TKO - Built for disaster

Don't you just hate it when governments and quasi-made-up security semi-information-gathering grey-zone companies pop up here and there? Started with Echelon and went on with happy works as national and regional directives both in the US and here in EU. Go ACTA, CISPA, IPRED, FRA and whatnot in other countries. I can't even imagine what happens in Asia or Australia. Thinking of it... It is still very very illegal to open someone's post (that is postal service with actual paper and ink) unless there are very strong suspicion on that illegal stuff is going on in these mails. So if there is no hurry in breaking the law, why not just use messaging like we did before the internet? Worked then... why not now? And, oh, this works for other things aside illegal stuff too ;-)

There has been a lot of discussions and analyzing going on after the confirmed breach on Global Payments and them "exporting" something less than 1.5M credit card records. I have no insider information and have only read Brian Krebs' and Alan Shimmel's blogs and I agree to a point with their thoughts. The credit card brands are pigs in a way. They do their damnest to push all the blame to banks and merchants, not to mention the cost and risk. The brands are just raking in the money and all with good profit and (almost) no risk. Yes, it's not all black and white, but this is basically what it looks like. On the other hand I do not agree on compliancy and why the PCI-DSS is there in the first place. First on, you are only compliant at the moment you get the approval stamp from the QSA. True. Secondly, you are de facto not compliant if your systems are breached. False. You can be compliant if you are breached, but the result of the breach might make you non-compl...

Credits are due to those who really knows stuff about logging and analyzing the good stuff: Raffael Marty @ raffy.ch Dr. Anton Chuvakin @ blogspot Thank you Dr Chuvakin for your valuable input!

OK, the header gives it all away. I'll give you my thoughts about the cloud, or as it was called when I was a bit younger: the Internet. This is a paper I gave to my bosses a while back when the Cloud was the new thing to join. I did not agree. To outsource your data is a risky business, and you really need to think twice (at least) before you embark that ship. These are my thoughts. From tomorrow and on. Update: Due to a n excessive workload this will be postponed a few days... oh... and I have a baby delivered with a due date about now... so bear with me ;-)