I’ve had the opportunity to digest a couple of good reads over the past week. First up was Charles Leadbeater’s Cloud Culture: The Future of Global Cultural Relations, and if you’re at all interested in emerging technology and the way it’s impacting (the global) society then this is a must read. I really liked the style used and how the 81 pages just flew by (maybe the formatting?). Some interesting pointers that stuck with me (nothing really new but worth paraphrasing none-the-less):

• The future will be of many clouds. This can only be achieved by embracing an open source approach to technology and information.
• For all the benefits that we’re starting to perceive in this new open communication platform, there are still powers that are working their tentacles to slow it down, for example, authoritarian governments. For example, Thai authorities “have used crowdsourcing to uncover the addresses of websites making comments critical of the Royal family..“. Maybe to a different degree our own government here in Australia and their unremitting push on Internet filtering.
• “Cloud culture” will enhance the creativity of people, giving them new methods to collaborate, but this can only continue as long as we don’t make it too restrictive to share and work on material.

Of course, this could’ve just been written as the “Internet” culture, but it carries more weight when it focuses on the collaborative nature of how the Internet looks these days.

Secondly I had a chance to read something a little more local. The team over at KPMG have released their December 2009 Fraud Barometer and similar to above, nothing entirely earth-shattering, but sometimes it’s useful to cite local reports when trying to “scare” people about their control environment. And by scare, I mean reinforce your fantastic risk assessments on your projects and other important information assets. I also found it interesting to see the number of frauds committed against Government, considering they don’t appear to defraud that much money compared to say finance or commercial companies.

So the prize for “no-surprise-graph-most-useful-to-reinforce-or-scare” is Figure 6, Frauds by perpetrator. In particular, towards the bottom of the number of frauds is Management, but they’re responsible for the largest amount of money defrauded. On the opposite side of the table is the massive number of frauds perpetrated by employees and how little they defrauded. This makes sense of course, management have access to more resources and there’s less of them to normal employees. Pretty anyway.

Enjoy!

I was fortunate to spend a bit of time with Wade recently and we got talking about BeEF, as you do, because .. you know.. we like BeEF. Since that time I’m happy to see that there’s been some movement in BeEF land. I now know that there is a Google Code for the project, and a brand new developer mailing list (which if you’re at all interested in browser exploitation or security should join).

In case you weren’t aware BeEF is a Browser Exploitation Framework, designed to demonstrate the power of browser vulnerabilities. It does this by providing a command & control interface, and a small piece of HTML/Javascript that you can then get a browser to call for them to be “zombified” and become accessible within the C&C. There are a bunch of videos available from here and here if you want to see it in action. It’s a really powerful tool to highlight to your business the impacts of not plugging those XSS or injection holes.

I’m hoping to right more about the framework in the future, but thought I should post a quickie whilst I had the opportunity!