Too much good content on the blogosphere
I must say that I should be writing ten times more than I'm actually doing these days. The main reason is that the subjects that I've been interested in writing about are so great that I don't want to just throw a simple post about them. I'm trying to give some room to my thoughts on them before writing down something, but I decided to at least point to what is making me think lately. The three subjects are:
The Information Security profession: I talked for some minutes about it with my friend Fucs. He posted something about it in his blog and started a discussion on Linkedin. I have my own thoughts about it and I'll write about them here too.
How to improve security as a whole, or how to improve security decision making. I sent a proposal for a RSA presentation on it, that was not accepted. Our current risk assessment and management models don't seem right to me, and I have a perception that most of security decisions, roadmaps and strategies are simply fairy tales. I was glad to see the last rants from Marcus Ranum, where he pointed to a lot of those things. I'm not as pessimist as him, as I think we can find alternative ways to think about security and to have better decisions about it. A lot of the issues he mentioned are old facts about society and corporate culture, they haunted Quality and Safety disciplines far before they started to be a problem on information security. I believe we should look to our past for things like that and try to find how we have managed to find a balanced state for them. Maybe we haven't, and we just need to figure out how to deal with that too.
The last one, again something from my conversations with Fucs too. This time, some new ideas about botnets Command and Control systems, improving things we presented in 2007 at Black Hat Europe. Conficker has come implementing some of those concepts, and we are seeing how well (or how bad) they worked and what could be done to improve it. I must say we have some great ideas, but I would really like to find something more on the detection and defence side before going into a presentation again about it. Let's see where our chats head us to in the near future.
Basically, that's what's in my head now. Feel free to drop comments on them if you want :-)