A compendium of recent, publicly available CSI news and content. Of course there's a wealth of content that's available exclusively with membership. Looking for the Computer Crime Survey? It's here.

Everyone Loves Penguins

In a rare flurry of Twitter activity, I fired a few tweets at one of those uber-hip social media marketing concept things on the Web, in this case, a one-day event that Vodafone Germany ran. The idea was that you tweeted something that could be a song lyric and they had a band on hand in a studio to convert it to a rock song for you. I was patently ignored by the band until my daughter suggested that I should "write something about penguins. Everyone loves penguins." Apparently this is true. I like to think that it's a sort of tribute to Linux. Linux, after all, is cool and hackery. The resulting song, misattributed to "crytorobert" instead of "cryptorobert" (translation error?) is, well, dorky:

Black Hat Europe

DAY TWO: An important development today was the appearance on the sidewalk between the hotel and conference center of two-foot-long parade of caterpillars, each nose to tail, making rather unimpressive from one side of the walk to the other. I was informed by passer-by that these are procesionarias, or Processional Pine Caterpillars (thanks Google). In keeping with Black Hat, they are covered with tiny poisonous spines. You get a nasty rash if you mess with them.

In other news, I'm interested to see whether Thomas Roth gets arrested after today's talk on "Breaking Encryption in the Cloud." It's unlikely, but not impossible. He told me yesterday at lunch that his door was kicked in by the police not long ago, after they'd received some rather distorted information about research he'd been doing on a consumer product that we'll leave nameless for the moment. An injunction against speaking about it was served, Roth's bank account was frozen, and his life was generally screwed around with, but he says he thinks that episode is pretty well over. Clearly German law enforcement was worried about the guy--I'm not sure that talking about breaking encryption is going to make him any more popular with them. At any rate, should be of interest.

DAY ONE: I'm a big fan of Barcelona, so it's pretty easy to keep my happy over here. But there's also some interesting stuff being covered here. It's midway through day one and I'd say the highlight for me so far (though I missed the first session so it might well have been Rafal Los's talk if I'd caught it -- he's got some interesting stuff in the works) was a session given by Marco Balduzzi on HTTP Parameter Pollution. As part of his research on the topic, he created a tool to test for client-side vulnerabilities on various Web sites. A test of 5000 Web sites ranked highest for traffic by Alexa showed that 30% had some sort of parameter pollution vulnerability and 14% were exploitable. These were at some major Websites -- Google, Paypal, and others. That's not to say that these were necessarily huge, dire exploits, but it was still pretty sober to see what someone next to me in the audience called a "big bucket of fail" at such high-traffic sites.

Real Clouds:

On a trip back from Europe last week we flew (with special permission, apparently) within a few miles of the Icelandic volcano that's been spewing ash (see, right there it is) into the air and gumming up European airways.

Searching for Clouds in Las Vegas

I'm headed over to Interop Las Vegas--another year and another LV Interop-- and looking forward to checking out some of the interactions of the cloud crowd with the security folks. There needs to be a *whole* lot more of that...

Senate Judicial Committee hearing

I recently gave testimony at a hearing called by Senator Arlen Specter on the subject of privacy and surreptitious webcam survelliance. This comes in the wake of the notebook theft recovery system fiasco at the Lower Merion school district, which is just a few miles up the road from me. My written testimony is here.

Will Cyber Shockwave Make Some Waves?

Commentary on a recent cyberwar simulation held in Washington DC by the Bipartisan Policy Center, as posted in our Dark Reading blog. DR also had some followup coverage on the event.

Flaws Pry Lid Off Cloud Frameworks

A recent bit of CSI editorial is a blog entry Robert wrote for Dark Reading that tackled the MyFaces group of vulnerabilities shown at the recent DC Blackhat.

Where's Robert

I've been getting around a bit of late. Out on the airwaves, I've put in a couple of appearances recently on BBC World News Service Business Report (but they only archive for a few days, so alas I can't point you to any audio). One of those interviews was actually conducted at BBC headquarters in Bush House, a bit of a landmark location, but apparently there are plans for the BBC to vacate the building when the lease is up this year.

I was in London to take part in a Forum on Mapping Cybersecurity that was sponsored by and held at the Oxford Internet Institute. It was a fascinating day, about which more to come.