Dailies
- Caoine
- Echoica
- Jina Bolton
- Lifehacker
- Overclockers Australia
- RiskAnalys.is
- Rory.Blog
- Schneier on Security
- Security Catalyst Community
- Security Ripcord
- Securosis.com
- Slashdot
- Whirlpool
Photos
Categories
- Books
- Computers
- Family
- Forensics
- General
- GTD
- Movies
- Music
- Profession
- Security
- University and Studies
- Web Development
Monthly archives
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- December 2006
- June 2006
- May 2006
- April 2006
- March 2006
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- February 2005
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
- April 2004
- March 2004
- February 2004
- January 2004
- December 2003
- November 2003
- October 2003
- September 2003
- August 2003
- July 2003
- June 2003
- May 2003
- April 2003
- March 2003
- February 2003
- January 2003
- December 2002
- November 2002
- October 2002
Search
Cookies and Hacking Web 2.0
Just read the short, but interesting, post from shauninman.com where he comments on the cookie disclaimer on allthingsd.com. For some reason this post jumped out at me and made me realise that “oh yeah, cookies are taken for granted”. I mean it’s not like many people stop each and every cookie and inspect their content then pass judgement on whether to allow them or not. In fact, it is probably true that in many cases cookies are taken for granted by the same people who try and advocate against widespread acceptance of cookies.
So as a security expert I like the idea of providing an open disclaimer to your web-visiting-clientele explaining just what sort of cookies your website is going to create, but I can’t help but think that as a web-designer wanting to make any sort of money off your traffic you want to make sure that these sorts of things continue unhindered. So which is it? Explain how to remove the cookies, just don’t use the cookies? Remove your adds? Keep your adds?
I don’t know the answer and most likely it can only be decided on a case by case basis. Either way I like the initiative that allthingsd.com have taken in explaining what third-parties are involved in cookie placement.
On a side note I’ve been really interested in reading jungsonnstudios.com, recently renamed to 0×000000.com. A recent entry that I found REALLY informative was his link to a presentation presented in Dubai on Hacking Web 2.0. Not entirely unrelated to the first half of this post, as cookies do play a minor role in user experience and web2.0 stuff.
Posted by Christian 
Posted in: Computers, Profession, Security, Web Development 
No Comments » 
27 April 2007
Profile of a Fraudster
Just finished having a skim of the KPMG Profile of a Fraudster Survey for this year, which I found from the recent Risks Digest post. I have to admit that this survey interested me not only in the professional sense but also personally given my family history. Some of the more interesting statistics do not surpise me at all:
- 70 percent of fraudsters were between the ages of 36 and 55 years old.
- 85 percent of perpetrators were male.
- In 68 percent of profiles the perpetrator acted independently.
- Members of senior management (including board members) represent 60 percent of all fraudsters. An additional 26 percent of profiles involve management level persons bringing the total to 86 percent of profiles involving management. This result highlights a risk that every company faces: executives are entrusted with sensitive company information and yet are also often in a position to override internal controls.
- 91 percent of perpetrators did not stop at one single fraudulent transaction but rather performed multiple fraudulent transactions; every third perpetrator acted more than 50 times.
- Greed and opportunity (when taken together account for 73 percent of profiles) are indicated to be the overriding motivations for fraud.
- No prior suspicion existed in more than half of the profiles…
- Perpetrators were able to commit fraud by primarily exploiting weak internal controls, in 49 percent of profiles.
I guess the only additional information I would have liked to have seen from this report is more international information, such as from Australia and the US.
Posted by Christian Posted in: Family, Profession, Security No Comments » 25 April 2007
Excitement..nervousness
This is my final week with my current employer and while I’m sad to be leaving I’m also very excited (and nervous) to be moving into a new consulting position. The position I’m moving into has been a long-term professional goal of mine for quite some time, and I seriously wasn’t expecting to be moving into this type of position for another couple of years. I think luck has played a small part in the opportunity presenting itself - firstly from a friend who I studied with and secondly from an interview I had last year with a different company.
I’m looking forward to stepping away from a lot of the generic IT work I do currently. While it has been something I’m good at, it’s not something that challenges me too much and while I will be stuck with problems from time to time the majority of the work is too generic for me. I guess I’m finding I spend somewhere less than 20% of my time focusing on information security problems and the rest on other IT work. It’s this shift in work-focus that is exciting me the most about the new job. Information security work will shift from somewhere around 20% to more around 90% to 95%, I hope.
The part that I’m most nervous about is the delivery of work. Currently I service one, or two, different clients, all of whom I’ve gotten to know exceptionally well over the last 2+ years. Stepping into a role where I’ll have to provide services for a number of different clients who are changing all the time will present some problems I’m sure, but I have no doubts that it’s only a matter of time before things fall into place.
This move also makes reading articles, such as this one on the Payment Card Industry Data Security Standard, much more relevant as hopefully I’ll be working on projects in this sort of field, expanding into web application security and other more IT security fields.
Here’s to change.
Posted by Christian Posted in: Computers, Profession, Security 2 Comments » 20 April 2007
The Chicken’s Great Great Grand-daddy
I actually thought this was old news.
Posted by Christian Posted in: General No Comments » 14 April 2007