A freshly etched MacBook Pro (Aka - Welcome Jameel!)



A quick note to Welcome Jameel Haffejee (email) to Thinkst.

Some of you might remember him as "the guy who did the Power Shell talk at Zacon2"..
(The talk was cool, but (in truth) I remember him as the guy that sponsored the coffee!)

Jameel has signed up as a Developer and future world-denter, so you should be reading more of him here soon.. Hello World!

Is the answer more InfoSec Conferences?

In the movie Sneakers, there is a defining moment when Robert Redford rearranges Scrabble tiles to figure out that 'SETEC ASTRONOMY' is actually an anagram.


With this in mind, I give you: SETEC CONFER MOAN (Yo!) (Click for full size)



I'm not saying that InfoSec Conferences are bad (although many a battered liver would disagree), but what i am saying is that we don't seem to be improving our security posture at the same rate as we seem to be growing our conferences. Something is not right here.

Now some people have argued that this is because conferences favor "breakers" over "builders", but I personally think that this is a red herring. If a builder with half a brain watches an interesting talk on breaking, he will no doubt start pondering useful defensive techniques. I think the problem instead is simply one of too much information. The buildup to every major conference these days includes press releases and tantalizing tweets promising Cyber Armageddon. Some talks come fully equipped with groupies and fans who seem uninterested in the technical content, but want to catch a glimpse of a security rockstar. It's all a lot of fun, but real-world value? Not so much..

This is not to say that those talks are bad, just that they may not be the ones that should be occupying your thoughts. What's missing from all this is context, and with more than half the year having some conference running somewhere in the world, all the information turns to noise.

We are hoping to help address this somewhat with ThinkstScapes.

For many, many years customers have been paying us to help them see further down the road with regard to upcoming trends and threats. Major conferences are often followed up with questions of "What did you think of XXX?". ThinkstScapes aims at answering these questions and more. More importantly, ThinkstScapes aims at raising to the surface the research and happenings that really should be on your mind, that are currently being hidden in the noise.

With a report every quarter, and ad-hoc updates on key InfoSec events during the year, we think ThinkstScapes is an important subscription for anyone who needs to understand whats going on in the Information Security space. (ThinkstScapes)

Shameless (aka: iTried on the Mac App Store)

On January 6th, Apple launched their Mac App Store. Pundits have taken pretty polarizing views on the store, with some hailing it as a boon to indie developers (since they can (trivially) publish to a world stage without worrying about credit card transactions) while others say that this is yet another way for Apple to exert big brother type control.

I think it's a healthy dose of both. As I mentioned in the past, Apple does have an amazing ability to create markets (and in the process, value) where there previously were none. Sure there were app developers before the iPhone App Store, but the question is: "How many smart phone apps did you buy before you got your iPhone?". I had several smart phones before my iPhone, but never bought an app for any of them. Of course this does put Apple in an enviable position, with identities, credit cards and eyeballs of millions of customers.

A little while back I released iTried, a simple utility that uses the built-in iSight camera to take a picture of the person at the keyboard when the apple screensaver is disturbed. I figured it would be worth checking out the submission process (which was surprisingly painless and efficient). So today, you should be able to grab iTried from the Store..

Disclaimer: It's exactly the same version i previously released online for free, and i don't plan on retiring on the proceeds, so if you want a copy but don't want to pay for it, just drop me an email.