Following the Wh1t3 Rabbit - Practical Enterprise Security

Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.

Rafal (Principal, Strategic Security Services)

Displaying articles for: December 2011

Hacktivism - the end result versus the end goal, they are different

Happy New Year friends ...may you have more freedom, more creativity, and more capability in 2012 and beyond.  As they say back home - "To health, wealth, and your wildest dreams coming true!"

Labels: Hacktivism

Significance of the 'death of the document web' to security

  I've been thinking about where the Internet as we know it will be evolving to a lot lately, given the technology space I work in and the type of research going on around here at HP ...but one really interesting theme lately has been this heralding of the "Death of the Web" ...or put more accurately - the "death of the document-based web".  This article on GigaOM by Dominiek ter Heide caught my attention... because it was actually a really good, rational explanation of what I completely agree with is in the process of already happening.

Data Loss Prevention - Step 4: Prevent Network Cross-Connect

 Welcome to the 4th installment of the 7-part series on doing better, smarter, and more effective Data Loss Prevention without the typical "network appliance solution" approach. I will start out by telling you there is no easy way to implement this recommendation. There are no easy ways to implement the prevention of network cross-connect except for mainly vigilance... and perhaps a few suggestions here.

The criticality of attribution in volatile situations

 My good friend and colleague Will Gragido ran our first ever holiday year-end wrap-up podcast the other day and one of the topics we covered was attribution and how critical and difficult it was in the era of the Internet. Now, attribution is the process of properly attributing (which is defined as to regard as resulting from a specified cause) some event to its proper cause - and I mention all of this because in a world where sometimes we feel like we live in a powder keg ready to explode at any moment - attribution becomes the linchpin which holds things in the balance.

Labels: attribution

Healthcare IT on life support - steps to prevent being a victim

 What in the world is going on in the healthcare industry? Is every institution out there getting laptops, desktops and other devices stolen with patient-sensitive data on them? Worse yet, how do the thieves know which devices are unencrypted? This is serious, folks!

The delicate balance between raising awareness and making people afraid of technology

 You all know that many of the posts here on Following the Wh1t3 Rabbit are inspired directly from conversations and requests from you, right? This post is no different for putting my thoughts on this rail goes to Michael Allen (aka @_Dark_Knight_ on Twitter, go follow this guy) ...based off of an interesting conversation we had over email on how you would react if one of your main competitors were to experience a massive, public data breach.

3 steps to safer gadget giving

 The holiday season, dare I say Christmas or Hanukkah, is upon us and it's that time when many of you will be buying cool gadgets for your friends, spouses, and family. I'd like to take a few minutes outside the regular path of this blog to address 3 pieces of advice which may save you and your loved ones some frustration, anxiety and maybe headaches this holiday season.

Labels: security

Steps to Avoid Mental Stagnation - Or how to re-awake your inner hacker

 Working in corporate IT can be mind-dulling, believe me I can sympathize. If you're lucky enough to be a security researcher, penetration tester, or hands-in implementer of newest technology then you're one of the lucky ones - the rest of IT Security folks aren't so lucky.

Labels: education| hacking

Enterprises with trust issues - separation of duties for system administrators

 This article caught my attention ... "Laid-off IT worker accused of hacking, crashing Missoula company's servers" and made me think of a company I worked with around the time of the dot-com bubble burst where we figured out this very issue ...almost a decade ago.  Trust is a difficult thing to work out in any size organization as it is as much a human nature problem as it is a technical control...

Is Google+ Enabling Your (Inner) Stalker?

Yesterday, as I logged into Google+ I was asked a question which I'm sure may of you have already seen. Google asked me if it could turn on the "Find My Face" feature. I know I'm not alone when I say my first thought was "creepy!" ...

Labels: Innovation

Analyzing the Poneman study on privileged users: 3 steps to build your process for employee access rights

 You trust your employees and administrators with the most critical technical functions in your organization - but they're only human. Curiosity gets the best of everyone eventually, and when it does do you trust your technical controls to keep those that are manning the ship from peeking at its secrets? How much access do those employees and system administrators have to your critical intellectual property, company secrets and other secret information - and how often do they take a peek behind the curtain know, just for curiosity? The new study by the Ponemon institute, sponsored by HP Enterprise Security and released recently.

Data Loss Prevention - Step 3: Engage Physical Security

 This post is episode #3 in the "Data Loss Prevention - Without the New Blinky Boxes" and I encourage you to look for the other 2 posts in this series by clicking the "data loss prevention" blog label (below) to find the others to get a feel for how I got here to this post. This series is really about how to get a data loss prevention solution without the need for more boxes in your data center. If you, like I do, believe that true DLP comes from a holistic approach rather than a network-based device on.

Is healthcare IT security on life support? Try 3 steps for a healthy balance

 Healthcare is an interesting animal when it comes to IT Security. While there is a constant need to stay cutting-edge, there is this requirement for keeping costs down for reasons I really don't want to get into here... The need to stay cutting-edge is rather obvious; the latest advances in technology can mean the difference between life and death to a critical patient. In healthcare, sharing information is both a blessing and a curse, with requirements for openness balanced requirements for confidentiality and security pushing and pulling at IT Security professionals at incredible pressures.

Plagiarism in IT Security - Walking a Fine Line

 As many of you are familiar by now, I ran into a recent incident where an individual was shamelessly copying my work (and that of many, many others) and putting their own name on it and calling it original - then posting it to their company blog. The result was one of the fastest and most sincere resolutions I've personally ever witnessed, and while I don't need to recap the whole issue in this post (because you can read it here) one thing kept coming up over and over ...

The 'Security' Impact of Performance

 I keep reading about how Distributed Denial of Service (DDoS) has been in the past, and are being, used to cause all sorts of damage. A DDoS is an attack where hundreds, thousands, or millions of zombie computers/systems are used by someone or some group to send fake traffic to a particular website or place on the Internet. The result is something that is analogous to attempting to get to the gate when they call "business class" and there are 200 economy class people standing shoulder to shoulder waiting for their turn... it's a struggle to get through, if you can make it at all...

OWWWS - The Other Form of Occupy (Occupy World Wide Web Site)

 Much of the vulnerabilities we hear about in technology systems are exploited for the purpose of financial gain, competitive tactic or simply for the challenge of doing it. One especially common vulnerability can cripple the infrastructure of your website from what’s called a denial of service or DOS attack, and a more sinister version called a distributed denial of service (DDOS) attack. In these attacks, your website is bombarded with SYN-flood or other low-level network activity that overloads the physical infrastructure of the system.  There are; however, more dangerous and difficult to detect variants that you may be causing yourself ...

Imitation, Flattery, and Unfortunate Plagiarism in the Information Security Industry

This issue was resolved in record time, thank you to Michelle Gorel from AVNET Corp. Communications for making things right in absolutely record-time, on a Saturday night.  I can only wish everyone who struggles with plagiarism the same type of experience as I had.  Read the last update at the end.


It's been said before that imitation is the most sincere form of flattery.


  Then why do I feel so violated, after finding out that Bennett Bayer (otherwise known as @MobilityPath) of AVNET Technology Solutions has blatantly stolen (at least one) blog post I've written here on Following the Wh1t3 Rabbit and posted it on his company's blog as if he wrote it?


  A few colleagues alerted me of the fact that my blog, amonst claims of many others, was directly copied without attribution.  I'm a big proponent of fair use - but in information security we've had a major problem lately with people stealing content and calling it their own - this is yet another example.


  Let me point you to a blog post I put up on October 3rd, 2011 about the difficulties of measuring IT Security performance (here: and you can compare that with Bennett's blog post on October 8th, 2011 ...(right here: ).


  Notice anything?


Busted, Bennett, stealing content.  You should be ashamed of yourself.


  This wouldn't be so bad if he had said something like "Original posted on Following the Wh1t3 Rabbit, an HP blog by Rafal Los, here <link>" ... but instead he decided to put his name on it as if he wrote the post, and put it on his company's blog.  I don't know about the place you folks work - but if I was stealing other company's content and calling it my own on my company's blog ...I'd likely face disciplinary action ...let's hope AVNET has a strict policy against intellectual property theft.


  So far, the AvnetComms Twitter account reached out to me to tell me they were investigating... Since they are a large professional organization I will give them the benefit of the doubt that the right people are being contacted, and the situation is being rectified as quickly as possible.  I will update this blog post as I hear back, or as the situation is resolved - however it comes to end.




Update:  1:41pm Central Time 12/3/2011

Apparently, the folks over at AVNET take this seriously, as Bennett's entire blog appears to be pulled.  Well done, however, I (and the rest of the security community) are still waiting for a formal acknowledgement of what happened, and what AVNET will do to prevent this in the future.





Update: 6:15pm Central Time 12/3/2011


 ...Apparently AVNET has removed Bennett Bayer completely from their blogging platform.  Long-overdue reforms, apparently.  I knew they would handle this swiftly, and appropriately.

  Well done, AVNET staff.


 I'm sure this is not yet the end of this saga... but we're well on our way to getting past this.







Update: 7:24pm Central Time 12/3/2011

  Simply, in a word - wow.  Michelle Gorel contacted me to let me know that the issue has been resolved.  I know some of you that I was speaking with on Twitter over this topic were saying not to hold my breath for an apology, full resolution - I'm really excited to report you were wrong.  I know that some of you struggle with having your hard work copied and someone else's name on it ...don't despair.  Report it, the community is behind you.



Update: 4:58pm Central Time 12/4/2011

  I just received an update and multiple confirmations of a public apology being posted on AVNET's landing page (!/MichelleGorel/status/143464306636365824 ) here:




  Every organization lets bloggers and their employees have a certain amount of freedom, I know I enjoy freedom from editorial review as well when we report plagiarism (as blantant as it may sometimes be) it's really the response that matters most.  I don't know that I have heard of a faster, more sincere response than I've gotten from the folks over at AVNET.  It's clearly a world-class shop, with people like Michelle keeping everyone honest.  Thanks for making it right.

Labels: News

Getting Information Security Back to Basics - Change Management & Process Improvement

 Yesterday, my media team suggested I pose a question to my Twitter followers to "ask me anything HP security related" ... for a live "from the conference" webcast we were going to do. I got the usual softballs on HP Enterprise Security products, services and strategy ...but like clockwork I got one that was really difficult to answer off the cuff. If you follow the broader security community on Twitter, you probably already follow my friend @ChrisJohnRiley and know he's a snarky Austrian to begin with, but when given the opportunity to stump me he couldn't pass it up.  So Chris - I hope I have a good answer for you ...

About the Author(s)
Follow Us
Twitter Stream

Community Announcements
HP Blog

Technical Support Services Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation