Last night I attended the BCS ELITE annual dinner - the first for several years, but well worth the wait. It was a black tie event at the Landsdowne Club, where the food and wine was excellent, and the latter flowed in quantity (hence feeling rather fragile today). I was really pleased to find that I was sharing a table with the always entertaining Lord Renwick and his lovely Lady, as well as several other intelligent and erudite folk. What a good start to the festive season :-) This post isn't really much to do with security, but I would recommend ELITE to anyone interested in good conversation and networking with IT people.
I just spent three extremely useful and enjoyable days at the ISACAInformation Security and Risk Management conference in Amsterdam. A great selection of speakers and topics, plus terrific networking opportunities. If you are able to attend next year (in Vienna I believe) it could be a good investment. For US readers, the conference is also held Las Vegas - this year's event was just as stimulating as the European version.
I'm an enthusiastic Facebook user, unlike some in the security community. I find social networking rewarding on a personal level and as a musician and am prepared to go the extra mile to limit my exposure as a result.
I was therefore, fascinated to find The Month of Facebook Bugs - a series of reports on vulnerabilities in Facebook applications. Well worth a read, especially if your personal information on Facebook is genuine and you enjoy using lots of Facebook apps!
Today I was sent a link to an excellent video of journalist Misha Glenny, who spent several years investigating organized crime networks worldwide. If you watch one security-related video this week, this should be it!
When Which? Computing asked me to help evaluate online banking services, I expected to find very similar results amongst the ten banks they selected. However, as their press release says, there were some pretty big differences. Although we only looked at the visible security measures in place, some banks appeared to offer little to help defend against simple keyloggers.
I know that there are some sophisticated banking Trojans around, using man-in-the-browser attacks, but surely that's not an excuse to ignore defending against simpler malware and physical keyloggers?
Obviously banks need to balance good security against usability, being concerned that consumers may be put off by complex authentication processes. But with the vast increase in the number of Trojans, and more and more people using public WiFi and shared computers, Barclays' approach of using a PINsentry device seems like the most secure option.
Having decided to have a day off, I find myself browsing the National Museum of Computing web site. I first met Tony Sale about ten years ago and his enthusiasm was infectious. If you haven't visited Bletchley Park then I strongly recommend it - not only to learn about the history of computing but also the incredible work done by the code breakers during World War II. If you've got a few quid (or dollars or Euros) to spare, then consider a donation to either of these excellent organisations.
Well, that's Infosecurity Europe over for another year - our 7th as exhibitors and my 11th as a speaker (I think). The new venue at Earls Court seemed to be viewed by most people as a big improvement and I have to agree - the show felt more relaxed yet more alive.
Our press conference on web authentication bypass was well received, with Computer Weekly and Infosecurity Adviser reporting the story. We'll be explaining more about this problem, which stems from poor web site configuration, at our next white-hats.co.uk meeting on 15 May. The fact that the problem affects web portals as well as e-commerce sites and that even two-factor authentication is no protection makes this an important issue for discussion.
Then finally on Thursday 30th, again wearing my white-hats.co.uk hat, I'm facilitating two different discussions in the new Security Cafe one on "Laptop Security - Understanding The Threats & Countermeasures" and the second on "Wireless Security - The Real State Of Play" which is about threats to corporate security through insecure home wireless networks.
I'll be ready for the long weekend after all that!
OK - it had to happen, someone finally posted a video interview of me to YouTube. It's all about blended attacks and was recorded at the Combating Cybercrime in Betting & Gaming conferencein January this year. I'm quite pleased with the interview, but I hate to imagine what the YouTube viewers are going to say! :-)
As someone who works to combat cybercrime and cyberterrorism you may be surprised that I am very much against the extradition of Gary McKinnon. However, I am also someone with intimate knowledge of Asperger's syndrome in two members of my immediate family. As a result, I had the privilege of meeting and discussing Asperger's with the UK's foremost authority, Dr. Simon Baron-Cohen during a diagnosis some years ago. Dr. Baron-Cohen has lucidly explained the condition and the potential impact of incarceration on Gary here. I have no doubt that if he believes Gary has Asperger's then that will be the case.
The IT industry not only contains more than its fair share of people with Asperger's, it also benefits significantly from their intelligence and intense focus. If you work in IT you probably know several people with this condition, although you (and they) may not realise it. We need to try to understand them, to celebrate their positive contributions and to make allowances for some of their apparently obsessive behaviours. You may even be interested to test your own Autism-Spectrum Quotient or to support the National Autistic Society.