Here's an interesting article on the motivation of Chinese hackers.

To quote a famous Chinese historical figure:

If you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle” --Sun Tzu.
This also aligns with a timely point in the just-released Verizon Data Breach Report for 2013 - "we’re convinced of the critical importance of understanding your enemy"

How well do you understand who wants into your network, why they want in and how motivated or determined they are?

A great quote.

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

Microsoft updates in excel format

Someone asked me about this today, so I thought I'd add a link. for a while now Microsoft have regularly published an excel spreadsheet with all the details on their patches. It is quite useful as a quick reference!

It's available here under "Download Detailed Bulletin Information". Or direct link is here.

Making fun of Adobe


Creator responsibility

I recently came across this rather interesting story ( about a guy who added secret compartments to vehicles. End of the story is, despite the fact what he did may not technically be illegal, he got 24 years in prison as some of his clients were (without his knowledge - although he may have suspected) major drug smugglers. At the same time, the two guys in charge of the drug smuggling operation got much shorter sentences - go figure!

The article ends with the comment:

 The (hacker) culture’s libertarian ethos holds that creators shouldn't be faulted if someone uses their gadget or hunk of code to cause harm; the people who build things are under no obligation to meddle in the affairs of the adults who consume their wares.
But Alfred Anaya’s case makes clear that the government rejects that permissive worldview. The technically savvy are on notice that they must be very careful about whom they deal with, since calculated ignorance of illegal activity is not an acceptable excuse. 
Interesting food for thought. To what extent is the creator responsible for the use of his/her creation?
Unlike the "guns don't kill people, people kill people" argument, the primary function of a secret compartments - or perhaps a technology like encryption - is not to cause harm, but to protect privacy. Should/could the makers of truecrypt be held responsible for criminals or terrorists using it to hide evidence of a crime?

I'm not an American, but sometimes these American precedents can have an influence overseas. It would seem to me a slippery slope if, as this article suggests, the person responsible for creating/implementing a technology that may be used for committing a crime more effectively can be sentenced far more harshly than the perpetrators of the crime.

World Backup Day

Apparently March 31st was World Backup Day! (

Although the date has passed, backing up your data = good! Losing your data because you had no backup = bad!

So go and take a few minutes to ensure your data is backed up.

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme