Monday, September 19, 2011

Most Popular Security Trends

Remember Information Security? Not anymore, we're fed up with Firewalls, Nac's, PortNoxes etc. Enough said on IT behalf, its time we must face the Risk Management Framework instead of pushing IT bravely and intensively, 'cause for what its worth all the functionality you get at the cost of HIGH RISK,

It is our duty to remember SLE X ARO = ALE

Bring a bottle of ALE, heh?

Best Regards

Monday, January 10, 2011


Cloud Computing has many variations (SaaS, PaaS, Hybrid and many more Sauses..), but we've forgot something. Remember Virtualization? Have you Considered Consolidation? Consider Massive Storage (low cost redundancy)?
Many folks in big companies still wish to have their hands On IT,
so why bother with giving up on unknown ServiceProvider?
they say: "It is better to have some in-house poor solution than to give up your privacy and mount up on some "Cloud Adventure".
yeah, and so - for what its worth ?
IT security nowadays stays an issue, cause if you want ROI - you go for the Cloud,
if you want your privacy - you go for home-made solution AND you have to deal with IT Security yourself. Still, some Cloud Security Providers have much better IT security solutions than you...and the question remains: "Are you ready to Let IT Be in the Cloud?"

Monday, September 13, 2010

Blogger - SPAM

what about recieving a 180 Spam Mails?

but what about getting Spam 180 comments to publish ?

blog writers, beware of spam.

our blogs will also be named spam sometimes.

no comments,


google spam filters are not working.. im telling you.

try "select all"->delete :)

Lord of The Rings - security issues unsolved

a bit of juice i missed back in 2006.

nowadays insecurity - anything is possible,
you dont see process, you dont see driver, you dont see open ports - that was a child play.

Ring 0 - OS kernel mode attacks, old and rusty, works with blue screens.
but what about ring -1 (Virtualization attacks)
and what about ring -2 (hardware, cpu instructions level attacks)
and what about ring -3 (re-flash your bios)

I see this as a negativism in the rings (consider "-"/minus) - dark magic.

I think that if some government uses botnet and "ring -X" technology,
well, its kinda "worst case" attack scenario we can ever imagine.

keep your children out of internet, please.

Friday, July 17, 2009

Spam Blogs

Google just marked my blog as a spam blog , i.e. their Robots identify me as another robot that generates a meaningless stream of words, da%m , folks
you've got to be kidding me , if it seems senseless to your robots , maybe you should try to read that yourselves ?
(and yeah , they write me a note , that i have 20 days to request a review , its like a death sentence to your blog , look at those empty bmw.blogspot and ibm.blogspot blogs and try to understand why they're not closing those ones).
sometimes your paranoia creates a robot you cannot control...

Tuesday, June 16, 2009

Map the Web

ok , some more mad start up ideas ..(google folks, are you there ?)
come on folks , i bet there is some government prize exists for a one who will give world a tool that maps the internet , huh ? how does that sound to ye?
i mean , real , basic ping-found , tracerouteable , nmapped , sniffed , fragmented , 60-70% approximated , internet infrastructure ...
What do You Have to say on that ?

"MapPing the Web" project , get on it safe ?

PCI DSS compliance

Today's standards leave us no choice but to rethink and redefine the environment we're living in . More utilities from low-tech to high-tech are vulnerable to risk of this or that value . assessment can be done at a hard effort at the cost of operability and maneuverability , tight competition brings a low budget business to a fast unreliable solutions done with no proper documentation , so that the main picture analysis can be resolved only by truly Big players in the industry
still , powerful businesses can bring more value by giving a small start-ups a chance or at least buy them out to give a good idea "a go".
but this kind of kindheartedness is a "rare find" these days...
but , lets get down to business .. strong compliance tools from big players - can they give you some real good approach to a compliance problem resolution ?
take FoundStone for ex, can they really automatize a solution ? can a computer tell you if you compliant ? i'll rephrase - can a computer tell you that you are safe ?
yeah , right , of course it can tell you that you believe it ? until next blasted shutdown , i guess...

Sunday, March 1, 2009

Measure Your Bandwidth

Just found this site.
You can measure your speed from here to there to get a common look on what actual speed your ISP is giving you, and , hell yeah, there can be a problem if someone's (like your neighbor) using your bandwidth with you :)

RSS Feed for TechNet Management Podcasts