The global credit-crunch has affected many, including my former employer. It is now strongly likely that I will be packing up the family and heading off to continue seeking fame and fortune. With the current financial market volatility it is important to keep focus on the benefits that the recent crisis will have for the security industry and individuals.

As organisations and individuals (including organised crime) are put under financial pressure, crime and employee misdeed will surely increase. History has shown that during these tough times, law enforcement and others charged with the protection of property (physical and intellectual) have their work cut out for them. It stands to reason that the demand for information security and risk has been on the increase.

Now may be a time of turmoil and change, however change more often than not, brings with it new opportunities.

Even with housing prices, fuel costs and interest rates on the decrease not everyone will be as fortunate. As you consider your circumstances, you may like to spare a thought for those most impacted by the crisis.

Global Warming, Financial Meltdown and the end of Big Brother from Australian TV

These times of hardship raise many questions, one of which is, “apart from the cockroaches, who will survive?”

According to Yahoos Hotjobs and Wikipedia there is a range of professions which will weather the storm better than others. But what can you do to help ease the financial burdens on your employer and improve your value to them?

The key is to start today, before crunch time comes. Here are some suggestions to improve your value:

• Strengthen relationships with your customers.
• Strengthen relationships with your team.
• Focus on the wildly important (franklin covey). What things MUST be done?
• Spend some time considering efficiency. Can a task be automated or techniques improved. Is there a bureacracy which should be changed, challenged or reconsidered?
• Take initiative and be proactive. Addressing issues before they become a problem.
• Provide timely and worthwhile MI which will be valued by your stakeholders.
• Undertake self-improvement, training or professional development.
• Conduct mentoring, training and knowledge transfer.

Trickery, subterfuge and exploitation of the human element in the security lifecycle.

Why bother to brute-force passwords when people will gladly give them to you for a chocolate bar.

Social engineering is a heartbreaking challenge for the security professional as it undermines any technical measures which you implement. It crosses the boundary of the binary veil and often results in physical harm to those who are attacked.

1. ISP’s auto respond to email bounce messages
2. Someone forges/spoofs email from your domain
3. That same someone sends spam

The result is obvious. Lots of email bounces from MTA’s bouncing back email which appears to come from me.

In the words of one of my colleagues “that is pants!”. I am not completely sure what this means or its origin but

its meant to represent a state of badness.

Unfortunately for him, but probably fortunate for me, his aforementioned ISP still had DNS records for my domain which were:

Bogus and

5 years old!!!

This got me thinking about how many junk DNS entries exist for domains and what are the implications?

Assuming the poor schmo who received my old fixed IP address from IINET was watching his traffic, he would have seen

• web requests from any user using their DNS
• email connection requests for anyone trying to send email to me
• and possibly much worse

It is a good thing that I am a trusting soul

What is one of the most important challenges facing computer security today?

The answer to this question is different to all people, so I considered what affects people most:

• Social Engineering
• Scams and Spam
• Malicious Software (Malware)
• Hackers and Cyberstalking

Over the coming months we will explore effective and accessible options for addressing each of the security concerns above.

1. Have a beer, cider or wine with a few friends at the pub
2. pwn some n00bs in a first person shooter
3. Trawl through interesting firewall logs
4. Setup a new website and start a blog

Those who answered 4 are on the money!

So, who the heck am I?

Hmm… A deep question indeed!   I am a security professional from Perth Western Australia. (way down under and across to the left)

When I am not Penetration Testing, Vulnerability Assessing, Reverse Engineering Malware, Managing a security incident, Forensically acquiring or analyzing a system, Undertaking Security Reviews of Companies, Analyzing Enterprise Risks or Building Strategies to handle over the horizon threats…..

I am a husband, a father, a brother, a son, a gamer, a really bad musician.