of our products. At the same time, we are also very synergetic. (Think about PCI 6.6 WAF + VA synergy).  Keeping the insider threat and the real enemy in mind, those who run sales for this company should take a look at Brian’s book (link to Amazon) 

Read the rest of this entry »

Yahoo! is reducing costs and sending people home. In my opinion they could have saved a lot of money just by not sending all those proxy letters and tons of other items to my address. (Yea, I have some few shares). As expected, the internal presentation explaining how to cut employees was leaked to the Internet. I guess that the Internet Protocol (IP) doesn’t really work that well when the Do Not Forward bit is defined as text on a Power Point.

As a second thought, maybe there’s an opportunity for a new start up to create the technology to embed ‘Do Not Forward’ text into packets that can never leave the network.

So Aaron got the sack and articles regarding the threats of a slugging economy and recession era (such as this) are common.   Organizations should protect sensitive data at all times based on their risk management strategy. Unfortunately, such times help us to understand the risk better. I’m not saying that the damage of leaked presentations (BTW, I think that the content itself is good, but the context is awful) is on Yahoo!’s top risk matrix, but I do think that organizations should set their strategy for data protection.

 

 

Cisco is promoting Diego Rivas

Dave, a developer from Melbourne, Australia brings an interesting story . He was installing a newly purchased VPN product. When he loaded the VPN client software, he discovered that in the place of the usual boring software was an audio disk with 12 tracks of Spanish music (see Cisco\’s Hit). A lively discussion on Dave’s blog tried and successfully managed to identify the musician.  You can watch the video below.

Beyond the anecdotal story there are few things that we can learn from this incident. I’m not picking on Cisco specifically: In the past, one of the products that I was managing was built by very large OEM partner that was responsible for building the appliance, packaging, forwarding etc. Though it was very rare, we had few incidents when customer X received parts of a printer with his order (inside the appliance package), while another customer received the wrong CDs etc. Errors do occur and I believe that Cisco will do everything it can to learn from this manufacturing snafu and improve its quality assurance process. However from a security risk management point of view , this incident is a reminder to trust no one:

Every CD should be considered suspicious, even if it arrived inside a box that has the Cisco logo. Due to the popularity of Cisco’s gear there’s a second hand market and also some fake devices. Softpedia tells that even the United States government is reportedly using some 3500 fake Cisco-branded network devices, including routers, network switches and hubs. “According to the investigation results, the fake devices are worth up to $3.5 million.” 

Trust no one is the moral of this story.  On a side note, this story also explains why the DOD is investing so much money looking for the kill switch. 

Enjoy the music!

(Arik, What’s going on down there in Australia?, we’re getting a steady stream of weird reports recently