And some of them actually have an idea how to make things better. Worth taking into account when your business relies on people buying your security solutions or services. It seems like the very least you should do is to make sure your users and customers understand how THEY benefit from the introduced security measures and why the inconveniences they introduce are absolutely necessary for them to work. And better make sure they really are necessary.

Last week Tom Fishburne’s This One Time at Brand Camp (his latest cartoon book) got to me finally and I’m here to report to you that it’s been a wonderful read! The cartoons generally talk about marketing. I’m not a marketing pro or anything, you probably know this, so I think I am a pretty good test for Tom’s toons and their amusingness to a layperson. And I have to say, they passed the test surprisingly well. Even better, I learned quite a bit while laughing out loud. Can you wish for more?

One of the best cartoons from the book (in my opinion of curse) is the one on the left (click it to enlarge).

Brilliant! Not even a word and the message is crystal clear. Makes you nod and go “Right. That’s how it is.” Just brilliant!

Great job Tom! Please keep it going :-)

And face it, you wouldn’t work on a report or an email while in a cab or a plane if it wasn’t an essential and really urgent thing to do. So, I guess we can safely assume that the data you have on the device may be worth a lot for someone who knows this and that about your business.

So, what options do we have here? Not getting much into technical details, let’s just try to figure out what could work for someone who most importantly wants to do their job without their phone driving them nuts and secondly wants the solution to provide a reasonable level of security to the precious data in it. It’s quite obvious that we need to encrypt, but how? Again, technical details aside, let’s just focus on user-device interaction.

[UPDATE: If you are planning to come to the meeting, we will need your name in order for security to let you into the building. So, please send us an email with a subject "[ISSA] Potwierdzenie udziału w spotkaniu - Wroclaw 2008-09-23" to wroclaw at issa.org.pl

Be sure to actually include your name!]

I’m happy to invite you to this month’s ISSA meeting on September 23. We'll be talking about security policies and, more on the technical side, about DNS cache poisoning.

When: September 23, 6:30 PM

Where: Credit Suisse, Grunwaldzki Center building B, fourth floor, Grunwaldzki Square 25, Wrocław

Agenda:
1. Welcome after summer - Michał Sobiegraj
2. Development and Deployment of Security Policies - Radek Michalski
3. DNS Cache Poisoning (recent update) - Jarek Sajko

We plan to end the official part of the meeting around 8:30.

See you!

As some say (me included), it’s nice to give people something of value just the moment you first meet. It binds. And what is of more value than an insightful point delivered in a funny way? Plus it doesn’t cost you much and has potential to change the world (a wee bit, but still).

So why not add some value to the usual biz-card exchange? Say, in form of couple of valuable words on the back side of a card? And I bet you can also make it fun to read. In order to boost up the fun factor I used couple of doodles by Hugh MacLeod.

If you want to print each card with a unique picture on the back, moo.com is the place.

When: July 23, 6PM

Where: Credit Suisse, Kameleon building at Szewska st., 1st. floor

See you at the meeting!

To the point: if you're from Wrocław area or if you happen to be around on July 3, be sure to come to the ISSA Polska meeting in Wrocław. We plan the meeting to be real fun this time. We'll be having a guest from Credit Suisse IT Risk dept. giving a talk. We also plan to discuss latest incidents in Poland.

When: July 3, 6PM

Where: Credit Suisse, Kameleon building at Szewska st., 1st. floor

See you there!

When was the last time you got a phishing email? Not that long ago, I bet. Me too. There is nothing unusual in it, nowadays we get so much of it that we simply get used to it and usually just silently delete or ignore it (if spam filters don’t do it for us).

So, why am I talking about this? Well, because of a funny coincidence. Or maybe it wasn’t that much of a coincidence… Here is the story.

We're gonna do it for the fifth time already! Whooohoo! :)

This time the main theme will be Intrusion Detection Systems and Web Application Firewalls. Also a discussion panel is planned so that we all could shout at each other and throw blunt objects in each other’s general directions.
Here is the agenda:

1. A warm welcome (myself)
2. Intrusion Detection Systems (Wojtek Wirkijowski)
3. Web Application Firewalls (Edward Weinert)
4. Discussion Panel (Andrzej Piotr Kleśnicki)

And as always, there is a prize to be won.

See you at the meeting!

As probably most of you guys, I’m not spending my day fuzzing stuff, but, probably as most of you again, I’m bumping over a software glitch from time to time. Sometimes, when I’m in the mood, I’m poking the hole to see what happens.

And I was in the mood that day.

It's been hands-on and it's been fun! :) Huge thanks goes to Edi Weinert and Tadeusz Kowalczyk who put all this together and made the whole thing possible. And of course thanks to you all! I hope you enjoyed the workshop and we'd really love to hear your comments on what we could do better next time.

Hope to see you next time! And in the meantime, be sure to click at the photo for more geeky shots.

Thank you all once again!

Thank you! Thanks to all of you who made it to the meeting despite the fact that we have changed the location twice. And my apologies to all of you, who didn’t. We will do our best to make sure it doesn’t happen anymore.

Despite all the trouble, the meeting was fun. We totally run out of schedule due to discussions that broke out during the first talk. Oh, and the cookies were awesome! Not to mention the coffee.

We have one piece of slides this time, so, for all of you who would like to go through the presentation again and for others that didn’t make it to the meeting, here it is.

Thanks again and see you next month!

Let me invite you to another ISSA meeting in Wroclaw. It’s the third meeting already and this time we’ll be discussing Computer Forensics and Incident Response. We’ll be having a discussion panel as the last time and we’ll let you guys win some prizes in a competition.

All that and even more on Mar 11, 2008 at 6pm.

Where? At BZ WBK Wroclaw HQ, Rynek 9/11 (second door if you look from the pl. Solny direction). At Politechnika Wroclawska, Janiszewskiego 11/17, building C3, room 118 (enter either through building C-1 or C-5).

An important note: you need to register for the meeting before Feb 4, 2008, 9pm at the latest. In order to register, please use the following link.

UPDATE: This time we meet at Politechnika Wroclawska, Janiszewskiego 11/17, building C3, room 118 (enter either through building C-1 or C-5).

Tons, and I mean TONS, of "undeliverable message" bounces together with quite a lot of my favourites – out of office notes. When you think about it, quite a lot of information is being thrown at you in such messages. Here are some sanitised examples (all in German, as my email address sells on a German market, apparently).

What’s in it?

• A remote DoS on Vista,
• A tale of a deadly Android,
• A short story of hacking PSP,
• Everything you ever wanted to know about hosting, but were afraid to ask,
• Challenges of risk analysis,
• Securing SQL Server 2005,
• Polish law and hacking,
• TPM in GNU/Linux,
• and much, much more.

I had a pleasure to share some thoughts on risk analysis in this issue, so be it only for that I really encourage you to visit your newsagent and give this fine new magazine a try.