[SecurityRatty] tag: zealand

Spam is silenced, but where are the feds?

Tue, 25 Nov 2008 02:00:00 +0000

On Oct. 14, the U.S. Federal Trade Commission, with help from the U.S. Federal Bureau of Investigation and New Zealand police, announced that it had shut down a vast international spam network known as HerbalKing.

Spam is silenced, but where are the feds?

Mon, 24 Nov 2008 21:00:00 +0000

FTC, New Zealand hit one of world's largest spam operations

Wed, 15 Oct 2008 00:00:00 +0000

Government agencies in the U.S. and New Zealand say they have sued the people behind one of the world's largest spamming operations.

FTC, NZ authorities hit massive spam operation

Mon, 13 Oct 2008 20:00:00 +0000

Government agencies in the U.S. and New Zealand say they have sued the people behind one of the world's largest spamming operations.

VMworld 2008 Keynote with Paul Maritz

Wed, 17 Sep 2008 15:00:53 +0000

Traveling towards VMworld 2008

I, along with thousands of others, wended my way through a vast dimly lit cavern of a place helped along by the strangely surreal sight of ushers in black waving wispy red flags to guide us not to the empty seats in front of us, but to the ones 50 yards on. (Ah Vegas, my feet hurt already.) Perhaps the point was to live in the moment, soak in the pre-rock concert atmosphere complete with a hip and cool soundtrack ripped off from Apple commercials. (Do they all use the same ad firm?) A better way to build the anticipation for, yes, the kickoff keynote session at VMworld 2008. (photo credit: lodev)

To the sounds of Hey Ya (Shake it like a Polaroid picture), we shifted forward in our uncomfortable temporary seating placed, as at all tech conferences, too close for all but the skinny girls. The moment was here – one of those videos started playing on the dozen or so huge monitors floating above the convention crowd. You know this video; you’ve probably seen it before from HP or someone like that. One of those videos with instrumental Coldplay music in the background with time lapse/speeded-up video of people in motion and floating captions dropping into the images that leave you with a slight smile on your face as you “get” the relationship between image and text. (Do they all use the same ad firm?)

And here he is, announced like a Vegas headliner, Paul Maritz, the new CEO of VMware. Hmm. After all that hype, I rather expected someone in a black turtleneck and jeans to come out. Instead here’s this guy with pleat-front pants and an admittedly cool accent (New Zealand?) who looks a little like Al from Home Improvement. Not that there’s anything wrong with that – everyone likes Al.

And then the real fun begins.

30 years ago, Paul Maritz started off his business career as a developer
10 years ago, VMware was founded by Diane Greene and Mendel Rosenblum (BTW, 10 seconds spent showing a slide with cartoon-ized images of the founders, “thanks for what you did for the company for the past 10 years”. 10 seconds after 10 years…but maybe more would have been hypocritical…)
a retrospective of centralized vs. decentralized computing initiatives from the 1960’s to today
of course VMware milestones from 1998 to today
and then an analyst-ready diagram showing the product roadmap (to be delivered in 2009) with, you guessed it, finally a connection between VMware and cloud computing (remember Maritz’s cloud-computing company was bought by EMC just a couple of years ago and that’s the section he headed up at EMC before being brought into VMware).

Forward Looking

2008 (and probably much of 2009) will be a very busy year for VMware. If you believe the roadmap, VMware seems to be taking on the management of everything – from chargeback and capacity planning to virtual storage and virtual networking (more to come on just what the planned vStorage and vNetwork will deliver) – but all of it VMware-centric. As we said in an earlier post, they’ve moved away from “defending” the hypervisor business proposition to focusing on management services on top of their own hypervisor platform. Revenue pressures must be excruciating – who wants to be a public company these days?

The best part of that new “Virtual Data Center Operating System” diagram/roadmap was the addition (and I mean addition) of something called Cloud vServices. (Did anyone else find it odd that Cloud vServices is kind of on its own in the Infrastructure vServices area? AND, I’ll have to get the other version of the diagram/roadmap I actually saw at the show because that one shows an inexplicable 4^th box in the Application vServices area titled “…”. Really. Maybe to balance out the addition of Cloud vServices?)

What was clear is that the move from VirtualCenter to vCenter –and the new vServices for rolled-up management of virtualization components/capability to span multiple VirtualCenters (or future vCenters) for reporting, monitoring and management at scale – has been in the works for a bit (but in tech time, that could mean 6 months), but the cloud stuff…not so much.

Beyond the very high-level speak appropriate to a keynote (100+ service provider partners for off-premise cloud…suspended VM’s that you don’t have to pay for until you need it), the details are uber-fuzzy. There was a session that Dave went to which was supposed to shed more light, but when questions were asked about how it really works, the answers seemed to be TBD. Does anyone know more? If VMware really has figured out practical cloud computing for enterprises, kudos to them. But I fear they’re like everyone else (except maybe AT&T) and are still working out the details.

Do You Speak E-Discovery? You Should, Even in Europe

Thu, 24 Jul 2008 08:05:25 +0000

How often have you watched the news on television and seen people carrying boxes full of electronic media and digital files out of some well-known company's headquarters? It's a familiar scene in the United States, because of the number of companies subject to e-discovery actions. But even though this subject is disturbing the sleep of CIOs in companies large and small in the U.S. - and even though vendors of tools supporting e-discovery are all looking for the next "killer app" - most Europeans just look on and say, "What on earth is this 'e-discovery'?"

The concept of legal discovery (called "e-discovery" when electronic information is involved) is unique to the "common law" countries - notably the U.S., the U.K., Canada, Australia and New Zealand. Discovery in common-law civil litigation is a form of interrogatory in which both parties agree to the pretrial exchange of information, so that the plaintiff can prosecute a cause for action and the defendant can build a defense. By contrast, in countries with legal systems based on the Roman or Napoleonic traditions - which is to say, most of continental Europe - the obligation to produce information that is relevant to the cause for action is nowhere as comprehensive as the obligation attached to discovery in common law.

There is an important difference between criminal and civil litigation, irrespective of a country's legal system. In a criminal case, if the authorities have a warrant or an indictment, the subject is obligated to produce relevant information, and this is true both in common-law countries and in continental Europe. In civil litigation, however, only common law requires the pretrial production of information and its exchange between affected parties. In non-common-law civil litigation, the relevant information is produced before the judge for consideration and evaluation.

Despite these differences, there are some important lessons for all Europeans about e-discovery and about legal discovery in general. The first is that if an external party demands information, whether during civil or criminal proceedings, it pays to deliver that information quickly. Gartner has seen many cases where enterprises simply didn't know how to find the requested information or couldn't produce it for several days - just long enough to generate some damaging media coverage.

The second lesson: It also pays to be able to deliver precisely the information requested. Law enforcement officers may seize folders and binders, disks and tapes, files and e-mails, reports and logs - anything they can get their hands on, really. This may include information that is not relevant to the case, and it may include information that is highly sensitive. This information will be reviewed, processed and analyzed, and some of this sensitive information might leak to the public or to competitors. It's much better to be prepared to hand over just the requested and required information.

The e-discovery landscape is made even more confusing by international jurisdictional differences. In the global economy, a business relationship with an entity in the U.S. is becoming more the rule than the exception. But a company's duty to release information following a U.S. legal discovery claim - for example, for a European subsidiary - and how that would be seen in relation with European privacy legislation remain unclear at best. E-discovery rules require quick delivery of information that has not been tampered with, but privacy protection requires that personal data be removed first.

E-discovery simply does not exist in most European legal systems, but European companies would be well-advised to familiarize themselves with the concept, in case an e-discovery claim originates elsewhere. Companies that have processes and automation for information archiving and retrieval, document and records management, and a retention policy (including disposal when information is no longer needed) will be well-prepared for any e-discovery claims that arise.

New Zealand botnet master walks free

Mon, 14 Jul 2008 20:00:00 +0000

Owen Walker, the 18-year-old Whitianga resident also known as Akill, was discharged without conviction in the High Court in Hamilton today, reports the New Zealand Herald.

Use Cases for Identity Management in E-Government

Thu, 22 May 2008 02:22:47 +0000

E-government provides a special and complex use case for identity management systems, first because the needs of some parts of the government (such as law enforcement and national security) are often at odds with the service-oriented aspects of government, and second because of the unique role government plays in the life of the citizen. The blurring of responsibility and accountability might facilitate this: e-government identity management systems aren't straightforward to implement. Culture and history strongly affect the nature of the identity management system that might be acceptable to citizens in particular circumstances, with levels of trust in government being a key factor. In this article, the authors discuss these issues, present an e-government use case from New Zealand, and describe how the New Zealand implementation differs from several other identity management systems around the globe.

Friday Squid Blogging: They're Defrosting a Colossal Squid in New Zealand

Fri, 02 May 2008 12:04:48 +0000

News here, here, here, here, here, and here. And stories about the squid's big eyes here and here.

(It is certainly colossal: 1,089 pounds and 26 feet long.)

There's live video. There's also a lecture series. Video will be available on the Web.

TechEd North America 2008

Sun, 13 Apr 2008 11:02:13 +0000

I will be speaking at TechEd in Orlando in June (and probably the TechEds in Australia and New Zealand in September). The Connected Information Security Group - CISG, part of the Microsoft corporate information security team are working on a technology framework and set of applications to support corporate information security management programs. The Microsoft and [...]