Sunday, March 28, 2010

Reply from ISACA

On March 26 I received a reply from the ISACA media relations department, informing me that they will be making some changes to future surveys. Changes will include a few of the aspects addressed by my blog post, including the use of SSL and additional information in the body of the survey.

Their response is highly appreciated of course, and I look forward to future surveys from ISACA. Thanks Deb!

Wednesday, March 24, 2010

Knock, knock... Who's there, statistically?

Utstein Abbey 4Per, the owner of this blog has fled the country for a few days, so I am seizing the opportunity to not have my little musings drowned in his figurative firehose of blog posts.

About six months ago, I reinstalled one of my Gentoo Linux servers and I left the SSH port open to the world. I did this deliberately, as I tend to access my servers from many different sites, not always knowing in advance what my source address will be. Usually, I'll install logrotate and a few other packages to keep things tidy, but for some reason this was neglected.

The other day, while doing some routine maintenance on the server, I discovered that the system log file /var/log/messages had grown to a whopping 12GB. What on earth was going on here?

Sunday, March 21, 2010

Write down your password!

Do you have many passwords? How many of them are you able to remember?  Do you have the same password across different systems and services? Do you use the same password at work as you do at home - and on Facebook? Write them down - and security will be improved.

Thursday, March 18, 2010

Skriv ned passordet ditt!

Har du mange passord? Klarer du ikke å huske alle? Har du samme passord på tvers av ulike løsninger? Bruker du samme passord på jobb som du gjør hjemme - og på Facebook? SKRIV DEM NED - og sikkerheten blir bedre.

Wednesday, March 10, 2010


Til dere som jobber med rådgivning rundt sosiale medier, her er en liten sak dere kan ha interesse av. Dere er jo opptatt av å skape dialog og på den måten bygge kundelojalitet, eller økonomisk sikkerhet for butikken som man også kan kalle det. :-)

Tuesday, March 09, 2010

...and another one from ASIS

ASIS is definitely not a small organization in the global security landscape. As a member, I receive lots of useful information through my membership, and I'm studying for their CPP certification. And now they want to conduct a small survey. Right.

Tuesday, March 02, 2010

A non-secure survey from ISACA...


I'm disappointed. As a member of ISACA, I do expect them to be a role model for their members, in terms of security. "Do as we say, not as we do" a colleague once told me, before leaving the organisation we both worked for once upon a time. For years I have told family, friends, colleagues and others to follow some simple pieces of advice for securing their online activity. One advice is to always ensure that a website uses https (ssl) before you log in or answer questions that might do damage to you or others in any way. I expect ISACA to do the same thing.