Welcome to the SecAware blog

I spy with my beady eye ...

21 Mar 2006

CERT security papers

A series of papers on the CERT site is well worth a look. As well as discussing the insider threat, the page has information on two risk analysis methods: OCTAVE and one I'd not heard of before: Mission Assurance Analysis Protocol (MAAP).
More information security management links

Trojan author and wife convicted

An Israeli couple have been convicted in connection with writing and selling a Trojan horse program to private investigator customers to spy on others. They are expected to face jail time.
More malware links

18 Mar 2006

Spoofing caller ID

Phreakers (telephone hackers) found technical means to fake caller ID numbers, making calls appear to have come from different phones. They may also reveal 'number withheld' numbers. IP telephony makes it even easier to spoof caller ID through websites that offer this as an 'entertainment service'. No hardware or technical skills required. Here's another article on this. It's not so funny if someone spoofs your home phone number to access your voice mail box, or to authenticate a new credit card stolen from the post ...
More IT fraud links here

17 Mar 2006

Spreadsheet integrity issues

Patrick O'Beirne, author of the highly-recommended book Spreadsheet Check and Control, will be speaking at a meeting of the Irish Computer Society on March 21st. The lecture will be webcast simultaneously for those unable to get to Dublin. If you use spreadsheets, or know someone who does, don't miss this!
More integrity resources here

10 Mar 2006

How To Become A Hacker

How To Become A Hacker by Steven Raymond ably explains the difference between hackers, crackers and script kiddies. It teases out the ethics and ethos of hacking, and explains the value system that bonds true hackers together. An excellent treatise.
More [anti-]hacking resources

6 Mar 2006

Keeping Up with the Phishers

Phishing has been described in several NoticeBored modules. It is still hot news. Spear phishing - the targeting of specific individuals such as executives of a particular organization using hand-crafted email lures - remains a serious threat. Read Keeping Up with the Phishers for an excellent description of the problem.
More malware and authentication resources

5 Mar 2006

BS 7799 / ISO 17799 / ISO 27002

Through ISO27001security.com we are helping to spread good information security practices and promote the use of the new ISO 27000-series information security management standards. We have finally published an update to the page describing the latest version of the information security management standard ISO 17799:2005 (which is due to become ISO 27002 next year). We have documented the history and outlined the content of the standard with a brief summary of the main sections and subsections.
Explore links to further web resources on the standards, regulations and laws applying to information security on the NoticeBored.com website.

3 Mar 2006

Xenu's Link Sleuth

Xenu's Link Sleuth spiders a website looking for dead links. Useful if, like us, you maintain an extensive links collection.

NoticeBored links collection