Israeli Software

Yaron Polak, a (now former) partner with Genesis Partners in Israel, was convicted on possession of child pornography for "downloading 1,500 photos and 150 videos of fully or partially nude children onto his home computer. " After his conviction, Polak was fired from Genesis Partners and scrubbed from its website,

According to an article in - Haaretz :

"Judge Chanoch Feder convicted Polak and handed him an eight-month suspended sentence and a NIS 10,000 fine, on the charge of possession of child pornography".

Will this be an effective countermeasure to human vulnerabilities and incapability of many of us to asses threats?

Continue reading "Israeli VC convicted on kiddie-porn charges" »

Posted on December 3, 2007 12:01 PM | Permalink

December 6, 2007

One more person who committed the sin of hubris and didn't bother with risk assessment before doing stuff.

I've been getting interested in virtual worlds and their security ramifications

Virtual worlds is the next incarnation of the Internet, or the next PC...or better than canned beer.

A few years ago when I was at Commerce.net in Israel we were using a system from the now defunct Open Market - Open Market Transact.

Transact ran on big Sun iron and the salesman - Peter Stanley braqgged how all the biggies were using Transact for secure transaction processing. Companies like France Telecom, Swisscom etc... Impressed, but a colleague reminded me that the big firms try out everything and they are customers of all vendors, so it doesn't necessarily follow that the world will all be using Open Market Transact for secure transactions.

When I started seeing companies like BT, Diageo, ING using virtual worlds for collaboration, remote working and disaster simulation - I got all excited. Then I remembered the Open Market and Sun lesson - big companies will try anything once.

There is no doubt though in my mind that virtual worlds will probably have a very big and probably very surprising impact on enterprise IT. A virtual world is a terrific paradigm that maps extremely well to particular types of problem domains like simulations but very poorly to traditional transaction processing. I don't expect people to use Virtual worlds as a better way of doing sales force automation.

So what IS a virtual world -
Set off on a quest to understand this better. My first stop was Second Life, I registered, downloaded the client for Linux (I use Ubuntu Gutsy Gibbon) and well - it was not easy - even though I have high end hardware and all. It only takes about 2 hours to figure out how to walk. I then downloaded the Metaverse SDK - which looked pretty cool - and the whole setup took about 4 hours and even then the demo world was pretty excruciatingly slow. I'm going back into Second Life over the weekend and get more immersed - who knows I might get lucky..there is a lot of sex in Second Life - that much I already discovered - more than I wanted to know about role-playing in the extreme.

I recently did a threat analysis for an advanced VOD (Video on demand) system for an Israeli company and the complexity of issues around high definition content were pretty challenging. I noticed that VUDU are making the Bourne Trilogy available for Internet download on their PVR. Personally, I'm still irritated that they wrote Franka Potente out of the Bourne trilogy and drowned her at the beginning of "The Bourne Supremacy". She's been one of my favorites since "Run Lola Run".

Vudu and Universal Studios Home Entertainment are skipping over HD-DVD/Blu-ray formats in favor of what some industry observers say is inevitable - download-only distribution.

Beginning November 23 2007, Vudu started giving new buyers "The Bourne Identity" and "The Bourne Supremacy" pre-loaded on their set-top boxes in HD. Buyers can purchase a downloaded copy of "The Bourne Ultimatum", for $25 starting December 11, 2007.

While Vudu seem to have done some impressive engineering work on their STB, if they get any widespread traction, it may only be a matter of time until some irritated user cracks their box or bypassess the content protection.

Sony's CEO Howard Stringer declared a stalemate but Disney Home Entertainment president Bob Chapek announced at the Blu-ray Fest promotional event that the Blu-ray victory is only going to be slightly delayed.

In an interview on twice - Chapek was asked if Disney would follow a 20th Century Fox marketing initiative. (Fox added a "Digital Copy" version of "Die Hard 4" to their two-disc special-edition DVD release. Viewers can use the WMV version to transfer to PCs and portable media players without breaking CSS copy protection.

Disney Home Entertainment is obviously playing both sides of the fence.

"I think you can look at it one of two ways. It's either a half-step to a true digital rights management managed copy world....or it is going to be the way the majority of consumers get their digital content".

I doubt Disney really want to bite the consumer hands that feed them with ridiculous DRM schemes that have already been broken ( CSS was cracked by a Norwegian teenager in Nov 1999, and Blu-Ray was cracked earlier this year)

Disney has nothing to lose by sitting on a fence, providing tacit endorsement of weak copy protection and cheering on Blu-Ray - just so long as people keep on buying Disney digital content and the executives can make their numbers and collect their bonus.

Are more people turning on to jazz these days? FOR SURE - if it swings and feels good!

The first set was straight-up jazz for big band - numbers like Fly me to the moon and Groovin High and the second set was our show of jazz charts (arranged by band musical director, Eli Benacot) of hits from the legendary Israeli pop group - the "High Windows".

There is a limited audience for jazz in Israel - and the more cerebral and hard-core- the smaller the audience gets. BUT - there is something about the music of the High Windows that touches people. It's the music they remember from their youth - and still hear on the radio today.

There were all age groups at the gig last night - from 20 - to 60 and lots were singing along with the band and our vocalists - Danny Saguy and Shlomit Benari.

It's jazz but it's also familiar - easy to connect and easy to sing.

One of the best trumpet players today, Roy Hargrove said recently:

People are turning a deaf ear to jazz. Some of that is the fault of jazz musicians trying too hard to appear to be cerebral. They aren’t having fun playing the music and that's why people aren't coming to hear it live anymore.

What do we have to offer in the world of jazz today? It's about being innovative, which is cool. But innovation right now will come in music that's swinging and feels good. It's meaningless if it doesn't make you feel something.

I totally agree - swinging and feeling good is what makes the world goes round.

Il buono, Il brutto, Il cattivo, "You see, in this world there are two kinds of people, my friend. Those with loaded guns... and those who dig. You dig."

Last week, after a meeting with a client in Herzliya - I took the train back the office with a colleague. We met a friend at the train station and besides the pouring rain - we had one other thing in common - we are all physicists by training. The friend works at a big defense contractor and the conversation drifted to the different ways one might steal confidential data from the plant and what they were doing to mitigate threats. He's the only one of the three of us that actually still works in physics. My buddy and I both moved into programming immediately after we got our graduate degrees.

The mutual friend was proud of the prowess of their IT security staff (personally - I've met them a few times and they don't have a clue...). The company does have a strong set of procedures and high levels of security awareness.

You bet they have high security awareness - guards with Uzi submachine guns at the door will do that.

This got me thinking about our fixation with high-tech security technology countermeasures - good procedures will go a long ways to mitigate threats - as long as they are short (like the Uzi) and effective (carry a bang like the Uzi).

The Emperor has no clothes? Over half the executives at 28 global banks don't know how much they spend on risk control

Banks are in the bean counting business, but a recent Ernst and Young survey of 28 global commercial and investment banks found that 54 percent didn't know how much their organizations spend on risk control activities.

Talking on a cell phone on a bike in traffic, and not wearing a helmet - is like really ignoring risk management.

I don't get it.

How can you map a business process, record some plug numbers in an Excel and call it operational risk management?

A few years ago, I visited the Motorola factory in Israel that manufactures cell phones. They are Six-sigma certified - when a work station in the line discovers a defect in a sub-assembly, they have a pole with a black flag, they raise and the entire line stops- until the root cause of the defect is discovered and fixed.

Data security should work like that - but you need to monitor traffic and transactions first before you start buying some expensive security technology countermeasures from Symantec or McAfee.