A professor of gender studies at the LSE recently came to San Francisco and presented to a small group. She spoke of interesting global trends and studies being done by the school. None of them addressed the shift I have noticed in technology access by women and how it relates to security or risk.

I asked her if anyone was studying the security effect of China Mobile’s huge infusion of technology (as I wrote about before) to women in Pakistan, for example, or what the effect of social networks and innovative payment systems has had on women-run businesses in Africa. Does the American “hacker” stereotype get radically redrawn as the diversity of online users shifts?

Her blank stare was all I need to know the answer. We then discussed how flyingpenguin could fund graduate students to do some research under our direction and hopefully document and parse some of the fascinating new data for threat analysis.

In the meantime, I continue to watch announcements from various governments about facilitating technology access specifically for women in new and very large markets. Will there be an explicit security effort? Here is an example from the US:

The U.S. Department of State’s Bureau of Educational and Cultural Affairs announced today that TechWomen – an international exchange that uses technology as a means to empower women and girls worldwide – will expand to sub-Saharan Africa beginning in 2013. TechWomen will bring women working in the technology sector from Cameroon, Kenya, Nigeria, Rwanda, Sierra Leone, South Africa, and Zimbabwe to the United States for a four to six week mentoring program with their American counterparts in the United States. The U.S. Department of State is currently accepting proposals to administer TechWomen in 2013. Please visit www.grants.gov for more information.

If you are interested in working with flyingpenguin on a grant proposal, or related analysis of gender and security, please contact me.

Alan Renouf (http://virtu-al.net) has released a vCheck base script with some new vCDAudit plugins

…“vCDAudit”, unlike the vSphere health check script this is an audit script which retrieves and presents key vCD Data which is otherwise hard to find in a centralized place.

Example report:

The idea of a contest to see who can best defend against attacks sounds like a great one. Yet a recent competition, instead of ending just with the celebration of new-found talent, seems also to come with a subtle marketing spin.

Exercises included advising a start-up on cyber security during a role-playing exercise and fending off a 50-minute-long simulated cyber attack. The simulated attack involved port scans, followed by attacks on a vulnerable webserver, defacement, mail spam, a DDoS and an attempt to extract data. The teams were challenged to try to stop these attacks in real time by changing IDS, firewall and router configurations.

Oh really? They changed IDS, firewall and router configs? Was this a random/unpredictable attack and could defenders choose their own tools? It sounds like it was scripted. Let me guess, this was sponsored by a company that just also happens to sell IDS, firewalls and routers…

…the Hack Idol exercise pitted six five-strong teams against each other in a series of challenges hosted by HP Labs in Bristol on Saturday

Hosted by HP? Shock and surprise. Let me guess next they are going to say how easy it is for anyone to do the same…

[A 19-year-old computer science student], whose only practical experience involved setting up and playing around with a home network, demonstrated innate ability by tackling realistic challenges that simulated the business and practical side of managing enterprise security.

Congrats go to the winner. And then…Bada-bing! It sounds like you just need to send some money to the sponsor for their amazing tools, then do some playing around in the home, and you too will see your attackers start falling down like dominoes.

Hmm, where have I heard this before…