The InfoSec Blog

I’m no fan of Pen-testing, but its remarkable how people fail to learn from the past experience of others, even when that experience is so heavily publicised for such a long period of time that it is part of our cultural baseline.

Technorati Tags: Trojan Horse, penetration test

You don’t have to be obsessively conservative or paranoid to avoid a lot of problems and risks. Applying a little common sense will do, a my fellow CISSP, Martin McKeay points out in his blog entry:

“Use common sense Anything that sounds too good to be true probably is. Don’t follow the link from an anonymous email promising quick riches or cheap products. Most of those are just attempts to get your money, and some are going to try and install software on your computer or get information from your computer.”

The post may be a few years old, but this advice, along with his other points, is current.

Technorati Tags: security, McKeay, Common sense, cissp,

Its one of those bootstrap problems - the new CISSPs who need to read the information can’t get at the FAQ on how to sign up for the CISSP Forum because they need to be members of the forum in order to read the instructions.

Yes, I know the information is at the (ISC)² web site, but that’s an incredibly difficult site to navigate.

Because of this, Gary Hinson and myself, each quite independently, took the CISSP Forum FAQ and converted it to a web page, adding hyperlinks etc. The two pages are at:

• http://www.infosecwiki.com/bin/view/CISSPForum/TheForumFAQ
  
• http://www.noticebored.com/html/cisspforum_faq.html

Both sites are very rich, but very different in nature. Gary makes use of custom mind-maps to assisit in navigation, whereas the Wiki allows for registered members - CISSPs - to contribute.

The CISSP Forum at YahooGroups is very active. It is not a purely technical group, but an active support group for CISSPs. It handles well over 1,000 messages a month and is the kind of “social network” that some vendors would pay millions of dollars to own - if it wasn’t a closed group that spurns advertising.

The astounding thing is that so few CISSPs know about it. (ISC)² seems to make no effort to publicise it to people as they gain their certification.
If you are a CISSP, visit either of those two pages, or better still go directly to the (ISC)² web page for registration - https://www.isc2.org/cgi/cissp_forum.cgi - and sign up.

Technorati Tags: cissp, wiki, forum, (ISC)2,

Scott Adams, the creator of the Dilbert cartoon, recounts in his blog his recent experiences with airport security and its oddities in “Dangerous Containers“. He tells of how a transparent 4-ounce container of shampoo that held only one ounce of fluid was confiscated becuase it could hold more than three ounces. In his typical manner he explores the threat that those three ounces of ‘nothing’, along with the larger quantity of ‘nothing’ in his not-full bag could be a threat.

The blog posting is not that funny. What is outrageous are the comments. Some people need to take life a lot less seriously.

Technorati Tags: scott adams, nothing, airport security, terrorism

This white paper moves away from the relgious fervour of the geeks to the B-School reasons for open source.

This white paper will demystify the concepts of open source for readers—especially those in Finance—who are unfamiliar with the movement’s principles. The paper will then explore the ways in which open source concepts can be applied to the area of business performance management (BPM)—the set of processes, including budgeting, forecasting, and reporting, that financial and operational managers use to make decisions and run their businesses. Finance readers will learn how they can harness open source to provide a new alternative to solve longstanding BPM problems, while IT readers will learn how to apply their open source knowledge to support their Finance organizations.

Registration is required to download the white paper.

Technorati Tags: open-source

No, this isn’t a Small Is Beautiful article. Its about “Small is Practical”.

Let me begin with an anecdote.

Back in the early 1980s I worked for a UNIX shop as a kernel programmer. I wrote many device drivers for many platforms. It was a true “How I fought with hardware and Software but kep my sanity” stage of life and was very interesting. One of the ‘toys’ was an early VAX-780 with an early version of BSD 4.x. No, really, we had TCP in 4.1c before 4.2. But the hardware or the VAX and the PDP-11, like other hardware I’d worked on, was liited by today’s standards. We had a whopping 4 Megabytes of memory in the PDP-11/44 that the company ran on. It supported 40 users doing development, building compilers and cross compiling for other platforms. We shifted across to the VAX as it proved its stability and its performance improved as Bill Joy played software leap-frog with Dave Cutler - but that’s another story.

Read the rest of this entry »

With Thanks to Gary Hinson and Michael Gerdes who found this on the web and extended it …

1. Project Manager is a Person who thinks nine women can deliver a baby in one month.
2. Construction manager is one who thinks single woman can deliver nine babies in one month.
3. Controls manager is one who asks if the baby is in the budget (and if it saves money to adopt).
4. Project Engineer is a person who thinks he can deliver a baby even if no man and woman are available.

Read the rest of this entry »