Feeds

Fear sells. Read the report

Hackers grapple with Mephistophelean plumbing

High performance access to file storage

Infosec blog The Infosecurity Europe show is almost upon us again. I've personally attended the show every year since 1997, man and boy, making this year's event my tenth attendance.

Over the years the dress code has changed from jeans and t-shirt to business suits and the agenda has shifted towards the business impact of information security breaches (e.g. keynotes this year such as Security Compliance from Conglomerate to SME). New concerns - such as the security impact of VoIP technology - are emerging but hardy perennials, such as the cost of computer virus infection, remain consistent themes.

Surveys keep raining on our heads

Every two years the show serves as forum for the announcement of the DTI's Information Security Breaches Survey, touted as the UK's most authoritative look at security breaches. Latterly the lead up to the report has been accompanied by a string of press releases, sponsored by security vendors, highlighting a particular facet of security that (no surprise here) help to illustrate the importance of the particular firm's technology.

So far this year we've had releases stating "virus infection remains biggest single cause of security incidents", that companies not doing enough to reduce identity theft and on staff misuse of the internet. In the two weeks before the show at least three more releases can be expected, if what happened in 2004 is anything to go by, leaving a the press corps with little enthusiasm for writing about the main launch.

It's the information technology equivalent of releasing six different trailers to promote a movie. Please, someone, make it stop!

Not wishing to pre-empt the survey myself I'll make a small bet that it will conclude that hackers are costing UK business millions and that security incidents are on the rise. This is probably a fair reflection on the situation on the ground but just once I'd like to see a survey that said some aspect of security incidents had dropped in recent times. After all, hard working sys admins need some encouragement every now and again that their labours are not in vain.

Bog blog

It would be remiss of us not to mention public transportation or toilets in this pre-show blog [report - Ed]. London's Olympia is a tricky place to get to outside of rush hours, when a handy shuttle service runs from Earl's Court. Outside of these times London transport advises passage via Hammersmith or West Kensington. Typically people coming in from central London have to change three times and hop on at least one bus.

Of course for the real security freak the very idea of using an Oyster card is an anathema. They'll cycle to Olympia or, better still, take a ride in the trunk on an unmarked car.

And when they're there they'll doubtless want to use the conveniences. Olympia boasts at least three toilets on its ground floor. Unfortunately they're not particularly well marked and all located on the ground floor, a tedious slog away from most of the opportunities for free booze, which tend to happen on Olympia's first floor.

The toilets, once you find them, are well above the standard you'd likely find at most Championship grounds but all in all it's not a satisfactory arrangement. Diagonal Security's usual plan - camp out in a nearby pub and have the world come to you, rather than braving Olympia itself - has much to commend it.

Whatever happened to the likely lads

All this might make you think I'm not looking forward to Infosec. Nothing could be further from the truth. Since moving over to Spain in January the show will be my first opportunity to meet up with key contacts and share a beer. They'll be plenty of talk about defending systems beyond the perimeter, the ethics of security disclosure and malware evolution, no doubt. But what I'm really looking forward is the opportunity to spend time in an environment where law enforcement officials and hackers rub shoulders.

Perhaps it's too much to expect an incident like the arrest of infamous hacker Fluffi Bunny at Infosec three years ago but let's hope for an interesting show nonetheless. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.