Bassajew and costs of terror attacks
I heard on the car radio the other day that Bassajew gave numbers on how much the recent terror attacks in Russia and Beslan did cost him. I remember something like 9,600 USD for the Beslan terror attack (in which terrorists took pupils, teachers and parents hostage) and something like 7,000 USD and 4,000 USD for the suicide bombing in Moscow and the bombings of two Russian passenger planes.
Here are some links:

• http://www.mosnews.com/news/2004/09/17/chechenrebel.shtml
• an article on Radio Free Europe
• an article from a site in New Zealand

  ¶ permanent link

  Nur allzuwahr.. IT-Sicherheitsbeauftragter im c't Kartoon..
in German ;-) http://www.heise.de/ct/schlagseite/04/20/  ¶ permanent link

  M$ Windows XP Professional Bugging Device?
Cccure has a list of 47 spots in Microsoft XP Professional that the anonymous author of that document thinks are cases of possible concern. (PARANOIA! on/off) - or maybe I'd say are "paranoia entry points"?
http://www.cccure.org/modules.php?name=News&file=article&sid=591
- While I think that most of them are quite irrelevant, it's probably not bad to adjust/verify personal paranoia levels on a Sunday morning..
  ¶ permanent link

  (in Germany:) The legal obligations and the responsibilities in case

From a posting by Bodo Hoffmann to cissp-ffm:

(in German)

http://www.surfcontrol.com/general/guides/SurfControl_RechtlicherLeitfaden.pdf

  ¶ permanent link

  A visual history of spam (and virus) email
..from the blog of Raymond Chen (who has kept every single piece of spam and virus email since mid-1997).   ¶ permanent link

  German IT agency sets record straight on IE
There has been some noise after the German Information Security Agency (BSI) apparently hinted that using a non-Microsoft web browser might give you less security headaches. NetworkFusion is covering the current state (and some clarifications by the BSI) in an article called "German IT agency sets record straight on IE".
- As you could expect, the BSI is choosing some less harsh language.
The most interesting quote from it is: "Microsoft has responded to the developments by offering discounts to the country's vast public sector and agreeing to provide special assistance with software security."
Now - if I were the IT security agency chief of any country, wouldn't I just copy&paste the original BSI statements?? (and gain a hefty discount plus MS security consultancy package for my people??)
  ¶ permanent link

  Minimization of network services on Windows systems
Very interesting reading. - I found it at the TAO security blog , that also has a nice summary.
  ¶ permanent link

  The CISSP secret hand shake
For all who have wondered - there is indeed a secret handshake to recognize fellow CISSPs.
From a post by Mark Lachniet to cissp-forum (a high profile, highly professional closed list):
"It's just like the gangster handshake
- fist (above),
fist (below),
fist horizontal.
Then you say "wondertwin powers activate - shape of a risk assessment methodology" and "shape of a properly configured and managed IDS system"

From personal experience, you are supposed to order beers right after saying this...

  ¶ permanent link

  "Gmail-is-too-creepy"
http://gmail-is-too-creepy.com/
for what it's worth. I haven't checked the allegations made at the link above, so take them with a grain of salt.
Also, http://www.gmx.de/ has largely increased it's free webmail quota to 1 GB, see here.
- Gmail is Google's mail service.
  ¶ permanent link

  TAMU 1999 Bonfire Disaster - a management tale on why proactive risk management matters
Texas A&M - or "Aggieland" - is a rather well-known US university with a (military-style pre-) "school of cadets". It's home of the George Bush Presidential Library, very close to the Bush's family ranch and a somewhat peculiar place. I spent quite some time in and around campus in '93-'96.
Texas A&M is well-known for its football team, its inherent despise for the Univerity of Texas (at Austin) and the "team spirit" of its students and honored traditions.
Up to 1999 one of the key traditions was the annual Bonfire - which developed into a major three-story construction. - I always had the feeling that more wood was burned in that fire, than was used as paper at that place.

In 1999, the bonfire collapsed killing several people. The university was pressured to launch an in-depth investigation, which came up with quite shocking findings.

See: http://www.tamu.edu/bonfire-commission/reports/

I think this is a really good story that demonstrates just how important a pro-active risk management is.

Some quotes from the final report:
Lack of a written Bonfire design or construction methodology is in the Commission’s view both an important barrier failure and very relevant to the collapse. This deficiency has resulted in multiple design changes year-to-year, no established process for design reviews, and no documentation of critical design factors. This was clearly evidenced in interviews with University officials and students. On numerous occasions, interviewees described a world in which design decisions were made with no written guidance, no formal reviews, and no knowledge of critical design factors.
  ¶ permanent link

  Breach! Breach! - http://www.ratemynetworkdiagram.com
This is a strange site: http://www.ratemynetworkdiagram.com/
I wonder just who's putting stuff up there - and what is it for?
- A honeypot for the dim-witted?
Or some dating site for nerds? =)))
  ¶ permanent link