David Laceys IT Security Blog

October 2008

  • The advancing science of anti-forensics

    David Lacey 31 Oct 2008
  • One session that caught my eye at this week's RSA conference in London was a talk by Christopher Novak of Verizon on the growing capability of hackers to disguise their traces. The ease of applying ...

  • Security at the application level

    David Lacey 31 Oct 2008
  • One long-awaited trend that's finally begun to take off is attention to security at the application level. It's not surprising as hackers are increasingly focusing on applications and data. But it ...

  • The spectacular success of financial risk management

    David Lacey 30 Oct 2008
  • I came away from the RSA conference with the impression that most practitioners actually believe that the current financial meltdown was a clear example of risk management failing the financial ...

  • Victoria's secrets steal the RSA show

    David Lacey 29 Oct 2008
  • Over the last three days and nights I've been absorbing the delights of the RSA conference in London. Fortunately the sun shone on this year's event. It's just as well as the London docklands ...

  • RSA Europe - a softer focus?

    David Lacey 26 Oct 2008
  • Monday sees the start of the RSA Conference and exhibition in London, which I'll be attending. It's a significant occasion, with a reasonable level of sponsorship and attendance. But it's very ...

  • Mail shots for dummies

    David Lacey 24 Oct 2008
  • Like many of you, I receive a raft of professional direct email churned out by Techtarget's team of spin merchants. Normally I accept it all in the healthy spirit of direct mail. It's sometimes ...

  • Visibility and context are your priorities

    David Lacey 23 Oct 2008
  • I've just installed the latest critical security patch from Microsoft. Fortunately, I was warned about its release by good friends in Seattle. In fact, it's unusual these days for Microsoft to ...

  • Lies, damn lies and incident statistics

    David Lacey 23 Oct 2008
  • We're all terribly bad at interpreting statistics. It's the way are brains are wired. We tend to leap to the wrong conclusions. And we're heavily influenced by context and spin. Politicians, ...

  • Firewalls for phones

    David Lacey 22 Oct 2008
  • I was interested to read that Truecall, a UK firm, has brought out a firewall-style device for phones. It operates on the basis of a white list of approved callers and a black list of nuisance ...

  • Security theatre

    David Lacey 21 Oct 2008
  • I see that a team of Swiss security researchers have discovered something that physicists have known for more than a century: that electromagnetic waves travel through the air. They suggest that ...

  • Here comes everybody

    David Lacey 20 Oct 2008
  • People often ask me what's happening these days at the Jericho Forum. It's been around for some years, but the computer press coverage has been relatively light lately. Well I'm pleased to report ...

  • The future of Internet governance

    David Lacey 19 Oct 2008
  • Last Thursday's Parliament and Internet conference provided reassurance that at last some of our politicians have a healthy perspective of the societal challenges presented by the Internet. ...

  • Outsourcing trends

    David Lacey 16 Oct 2008
  • Last night's Computer Weekly 500 club meeting in London, on the subject of off-shoring and outsourcing, provided a fascinating insight into the latest trends, from the expert perspective of ...

  • Security budgets

    David Lacey 14 Oct 2008
  • I was interested to read a brief spot check survey of three F500 CISOs about security budget projections on Jim Reavis' Riskbloggers site. This suggested that CISOs have yet to feel the impact of ...

  • Top Gun jobs

    David Lacey 11 Oct 2008
  • Each weekend I dig out the latest copy of the SANS @RISK vulnerability alert newsletter from my junk e-mail tray. Clearly Microsoft Outlook judges it to be a bit suspect. But most if it seems ...