Sunday's Portion of Hahaha

While patiently waiting for the future adventures of Monica Furious, I came across a nice collection of cartoons. I'm sure you'll find these two very entertaining - "The Disabled Cookies" and "The Spam Prison".

Web Economy Buzz Words Generator

Whether looking for VC cash, or having a quota to meet being a salesman, some of these may come handy or pretty much make someone's morning.

Here are my favorite:
e-enable integrated mindshare
empower impactful infomediaries
architect compelling ROI
productize 24/7 e-services
recontextualize compelling ROI

Doesn't matter how well you project your success, if you don't have an elevator pitch worth someone's attention span, than you don't know what you're doing, but marely relying on the web economy's state of buzziness -- this is another one. Try some copywriting exercises too.

Four Years of Application Pen Testing Statistics

Invaluable :

"The article presents a unique opportunity to take a peek into the usually secluded data regarding the actual risk posed to Web applications. It shows a constant increase in risk level over the four years and an overwhelming overall percentage of applications susceptible to information theft (over 57%), direct financial damage (over 22%), denial of service (11%) and execution of arbitrary code (over 8%). The article analyzes results of first time penetration tests as well as repeat tests (retests) in order to evaluate the evolution of application security within Web applications over time."

Lots of figures respecting your busy schedule, and the authors' data pointing out how the lack of repeated testing, and the "security as a one time purchase" mentality, actually means a false sense of security. Having a secured web application doesn't mean the end user won't be susceptible to a client side attack, and having a secured end user doesn't mean the web application itself will be secured, ironic, isn't it? Perhaps prioritizing the platforms to be audited, namely the major web properties, could protect the always unaware end user to a certain extend -- from himself. Related comments.

Foreign Intelligence Services and U.S Technology Espionage

Talking about globalization, like it or not, perceive it as a threat to national security or a key economic benefit, it's happening and you cannot stop it. Nothing else will add more long-term value to a business or a military force than innovation, and when it comes to the U.S military's self-efficiency in R&D, it's pretty evident they've managed to achieve the balance and still dictate the rhythm.

The methods used aren't nothing new :

"The report says that foreign spies use a wide variety of techniques, ranging from setting up front companies that make phony business proposals to hacking computers containing information on lasers, missiles and other systems. But the most popular methods of attempting to obtain information was a simple “informational request” (34.2%) and attempts to purchase the information (32.2%). Attempts were also made using personal relationships, searching the Internet, making contacts at conferences and seminars, cultural exchanges."

What's new is the actual report in question - "Technology Collection Trends in the U.S. Defense Industry". OSINT is also an important trends gathering factor, and so is corporate espionage through old-fashioned malware approaches or direct intrusions, and it's great the report is considering the ease of execution on these and the possible network vulnerabilities in the contractors :

"DSS also anticipates an increase in suspicious internet activity against cleared defense contractors. The potential gain from even one successful computer intrusion makes it an attractive, relatively lowrisk, option for any country seeking access to sensitive information stored on U.S. computer networks. The risk to sensitive information on U.S. computer systems will increase as more countries develop capabilities to exploit those systems."

Then again, what's produced by the U.S but cannot be obtained from there, will be from other much more insecure third-party purchasers -- how did Hezbollah got hold of night vision gear? Or even worse, by obtaining the leftovers from a battle conflict for further clues.

The bottom line question - is the illegal transfer of U.S technology threat higher than the indirect leakage of U.S educated students taking their IQ back home, while feeling offended by their inability to make an impact were they a U.S citizen?