Feb
5
Today my blog turned six, and I tweeted that fact with the following:
My blog http://singe.za.net/ turned 6 today. The fact that I'm tweeting this rather than blogging it is probably significant.
While blogging remains more a more satisfying and useful means of exploring a thought, twitter let's you skip the work and move onto the conversation (sometimes) a bit sooner, but without any decent record of that conversation occurring (twitter's searchable memory is too short). I'm certainly going to continue blogging, but I don't see my throughput increasing much. Luckily, subscribing to an RSS feed is only a cost if there are too many updates ;).
That being said, I think there's been some fun stuff on the blog in the last year, my favourite posts have been:
Posted by Dominic White
Feb
2
This week something special happened, something I'd been saving for the right person, something magical. Today, hackers took my private data. Everything's changed, I feel like a part of the world, connected to so many other people who have shared in this experience. Today, I'm a woman! (Ok, I may have gone a bit far with that last bit)
The skinny is that I use unique e-mail addresses for each service provider that I want to continue communicating with (for the ones I don't I use one-shot addresses). I noticed on the weekend that I was being deluged with pharmaceutical spam to three of these addresses, namely my Threadsy, Numbuzz & Share-it (via a product I bought there, ChatterBlocker) contacts. This lead me to tweet: "Either a security or ethics breach at @ & @ Getting Viagra spammed hard on the unique e-mail addresses I gave them."
Continue reading "Breach at iContact exposes my (and your) details to Spammers"
Posted by Dominic White
Last modified on 2010-02-02 11:25
Jan
8
Today is the last day of my first week at SensePost, so far the number of:
Continue reading "First Week at SensePost"
Posted by Dominic White
Last modified on 2010-01-13 08:56
Dec
30
As of the 4th of Jan, I will conclude
4-years of service to Deloitte's Security & Privacy group in South Africa, and be moving to SensePost. I have lots to say about it, but didn't want my perseverations over what/how to say it to get in the way of marking the move. My relationship and view of Deloitte is very positive and I learned a massive amount from incredible people. However, I've long wanted to work for SensePost and a combination of a great opportunity offered by the Post'ers and a "time to move on" feeling at Deloitte sealed the deal.
Posted by Dominic White
Last modified on 2009-12-31 12:51
Dec
30
Brian Krebs, author of SecurityFix and one of the very few mainstream infosec journalists, is pulling a McLeodd1 and leaving the Washington Post to go on his own. He will be reporting from Krebs on Security from today.
Apart from the coverage, Brian has also got involved in or instigated responses to some threats, and I hope that fewer editorial restrictions allow him to do and say more.
In truth, I only really like Brian because he's linked, to me before, encouraging up to 1.5 people to read the abstract on my thesis ;), but more seriously providing data and inspiration to me and several other researchers.
Good luck Brian
: I probably shouldn't mix my ZA and Infosec references, but Duncan McLeodd left the Financial Mail to form independent tech news startup TechCentral.
Posted by Dominic White
Last modified on 2009-12-30 16:24
Dec
14
Eugene Spafford has a warning for us in his latest entry that I thought worth remembering:
Generally, hackers who specialize in the latest attacks dismiss anyone not versed in their tools as ignorant, so I have heard this kind of criticism before. It is still the case that the "elite" hackers who specialize in the latest penetration tools think that they are the most informed about all things security. Sadly, some decision-makers believe this too, much to their later regret, usually because they depend on penetration analysis as their primary security mechanism.
In many ways, I worry that mechanisms like RSS & twitter and the associated behaviour help us to be up to date, but not knowledgeable, and that the implied arrogance of being up to date stops us from realising it.
Posted by Dominic White
Last modified on 2009-12-14 11:23
Dec
1
I'm quite excited and honoured to host a guest entry from Yusuf Moosa Motara covering his talk at ZaCon (a video of which can be found here, and the slides here).
Continue reading "Efficient extraction of data using binary search and ordering information"
Posted by Dominic White
Nov
19
Update: Haroon's talk "Why ZaCon" at the con provides more of an overview. Including some aspects I didn't consider.
Our first South Africa fledgling unconference-like security conference, ZaCon, takes place this Saturday (21 Nov). Our intention was to have something which fits in the gap between corporate conferences like the ITWeb security summit and academic conferences like ISSA. The former is huge and can afford to bring over some of the big names, but also has plenty of "paid for" opinions and a sometimes less meaty content. The latter is peer-reviewed and requires more than a slide deck and a grin to present at, but also sometimes values theory over pragmatism and places a large burden on people already holding down a job.
Continue reading "ZaCon - Information Security for the Rest of Us"
Posted by Dominic White
Last modified on 2009-12-01 08:53
Nov
17
As someone who uses a lot of web apps, I run into the problem of trying to remember multiple passwords. Most people resolve this by just using the same password across all the sites. However, as
numerous,
examples,
have,
demonstrated, that's not a good idea. The knee-jerk counter is to use a different password (or groups of passwords) across the sites, but that becomes difficult to remember. If you want the quick solution I'm proposing then check out
SuperGenPass (or
my customised version). The security geek details follow after the jump.
Continue reading "SuperGenPass"
Posted by Dominic White
Last modified on 2009-11-18 13:52
Oct
19
Boy do I have news for you security people out there; I have a 100% reliable way of breaking all encryption! I call it the "Evil Thug" attack. I provide this service for a small fee. The entry level service will get me or an employee for a hour, this is all it will take to break any encryption in the world (and no we don't
need a prostitute, even for 2048bit RSA encryption).
Continue reading ""Evil Thug" goes after Full-Disk Encryption"
Posted by Dominic White
Last modified on 2009-10-24 16:15
Oct
19
This weekend was rather eventful, and we learned a valuable lesson about viruses, security software, and professional scepticism in IT environments. I've briefly documented it below so you can learn from our mistakes.
Last week Wednesday a virus was detected on a client's network. The anti-virus (AV) host intrusion prevention system (HIPS) was updated to block access to the URLs the virus was using to fetch its payload and other control instruction.. However, the domain lookups[1] to these URLs increased massively by Friday, so much so, they caused the internal firewalls to fail due to the load from trying to inspect this traffic. Domain lookups were then blocked at the firewall, but the source of the lookups persisted. However, network access was restored and outwardly there was nothing wrong.
Continue reading "When AntiVirus was the Virus"
Posted by Dominic White
Last modified on 2009-10-20 00:07
Jul
17
I really love twitter, and use it more than I should. The only problem is, like most conversation, the signal to noise ratio isn't wonderful. However, unlike most conversation, this is digitial and "we can make it better". This is where my idea for "twilter" came from. It's just an idea, as I don't have the time or skill to implement it, but I'm hoping this forms a functional spec of sorts for someone who does.
Continue reading "Twilter - Filtering Twitter for higer Signal"
Posted by Dominic White
Last modified on 2009-07-20 15:58
Jun
28
Using a computer can be frustrating; you click on something and it doesn't complete as fast as it usually does, and you don't know why. Advanced users tend to look at their CPU usage, to provide some form of explanation. "Oh look, my CPU is really busy, that's why stuff is slow." This is often turned into a widget/gadget/
screenlet that sits on their desktop blinking the current CPU usage.
Continue reading "Monitoring your Laptop/Desktop Processes Reduces Frustration"
Posted by Dominic White
May
4
We loved every moment, if only there was more time. Some photos are up courtesy of our photographers. Our informal engagement shoot, and photos from the wedding.
In the meantime, we're off on honeymoon!
Posted by Dominic White
Last modified on 2009-05-05 10:49
May
1
In 17 hours. Finally, I can't wait.
Posted by Dominic White
SensePost
Barry Irwin
singe: Awesome breakdown from the reigning Web App Scanner queens NTObjectives on why their scanner kicked the other's asses http://is.gd/9e0GZ
Schneier on Security: Wikibooks Cryptography Textbook