Passionate about Information Security

It’s been about a week since I arrived in Sydney and it’s passed really quickly. I headed to Sydney last Sunday, via London, and will be here for two weeks to work on an ISO 27001 security project that will extend onto beginning of 2009.

After a week of ISO 27001 auditing in the UK and a busy week aftewards, I finally managed to get some time to read my favourite blogs. I was doing so, when I read an interesting post in the Internet Storm Center that analyses some lessons learnt from a severe incident affecting The Planet, a well known hosting provider.
Being a BSi instructor […]

One of the most time consuming tasks a penetration tester has to face is password attacks. Traditional password attacks involve password guessing, password cracking or a combination of both. While the first can take anything from days to months, the latter can take from hours to days, depending on the quality of the password dictionary […]

I was discussing with a friend a few weeks ago how challenging is to teach folks that come in from the exclusive Windows-world on advanced Unix topics. Yes, I mean the kind of user that ends up rebooting a Unix box after changing a conf file instead of just restarting the appropriate services .
I’m […]

As promised in my previous post, I have  just uploaded Cracking into embedded devices and beyond, Adrian Pastor’s presentation at ‘Hack in The Box’ Dubai 2008.
Thanks Adrian for your promptly response when asked for the slides and congratulations for your excellent contribution to the security community. Hope we can share a pint next time I’m in […]

It’s Sunday evening and I have spent the last hour going through the slides of Cesar Cerrudo’s talk at HiTBSecConf 2008 that took place this week in Dubai. I know it’s sad, but the title of this blog is “passionate about information security”, isn’t it?
Let me give you a bit of background before going […]

Whilst some researchers point out that chocolate may provide health benefits that include decreasing the risk factors for certain heart related diseases, further research indicates that it can also become a security threat, specially when women are around!
I know it sounds funny, but so claims latest survey conducted by Infosecurity Europe over 576 office workers […]

I open the new section Papers & Presentations of this blog posting my latest article published on INSECURE Magazine: “Integrating ISO 17799 into your Software Development Lifecycle”.
In this paper, published on the 11th issue of INSECURE Magazine (May 2007), I explain how information security controls can be integrated in the Software Development Lifecycle (SDLC) using […]

Yes! I’m just writing my first post from the Apple Store at Regent Street (London) to let you know that I’ve just passed my SANS GCIA exam. Indeed, I know it could have been better (scored 89%) and that I scored even more on my first GIAC exam (GCFA -Forensics Analyst- that I took on […]