Following on from my earlier post regarding my visit to Infosec last week I was reviewing my notes and thought I would share some interesting insights with you;

  • Many of the vendors running PCs on their stands or running their presentations used Microsoft Windows XP.  I saw very few systems running flavours of Linux or indeed Windows Vista.  Given that Windows XP is not supposed to be as secure as Vista or the Linux variants I thought this to be an interesting turn of events.
  • Security awareness amongst those attending the show was not well displayed.  Many people were happy to pick up free USB keys where possible, which I thought would be an interesting vector for the Honeystick Project
  • Also the amount of people using public Internet kiosks to access corporate email accounts, online banking accounts and other sensitive data surprised me.  I would have expected those attending the show to be aware of the risks posed from using public PCs.
  • Continuing on the theme of security awareness I was also surprised that many vendors did not secure their devices on their stands.  Laptops were left on top of counters with no cable locks, PDAs and Blackberrys were left on tables and mobile phones left lying around.  If an unscrupulous company wanted to get valuable information on their competitors all they had to do was visit their stands and wait for the sales staff to get distracted.
  • Notable by their absense at one of the premier security events in Europe were a number of key players that I expected to be there.  Cisco did not have a stand at the show, nor did Trend Micro or Panda Labs. 

Maybe I am getting paranoid in my advancing years but if shows like Infosec are meant to showcase the best the industry has to offer surely we need to ensure that as an industry we practise what we preach lest what we practise is what we breach.