If you like it here, please consider subscribing to the RSS feed or spreading the news among your friends who also care about security.

September 28, 2008

Why is security awareness important

Since you are reading this, you probably think security is oh-so important. Well, here is a funny surprise: turns out most people out there actually think that living their lives, doing their business and running their errands is way more important.

And some of them actually have an idea how to make things better. Worth taking into account when your business relies on people buying your security solutions or services. It seems like the very least you should do is to make sure your users and customers understand how THEY benefit from the introduced security measures and why the inconveniences they introduce are absolutely necessary for them to work. And better make sure they really are necessary.

September 23, 2008


Last week Tom Fishburne’s This One Time at Brand Camp (his latest cartoon book) got to me finally and I’m here to report to you that it’s been a wonderful read! The cartoons generally talk about marketing. I’m not a marketing pro or anything, you probably know this, so I think I am a pretty good test for Tom’s toons and their amusingness to a layperson. And I have to say, they passed the test surprisingly well. Even better, I learned quite a bit while laughing out loud. Can you wish for more?

One of the best cartoons from the book (in my opinion of curse) is the one on the left (click it to enlarge).

Brilliant! Not even a word and the message is crystal clear. Makes you nod and go “Right. That’s how it is.” Just brilliant!

Great job Tom! Please keep it going :-)

September 19, 2008

Usable data encryption for mobile devices

It comes to be more and more tempting to store and process important business docs on our mobiles/smart-phones as the devices keep growing bigger, mightier and more usable. Together with the time saving benefits we get from being able to do the work while on the go, there is also a still growing danger of our precious information being stolen together with the device and used by a thief for whatever evil purpose they intend it to use.

And face it, you wouldn’t work on a report or an email while in a cab or a plane if it wasn’t an essential and really urgent thing to do. So, I guess we can safely assume that the data you have on the device may be worth a lot for someone who knows this and that about your business.

So, what options do we have here? Not getting much into technical details, let’s just try to figure out what could work for someone who most importantly wants to do their job without their phone driving them nuts and secondly wants the solution to provide a reasonable level of security to the precious data in it. It’s quite obvious that we need to encrypt, but how? Again, technical details aside, let’s just focus on user-device interaction.

Continue reading "Usable data encryption for mobile devices" »

September 14, 2008

ISSA meetings in Wrocław back after summer (Sep 23, 2008)

ISSA Polska

[UPDATE: If you are planning to come to the meeting, we will need your name in order for security to let you into the building. So, please send us an email with a subject "[ISSA] Potwierdzenie udziału w spotkaniu - Wroclaw 2008-09-23" to wroclaw at issa.org.pl

Be sure to actually include your name!]

I’m happy to invite you to this month’s ISSA meeting on September 23. We'll be talking about security policies and, more on the technical side, about DNS cache poisoning.

When: September 23, 6:30 PM

Where: Credit Suisse, Grunwaldzki Center building B, fourth floor, Grunwaldzki Square 25, Wrocław

1. Welcome after summer - Michał Sobiegraj
2. Development and Deployment of Security Policies - Radek Michalski
3. DNS Cache Poisoning (recent update) - Jarek Sajko

We plan to end the official part of the meeting around 8:30.

See you!

September 12, 2008

New biz-cards


As some say (me included), it’s nice to give people something of value just the moment you first meet. It binds. And what is of more value than an insightful point delivered in a funny way? Plus it doesn’t cost you much and has potential to change the world (a wee bit, but still).

So why not add some value to the usual biz-card exchange? Say, in form of couple of valuable words on the back side of a card? And I bet you can also make it fun to read. In order to boost up the fun factor I used couple of doodles by Hugh MacLeod.

If you want to print each card with a unique picture on the back, moo.com is the place.

July 9, 2008

IT Risk management in Wrocław once again (July 23.)

Since the meeting didn’t work out the last time due to some unexpected circumstances, please let me invite you to the event again. The agenda stays the same.

When: July 23, 6PM

Where: Credit Suisse, Kameleon building at Szewska st., 1st. floor

See you at the meeting!

June 28, 2008

IT Risk management in Wrocław on July 3.

I haven't posted in ages! I've even managed to forget the MT backend script name (not to mention I've lost my bookmarks somewhere down the road). But I'm back! Unfortunately I'm still busy as... well... as someone very busy, so I'll keep it short this time.

To the point: if you're from Wrocław area or if you happen to be around on July 3, be sure to come to the ISSA Polska meeting in Wrocław. We plan the meeting to be real fun this time. We'll be having a guest from Credit Suisse IT Risk dept. giving a talk. We also plan to discuss latest incidents in Poland.

When: July 3, 6PM

Where: Credit Suisse, Kameleon building at Szewska st., 1st. floor

See you there!

May 6, 2008

A piece of phishing email

Not that long ago I got this:

VISA phishing email

When was the last time you got a phishing email? Not that long ago, I bet. Me too. There is nothing unusual in it, nowadays we get so much of it that we simply get used to it and usually just silently delete or ignore it (if spam filters don’t do it for us).

So, why am I talking about this? Well, because of a funny coincidence. Or maybe it wasn’t that much of a coincidence… Here is the story.

Continue reading "A piece of phishing email" »

Fifth ISSA meeting in Wroclaw (May 19, 2008)

ISSA Polska

We're gonna do it for the fifth time already! Whooohoo! :)

This time the main theme will be Intrusion Detection Systems and Web Application Firewalls. Also a discussion panel is planned so that we all could shout at each other and throw blunt objects in each other’s general directions.
Here is the agenda:

1. A warm welcome (myself)
2. Intrusion Detection Systems (Wojtek Wirkijowski)
3. Web Application Firewalls (Edward Weinert)
4. Discussion Panel (Andrzej Piotr Kleśnicki)

And as always, there is a prize to be won.

See you at the meeting!

April 30, 2008

A funny thing with Thunderbird

I’m using Thunderbird as my email client on a daily basis. Not that long ago I’ve been trying to send a PDF document, that I previously got from the Web, as an email attachment. To my surprise the normal drag’n’drop and send routine didn’t do it. A short glance at the filename made it obvious — the percent-encoded forward slashes (%2F) in the filename got in the way.

As probably most of you guys, I’m not spending my day fuzzing stuff, but, probably as most of you again, I’m bumping over a software glitch from time to time. Sometimes, when I’m in the mood, I’m poking the hole to see what happens.

And I was in the mood that day.

Continue reading "A funny thing with Thunderbird" »

© 2006-2007 Michał Sobiegraj. All rights reserved. The views expressed here are my own, and not necessarily endorsed by any former or current employer.
Add to Technorati Favorites


Audio version (xml)
(Artwork by podcastlogo.lemotox.de)

Latest photos

Powered by
Movable Type 3.34