information security

My friends at Sensepost are looking for an information security analyst. This is probably one of the most rocking jobs on the market - the opportunity to learn from the best and get paid to hack...

I've been to their office a couple of times and it seems like a totally rocking place to work. Apart from spending your time hacking, you'll find the physical environment very dot-comy (pool table, video games, stocked fridge, shorts and slops). Oh, and the guys are cool too ;)

So if you're not going to be living the dream and you think you got what it takes to be leet, check out this post.

Mashable has a story about Israel-based Blue Security's new product Collactive.

Blue Security are best known for their aggressive anti-spam service which they had to shutdown after the spammers hit back at them and took out Six Apart's Typepad blogging platform as collateral damage.

They have now created a new web app called Collactive that allows users to easily "game" social news features by enabling you to co-ordinate large groups of friends/supports to skew online results. It does this by letting you send out "All Points Bulletins" to supporters urging them to take some sort of action on social sites like Digg, YouTube, Reddit, BBC News, etc. The action the end-user needs to take ranges from just viewing a story to voting on a story (or "burying it") or to e-mail it in order to promote it to the most e-mailed stories list.

Of course, this sort of thing has been going on for a while - people have been e-mailing lists saying "Hey! BBC has a poll so please go and vote for side X" but a tool like Collactive makes it so much more "organised".

Interestingly, they offer an "enterprise version" as well...I can see lobby groups and net activists making heavy use of this sort of tool in order to promote their cause or to give "their side of the story" more prominence. This has serious trust implications - we somewhat trusted social media systems because our peers recommended what they thought was interesting or honest. This sort of organised gaming used to be the domain of SEO's out to make a buck. Now that politics is involved the stakes are so much higher than just a few clicks or back links.

So out goes the "wisdom of the crowd" and in comes "information warfare" Web 2.0 style...

Last week Nigel pinged the Qatar Perl Mongers list an invitation to attend the first bi-monthly Qatar Information Security Forum (QISF) which was being hosted by Q-CERT. It's been a while since I attended one of these types of information security events so I figured that it would be a useful opportunity to network with people from Q-CERT, check out the local information security scene and clock up a couple of CPE points.

The lecture part of the program was given by Ian Dowdeswell who just joined Q-CERT - it turned out to be the standard Power Point on "How much security breaches cost and a taxonomatic classification of the evil people who are behind the attacks." This of course reminded me why I always sat in the back of class since the second day of high school.

That being said, it was probably useful for IT Managers and anyone else who did not have to endure 6 hours of multiple choice questions for the CISSP examination.

The Q&A was fairly interesting though with lots of discussion around legislation that would drive information security in the country (apparently there is non planned yet). I also learnt that the Qatari Penal Code of 2004 has section on computer crime (I should look this up at some stage) and that there is a group within the CID that is responsible for computer crime.

Apart from networking, the most productive part of the day for me was being able to complain to the Technical Director of Q-CERT about Q-Tel's notorious proxy server. Almost everyone in the country goes via the proxy which causes endless pain when someone decides to block an abusive user IP since the rest of the country is subsequently banned. Small problem for Wikipedia, but a huge problem for local sites in Qatar where most of the users have the same IP address...