Well, this shouldn’t seem to far fetched. Ponder this: According to the National Threat Assessment Center of the United States Secret Service and the CERT Coordination Center (yes, a mouthful), in 70 percent of the cases studied in a survey conducted by these organizations, insiders, yes those working in the company, exploited weaknesses in applications, processes and procedures to carry out their nefarious deeds. And according to the Gartner Group, 70% of security incidents are actually insider jobs. Can you beweave that? Those dirty rats!

But who would do such a thing? What’s wrong with Fred you ask? Well, under those smiles, Fred might be one of the following: disgruntled, careless, or even angry. Since oftentimes we don’t know people as well as we might think, their ability to operate under the radar can wreak havoc on a company’s network, which can ultimately impact everyone in the company. Therefore, this brings me back to my original point that security is everyone’s business. But more on that later.

So, this week we’re going to mix a little technical jargon with the human element behind the machine. We’ll take a look at how inside attackers use their knowledge in service of the dark side and we’ll see how networks are targets.

Expect more posts about computer security in little time.

See you next monday.

I suppose everybody already knows what a sudoku is, but just in case. It’s a really simple game where you have to fill a series of columns and rows with numbers, but although it involves numbers you don’t need any mathematic knowledge to solve it.

The most common one consists of a 9 x 9 cell grid, where you have to fill every row and every column with the numbers 1 to 9, without repeating them. There are also nine regions you must fill. Well, as it is easier if you see it look at this example:

So, with the help of logic you must find where to put each number so all the columns, rows and regions have the numbers from 1 to 9 without repetition.

If you like this kind of games, I have been publishing sudokus in another weblog for some time. There you can get three new daily sudokus with different difficulty levels: easy. medium and hard. I also publish some “strange” kinds of sudokus, like samurai sudoku.

If you want to visit it, it’s located at Sudokumatic. Hope you like.

But, isn’t this the Web2.0 era? This is about Ajax, blogs, feeds, tags, social software… and all those terms most people can’t understand. So, what was needed was something like the million dollar page with a Web2.0 touch and someone has done it.

It’s called 1000tags and contrary to the other one, it can be free to get your site linked there. It doesn’t show images or logos of the linked sites, but has a cloud of tags linking to them. A tag is like a keyword describing a post, this is something very Web2.0. A cloud of tags is a collection of tags, where each one is bigger as more people use it.

So 1000tags shows a cloud of tags where you can click and go to a site “tagged” with it. I have really liked it as the design is much better than that collection of miniimages, so if you want to try it you can do it at http://1000tags.com

And this is not a strange reaction but, at least, knowledge is powerful, so knowing all the dangers that lay in front of you can help to avoid them. That’s what I would like to show you in this weblog.

I still haven’t answered the question. Why becoming paranoid? You can find the answer to this by reading all my posts. There are many myths in security, too many films where super-action-heroes can do anything with a computer, from hacking into missile-launching systems to steal millions of dollars from the bank. Ok, but not everything you see is true and there are more things than what you see.

Stay tuned for more posts.

Exactly two years before writing this (2006/02/23) I began my own weblog in spanish (Weblog de Madelman), where I shared all kinds of content: security, programming, personal blurbs,… A book named Defiende tu pc (Defend your PC) arised from that weblog and it had some good critics.

So, now I think it’s time to focus in these aspects. Security and privacy is not an easy thing to get, it’s more an state of mind than a collection of things to do, so that’s why it’s difficult. I’ll try to give an insight into news and also write longer posts with recommendations about best practices. This doesn’t mean there won’t be any technical or advanced posts, but they aren’t the main focus of the weblog. I want content that is easy to understand for everyone but, at the same time, complete enough to be useful, so everyone can learn not only how to do things, but why do they have to do those things.

What will be some of the contents in this weblog?

• Passwords
• Spam
• Phishing
• Virus
• …

Also, I’ll keep you updated with news from the most valuable sources. Hope you find it useful.