We may be in the middle of the summer but already the calendar for the autumn is starting to fill up. I will be presenting at Source Barcelona and also at BruCON in September. For both of these seminars I will be talking about the lessons learnt from when I set up IRISS-CERT and how those lessons can be applied to those looking to set up their own incident response team. While the topic may be similar the approach to each talk will be different.
Source Barcelona has two tracks, one business and the other technical, and my presentation will be in the business track. So the focus of that talk will be on the business aspects of setting up an incident response team. Xavier Mertens gives a great overview of the different tracks in Source Barcelona over on his /dev/random blog.
BruCON is a more traditional technical security event and my presentation at that seminar will focus more on the technical aspects of setting up an incident response team and the tools, challenges and solutions one can face.
Also in September I will be speaking at the Cloud Computing Summit 2010 which will be held in Dublin. I will be on a panel discussing issues surrounding the Security, Compliance and Regulatory requirements with cloud computing.
Then of course in November there is the IRISS-CERT Annual Cyber Crime conference. Details have yet to be finalised regarding the speaker lineup but already it is looking excellent and it promises to be another exciting event this year.
Hopefully I will get to meet some of you at one of the above conferences.
I had the pleasure of finally meeting Javvad Malik, otherwise known as the infoseccynic, at the recent Infosec show in London. Javvad takes a refreshing look at the issues we face in the information security profession and you should visit his site or follow him on twitter to get his view on things.
Javvad kindly took the time to meet with me and have a chat about some of the things happening in the world of information security.
Recent investigations by German authorities discovered that the Google street car was recording information about Wireless Access Points it detected during its journeys. More seriously it was revealed that the system recording that data was also gathering any data being transmitted over any unsecured wireless networks it detected. Google claims that this was a mistake and has promised to delete all such data.
On Tuesday the 18th May the RTE news covered the story and I was interviewed as part of the piece which is available here.
The May 5th edition of the Irish Times ran an article, called “Cloud Computing Storm“, on the controversy generated by the recent memo from the Irish Department of Finance advising that government bodies exercise caution when looking to move data or systems to a cloud computing platform. I am quoted in the article in relation to security issues with the cloud.
The Sunday Business Post ran an article in their Computers In Business magazine last Sunday. I am quoted in the article giving some recommendations on how businesses should approach securing their VPN access. The full article is available on the Sunday Business Post site.
Registration for the event is now open and those who register before February 25th can avail of the early bird pricing which is €170 for members of the Irish Computer Society and €295 for non-members. After February 25th the registration fee increases to the standard fee of €200 for members of the Irish Computer Society and €350 for non-members.
For more information and to register please visit the ICS website.
On Thursday the 21st of January Boards.ie announced that they were the victims of an external attackwhich may have led to the compromise of their user database. As that database contained more than 280,000 users it was potentially a major issue. Details of what happened are available on Boards.ie’s website where they give a good summary of the main points that happened during the attack. What was really impressive was the way that the management and staff of Boards.ie managed the communications throughout the event. Damien Mulley has a good post on the whole area of crisis communication, a key element many overlook in their incident response plans. I was also interviewed on the late news on Network 2 that night and make a brief appearance on the news item which starts are 12 minutes or so into the bulletin.
The next meeting of the Irish Information Security Forum will be held on the 28th of January at 14:00 in the Oak Room in Buswells Hotel on Molesworth St. Dublin 2. The topic for the meeting will be “What’s hot in Information Security in 2010″.
I was interviewed by RTE Radio 1′s Morning Ireland show about the latest vulnerability in Microsoft’s Internet Explorer. The interview focused on the calls by the French and German governments for people not to use Internet Explorer until a patch is released and to move to a different browser instead. The full interview is available on RTE’s website.
Since the interview Microsoft announcedthey will release an out of cycle patch to address this issue. Also it is interesting to note that the Australian CERT, AusCERT, has a different view to the French and German governments on this issue and claim that the issue has been overblown. The Trend Micro Countermeasures blog also has some good guidance regarding how to deal with this vulnerability and indeed any other vulnerabilities that have no patches available.
Andrew Hay is a gentleman I became acquainted with thanks to twitter. Andrew is a modest chap who describes himself as a “devastatingly handsome author, sporadic blogger, bbq junkie, and security strong man”. He has an excellent blog and has recently decided to run a series of interviews of people in the information security industry. I was very honoured and humbled when he asked if I would take part and the results are available over at his blog. Enjoy !!