Category Archives: InfoSec

The Obligatory Windows 7 has been released post :)

Leave a reply

As I am sure everyone is aware today the 22nd October 2009 was the day of release for Windows 7. So here we are, and should everyone be rushing to purchase their copy of W7, or should they be sticking with the old stuff?

Well I personally I have been running W7 for a while, thanks to the good old MSDN and I have to say I like it. Like many have said its not super amazing, or a leap in technology as such but its what Vista should have been. W7 certainly seems to operate in a more solid and speedier fashion for me than Vista, it has some reasonable security implementations, but its toned down so its not screaming at you every time you touch the keyboard courtesy of User Access Control.

I have the Ultimate version so I have Bitlocker to go which is pretty good, and I have blogged about in the past. It really does seem to be an improvement over XP, as thats really what people and most certainly organisations are going to be having to consider, and I have not had any issues to mention, so its a positive review from me.

So if your getting a new machine and its coming with Windows 7, I dont think you need to be crying and kicking and screaming for XP. Obviously as with all upgrade paths, you may have peripheral driver issues, but thats all part of upgrade fun 🙂

Organisations may also look to seriously consider trialing W7 in the environment to see what benefits it can bring, especially if your still running Windows 2000, or maybe NT and 98 🙂

If all else fails you can probably look forward to the next Windows offering in a couple of years :), unless we are all operating from Cloud 9. Also dont forget there is always some open source goodness to keep your machine up and running. I have multiple machines running different Windows and Linux flavours, so people have lots to choose from.

Happy upgrading, and dont forget to back up your important files. Oh and dont forget your bookmarks / favorites 😀

RSA Security Bloggers Meet Up 2009 London – A Success – Thanks to All

Leave a reply

Tuesday night in the Fountains Abbey in London at 7:30PM the first official RSA Security Bloggers Meet Up in the UK kicked off, and it was a great success.

The event was sponsored by Qualys, IronKey and ISACA, and it was thanks to them that we were able to provide an excellent buffet, an open bar, T-Shirt and USB key for every registered attendee. Over 30 people attended the event, everyone comment to me on what a success they thought the event was, the great opportunity to meet with new people and those they had only spoken to online. They also appreciated the relaxed atmosphere, and good discussions.

I am really pleased how the event panned out, and we had people there until 11PM when we had to pack up and head off.
I would like to thanks Kevin Riggins, Mel Johnson and I think it was Tomasz Miklas (sorry I am rubbish with new names) for helping to get everything setup before the official kick off.

I also want to thank Mel again from eclat marketing and Neil Stinchcombe from Eskenzi for all their help with organising sponsorship for the event.

I like others had a really great time, and will be more than happy to set this type of event up again in the future, so watch this space. A quick pointless stat, Stella and Guinness where the most drunk beverages of the evening 🙂

Security Bloggers Meet Up 2009

Registered Attendes got a bag with a T-Shirt, Sticker, and 1GB USB Memory Stick.

Goodies

T-Shirt Back

Below are a few pictures from the event taken by Xavier Mertens who blogs at Rootshell, thanks for taking these.

Links to some of the peoples blogs who attended the event below:

Infosec Ramblings | Help Net Security | BH Security Watch | Craig Balding’s Blog | IT Security Expert | Root Shell | NAC Blog | Ira Winkler | PCI DSS Blog | Rothke Blog | CTRL ALT DEL | Stefan Tanase’s Blog | Infosec Cynic | CNIS Mag | Heise | H-Online

Chris Nickerson – Red and Tiger Team Testing – BruCon 2009

2 Replies

This is the third and final of my 3 videos recorded at BruCon 2009. Sorry its taken so long, I had some upload issues due to size, so this needs to be in two parts.
This is the excellent presentation from Chris Nickerson on Red and Tiger Team Testing.

Abstract: The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. “Think like our enemy!” That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn’t it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads… literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.

Also to learn more about Chris and what hes up to check out his website and Exotic Liability.

Chris Nickerson – Red and Tiger Team Testing Part 1 – BruCon 2009 from Dale Pearson on Vimeo.

Chris Nickerson – Red and Tiger Team Testing Part 2 – BruCon 2009 from Dale Pearson on Vimeo.

Presentation Slides – Click Here

:: Please do not copy this video without written permission of Security Active or Chris Nickerson | Linking to is fine ::

Security Bloggers Meet Up in just a few days

2 Replies

Security Bloggers Meet Up 2009

This is just a quick reminder that this coming Tuesday the 20th October 2009 at 7:30PM the first official Security Bloggers Meet Up will be happening in London.

FountainsAbbey

The Security Bloggers Meet Up is an ideal place to meet with fellow Security Bloggers, Podcasters and Journalists. There is still a short amount of time to RSVP to bloggermeetup [at] securityactive.co.uk if you are interested in attending.

The event is kindly being sponsored by Qualys, IronKey and ISACA, and its thanks to these guys we will have all food and drink provided (within reason 🙂 ) and possibly a door prize or two.

Please take some time out of your busy schedule to visit our sponsors site and find out about their latest product offerings and services.

I look forward to seeing you all there, and lets hope its the first of many to come in the future.

See you soon.

Symantecs Threat Monitor Screensaver

Leave a reply

I received an email today with regards to some Symantec offerings, and one of the things mentioned was the Symantec Threat Monitor Screen Saver. I have installed it and it doesn’t seem to resource intensive on my machine, and provides some reasonably interesting high level information on current threats by region.
I took a screen print below of the UK information.

I am not much of a screensaver person, so I don’t really have anything interesting, so this makes a nice change.

If you want to check it out, you can get more information and download here.

Symantec Threat Monitor

Always wanted to be Maverick or Iceman, could you be one of the next security Top Guns

Leave a reply

In the Times Technical Segment there is an interesting article about the UK looking to host a contest to turn young security hacker types into the security top guns of the future.

Supposedly these lucky individuals could be earning six figure salaries working for the government and large organisations, this all sound abit like the adverts we constantly see on the TV, ICS you can 🙂 For those who are not familiar, you can quit your job as a paperboy, do an ICS course from home and be a IT Consultant earning 50k and a company car.

It will be interesting how this plays out, is this really to build the UK Elite team to battle cyber criminals, or is it to catch the wanna be famous h4x0rs who mistakenly play for a lifes visit to the cell.