Entries in IT (3)


LulzSec, Anonymous, and infosec:

"And publicity was such a useful thing. Corporate security officers, including telco security, generally work under conditions of great discretion. And corporate security officials do not make money for their companies. Their job is to PREVENT THE LOSS of money, which is much less glamorous than actually winning profits. If you are a corporate security official, and you do your job brilliantly, then nothing bad happens to your company at all. Because of this, you appear completely superfluous. This is one of the many unattractive aspects of security work. It's rare that these folks have the chance to draw some healthy attention to their own efforts."

The Hacker Crackdown, Bruce Sterling

That quote was published in 1992, almost twenty years ago.  The description still applies to most companies.  Yes, there is more awareness, and there are regulations forcing companies to do some modicum of lip service, but overall the description is still accurate. 

It is also correct to say this is one of those times when Information Security gets attention.  This is one of infosec's times to shine, don't be hyperbolic, don't use this as an excuse to buy software FOO or widget BAR; this is a rare opportunity to sit down and have a rational, reasoned discussion about security and business from the top down.

IT is a goofy bird at most companies.  You hear silly phrases like "IT doesn't drive the business" or "We need to run IT as a business".  When was the last time you heard "Accounting doesn't drive the business" or "We need to run HR as a business"?  Never I bet. 

We need to get over this silly dichotomy that runs throughout corporate culture.  IT and infosec should be so deeply integrated into the business, that silly ideas and notions about IT being different from HR or accounting are not conceiveable.



R U Red-E?

If you click on the link: http://[2a00:1450:8003::93]/ do you get google or an error page? 

If you get an error page, bug your IT admin, Helpdesk, ISP... you are not ready for IPv6

The pool of IPv4 addresses will be exahusted by the end of this year by most estimates.  IPv6 deployement has been delayed, and delayed, by companies, ISP's and vendors.  Further delays are only possible with technologies like carrier grade NAT that are problematic for games, and VPN's


No Comment.