Software Defects – The Broken Windows of Cyberspace

We are gearing up for a major push of strategic security work and as part of the backgrounding for one of the areas I will be working on, I spent an hour of my day listening to a 2009 presentation by David Rice, author of “Geekonomics – The Real Cost of Insecure Software”. which I have embedded below. It’s on the long side at around 1 hour, but certainly worth reviewing. If you can spare an eyeball, take the time to watch the presentation as Davids style is engaging and about as far from “Death by Powerpoint” as you can get.

Geekonomics: The Real Cost of Insecure Software from David Rice on Vimeo.

In typical spooky timing, a reminder about the OWASP NZ Day on July the 7th arrived in my inbox right in the middle of me watching the presentation video.

For those with an interest in security, but yet to attend an OWASP event, it’s certainly something I’d recommend (register here)- not only for the opportunity to chat to others in the industry, but for the great line up of speakers. This year, the event will again be held in Auckland and boasts the following topics:

  • Secure Development: What The OWASP Guide Didn’t Tell You – Blair Strang, Security-Assessment.com
  • I <3 Reporting – Managing Effective Web Application Assessments – Andrew Evans, Kiwibank
  • Testing Mobile Applications – Nick von Dadelszen, Lateral Security
  • Web Crypto for the Developer Who Has Better Things to Do – Adrian Hayes, Security-Assessment.com
  • Concurrency Vulnerabilities – Brett Moore, Insomnia Security
  • A Day in the Life of a WAF – Sam Pickles, F5
  • HTML5 Security – Mike Haworth & Kirk Jackson, Aura Information
  • Security File Uploads are Evil – Kirk Jackson, Aura Information
  • Security Sleeping Easy: Architecting Web Applications Securely – Mark Young, Datacom
  • Real Applications, Real Vulnerabilities, Really Exploited – Quintin Russ, SiteHost

For the developers, there are two 3 hour training courses also being held in parallel to the conference, but with seating limited to 20 participants per session, I’d suggest registering quickly to reserve your spot. More information can be found here.

Installing Windows 7 (Build 7000)

Windows LogoWow. I’m in love again.. well, maybe – I’m certainly in LIKE!

A few days ago I wiped out my gaming rig with the intention of installing the latest beta of Windows 7. The Beta was opened up around mid-January and attracted a LOT of attention, and downloads. Personally I grabbed both the 32-bit and 64-bit builds as at some stage I’d like to see if I can get an install running on the EEE.

Installation:

The 32-bit DVD turned out to be a failure, but – since I have a Core 2 Duo I was able to install the 64-bit version without issues, in fact I was struck by just how FAST it installed – I was go to whoa in around 15 minutes. In terms of peripheral detection, everything- including my Leadtek USB DVB-T tuner were found and working right off the bat.

So, first impressions are ‘wow’ and ‘cool’ and ‘I want to replace Vista PERMANENTLY’. If you have a spare machine kicking around at home, I’d fully recommend it.

Post Install:

Media Center – This just works. No fnarkling in the registry, no loading internal webservers and pointing guide downloads to a local source – it just works… with a DVB-T tuner that is – the channel names are captured but I’m not seeing the guide data getting populated within the grid. I have my suspicions that the guide may not be found as my DVB-T card is kinda ancient and may not be picking up the now/next data correctly. I know Mauricio has been testing the Win7 Media Center for a lot longer (and probably has more recent gear than I do) and, given that he’s replaced Vista on his primary media server box, I suspect he has had more sucess in this space.

I haven’t had time (or free PCI slots) to try a traditional tuner and, given the guide data in NZ is only transmitted in band for DVB-T transmissions, I’m not holding my breath.

Edit 02/02/2009: I’ve got the bug!

I wandered into the office at home this afternoon to find my Win7 rig dead. Well, running – but with no display and no ability to wake it up. Apparently others have also seen this behaviour but, unlike those commenting on the article, I have yet to have any sucess in the whole ‘turn it off and on and off and on until it wakes up’ department. So, at the moment – I’ve got a dead PC and no obvious way of sparking it back to life. Granted, it’s Beta – but this seems kind of fundamental so, assuming I can resurrect the box and get Windows 7 talking to me again, I’ll be disabling all power saving features in the hope that things don’t repeat. Failing that, it’s back to WinXP, or Vista, or Ubuntu + WINE.

Edit 03/02/2009: Aaaand we’re back

Managed to get the PC booting again, it may be conincidence, but after popping out the video card and booting off the onboard video, things livened up once more. Reinserted the video card and all back to it’s normal speedy self. Much enjoyment playing around on the system now.