A few days ago, in a heaving room above a pub in Earl’s Court, London, the great and the good of the computer security blogging community congregated to chat, share a beer or three, and discover who had been recognised in the annual European Security blogger awards.
I’m delighted to announce that Graham Cluley Security News, which was up for an astonishing seven awards, managed to win one!
Graham Cluley Security News has officially been named… Best New Security Blog!
I was deeply chuffed to receive the award on behalf of the site, less than a year after it was first created. There was some incredibly strong competition in this and other categories – to my mind it was an achievement just to be nominated at all, let alone to win an award!
I realise that firstly it would have been impossible without the great guest contributors who have offered their time and expertise to create interesting articles and help raise awareness of computer security issues.
But, furthermore, thanks to each and every one of you – the readers. Without you, Graham Cluley Security News is *nothing*. It’s because you return to the website every day, or sign-up for the newsletter, and send in tips for stories you think are worth pursuing, that the website keeps growing.
So, thanks to you all for supporting an independent security blog and adding to the display case of awards – go give yourself a pat on the back!
Congratulations, Graham! Well deserved indeed and that is coming from someone who – although is younger than you, or I think so – has also been into security (and related) for around 20 years as well, and that is from both above and under ground (something I hardly think about nowadays but it is a lie to claim I am not or more likley never have been into the other side – though it would be a lie to say I lack ethics as I always have had those and I think that is far more important). Indeed, I learned a lot interacting with virus writers of old (and indeed long for those times, in the respect of malware then versus now), studying virus source code (assembly) and some of them, that is, the writers – much to others claims – were not really all that bad (some were of course but the point there is all good comes with bad and all bad comes with good and there's generally a mixture of the two even in an environment that one might expect only to find one or the other). Of course, the bad really were bad: I remember one person, for example, who used to tell victims of CIH that to fix it they should change their computer date to April 26 and reboot (and when I was around I would immediately send the victim a private message before they had a chance, to tell them not to listen to that person and why not to listen to that person… thankfully I was one of the fastest typists of the lot!). Still, while he was this way, I helped him out when he was suicidal some years later (as it is something I'm very familiar with and because he was nice to me as well as it being part of me) because that has always been in my nature which is why I also did not like when he tried to trick unsuspecting victims into completely destroying their BIOS (and perhaps he did that out of anger or perhaps it was a warning sign). Another good example: author of Kriz. He hated me – and hate is not a strong enough word, with him, regarding me, sadly – yet ironically before he took his life, had I known he was at that stage, I would have done everything I could to support him in the way that was best (for him). But many of them were not so bad as you might expect and the background of each was very unique (some were into classical music, some were into other things and there were occasional people who were in it just for the curiosity or social aspect of it and as for each and every programmer that I got along with – and even those, more destructive ones, that I did not get along with – they were mostly incredibly talented… though much of it was used in the wrong way). Of course, virus writers is only some of it but still, the point remains the same: I've seen and heard it all and I am never surprised about any thing for this very reason. That's a brief over view of my background (I also – before the virus scene – got into the hacking scene but the original meaning of the word – I loathed when people would trash a system, it is the absolute lowest of low, pathetic and outright horrible act – and I have abandoned it due to the meaning of these days… the reality is the Internet pioneers are worthy of the title but not the current definition, something that is rather sad but not surprising, either. Personally, you debugging viruses, for example – and let us both be honest: there are some viruses with really clever anti-debugging techniques in them – as well as disassembling them, analysing, programming, that's what sadly is no longer an honour – as you also wrote about and I commented on – but instead pushed aside and what it used to be called is now a bad thing. I miss that a lot but I can only look at it the other way: that I'm a good programmer and I've accomplished a lot, including good for others, with my programming and other computer expertise, and it doesn't really matter so much, titles. This is the only way to rationally look at it because "it is what it is" and as time passes things are expected to be different). As for whether I wrote any virus? In some ways I hate to admit it but I did with serious restraint: I wrote an MBR/BS that was not Win9x compatible (in a time it was far more common), it was also 16 bit whereas 32 bit (and think: protected mode in 32 bit) was then fairly common, I never tried to (nor did I minus releasing the source) spread it, there was no malicious payload (merely a graphic and sound effect on a rare occasion during boot) and I would have never done it another way. I did learn a lot though and that's why I got in to it in the first place. There is actually a description of it on Sophos' (no idea who described it but I certainly would have made it easy, with the source available but good: that means it would be detected if someone were to spread it) website although I'll not go so far as to name it here (especially as some took the name and potentially source and made malicious versions of it, which rather annoys and sickens me. Edit: just confirmed that it very likely IS my original modified, seeing as it is 16 bit and also fits in 512 bytes! Not much I can do though…).
Perhaps most ironically, while I was in some ways (only for non destructive) pro (actually neutral and more interest in the actual techniques, the actual source, etc.) viruses it was to learn from and see the creativity (the roulette with your disks at risk [rhyme not intended], the siren/ambulance, the classical music played, list goes on), while for you it became a job and probably also finding it interesting (first multipartite, other new techniques and so on) and indeed you wrote about the lack of creativity these days. But the interesting thing about that is that while we might seem opposites in some ways (e.g., the above), the thing I'm most proud of is also what you are most proud of: a text based game you wrote (but for me it was and is a full MUD, that I not only worked on for many hours, much to the joy of the players, on an older version but wrote a new version from scratch, recently, with some old players really looking forward to beta testing [my health or lack thereof being the reason beta hasn't started] and live play). I noticed ever since I found your blog that I like and appreciate your views more and more, than from years ago (which truthfully I was full of anger and resentment and I didn't know much about you so it is expected that I had less of a decent outlook… and it was of the world, sadly but still reality).
Lastly (want to write more but need to get some sleep) you questioned whether the old timers (you wrote this on another website recently) indeed left (and stated if they were wise they would have) have left the scenes, long ago. Well, yes, indeed they have, at least those I know from the scenes I got involved in. In fact, someone I recently got back in touch with was at InfoSec the second day while he was at one of the other conventions the day prior. I don't know if you were at InfoSec more than one day but this person in particular "won" the hero camera (or whatever it was), if you were a witness to that. Either way, yes: the old scenes are mostly gone and I find it sad and bad but only because there is so much in the way of scams and more malicious intent (and a lot of it state sponsored), through and through. But again, the good comes with the bad and the bad comes with the good, and all good things must come to an end.
Any way, congratulations again, Graham, and thank you for doing exactly as I suggested (whether it is because I suggested it, I doubt, but …): informing us of the results. Keep up the great work! You do indeed deserve the title and that is completely sincere (and even if we're different in ways that is only best: variety is critical to humans survival, and looking at things from a different set of eyes and a different brain, is incredibly – if you pardon the pun – insightful).
(Hopefully you actually see this response as while I know you acknowledged me, I think it fair to express more, and also it gives you an understanding of my past, my experiences, my outlook and why exactly I am here and able to respond where I do as I do)
– Coyote, the 'werecoyote' as it were….
tl:dr
*shrug* It matters not that you read it or not.
(Yes, I am deliberately making it a bit long which is indeed spiteful).
But on that note I'll summarise it (for a reason that will be indirectly clear): SLOW READER, unable to comprehend it (makes sense since you don't know anything about me… funny though since it was hardly a technical thing) and was NOT FOR YOU (indeed, I made reference to TWO people and similar yet different backgrounds and I don't remember 'drsolly' being included in that. Who is 'drsolly' anyway? See how ridiculous your statement was? Here's another way for you to answer it: Who is 'Coyote'? See, that IS ridiculous!). I'll not list anything else like the fact that your response was so productive that you should be given a promotion….
That summary gone, here we go:
It wasn't meant for you. But whether you did mean it to me or not: I always write a lot and anyone who doesn't like it, well, I actually don't care – though I do enjoy this very much but that's because I have a twisted sense of humour (I didn't write it for them, I wrote it for me first and foremost, and then – and only some times – for others). Many actually _love_ how I write thoroughly and elaborate on things (mostly technical people and those who are actually _interested_ in the content… how surprising…). And guess what? Many don't like Charles Dickens' works for too much detail. So what? I'm sure a shark dies a terrible death for each person who puts down a copy of Great Expectations for it being too long/detailed. Frankly, if anyone finds what I wrote "too long" then it proves two to three things:
1. SLOW READER (always the case… unless maybe tired but then they'll read it later). Not fair/is mean? Well, so is life and so is the truth. I could read what I wrote in less than a minute and even THAT is quite slow (I could probably read it a lot quicker but I'm giving some time to be more fair).
2. They don't understand some/all of it. This is often the case, too, but not always. In this case – if you were responding to me – I would argue you don't understand because you didn't bother (this is an obvious reason) and it was NOT meant for YOU in the first place (indeed, why would I even offer to you anything about me? I don't know a thing about you and never will).
3. It wasn't meant for [you] (obviously the case here), as above, and whether [they] wanted it to be for them or not, I actually wrote it on my time, not their time (just like they will either read it on their time or they will not).
(And yes, I admit it: I can be quite mean especially when I had a long, obnoxious day, like today. Even then though, I have little regret on the above, because it is the truth).
Yippee, Graham!!!!! I'm going to drink a pint in your honor. Well deserved, congratulations!
Well done!!
Congratulations, and quite right too. It takes both extensive journalistic skills and an impressive depth of technical knowledge (plus a lot of hard work, of course) to be this informative and entertaining on a regular basis. Nice trophy!
Heh, so true. I border on rants (even though I always mean well) at times even though I have real valuable information to offer. I do try to tone it down and I often go back and change the way things are worded (if necesssary) because I tend to be fairly harsh. It's just part of how I grew up (see my response here even.. think I mentioned some of my upbringing). I do this with programming, security, networking, system administration and in general every thing I write about. It's a terrible habit and while I'm usually OK I have had times where I look back and think "what the hell is wrong with me? This defeats the purpose or even contradicts some of my points and I am being a complete hypocrite." However, Graham nails it quite well with all parts (it helps that he does it for a living where I do it as a life long passion but still… I've been called out on this many times, especially when I – like always – use satire and sarcasm) and so it really is well deserved that he gets this award (and the nominations of the others).
Let me restate one thing: I don't see sarcasm and satire as a terrible habit as it is actually very effective and I personally love when others use it against me (they're on top of things and then it's a game, a challenge that I will always go with: out wit them). What I do consider a bad habit is how critical it comes across and especially when it is more rant like and will detract from the entire point I'm trying to get across (or makes me look like a hypocrite). I guess you could put it more simply: if you look back and you can see how many would think what a … jerk [I] am (and that they are right, it is even worse, which I admit I'm guilty of), then there's a problem. That is something I try not to do but I cannot state I'm always able to manage that…
Mazeltov!
Well done Graham.
Well deserved. You do a phenomenal job. I completely rely on your great blog to keep myself and company in the know.
I hope you win many more awards beH.
Keep it up