We are still here (thanks to those of you who've written to check)....however the core team have been busy on other projects (and their day jobs)....which all in all has meant slow progress.

Time waits for no man, and there is obviously an awful lot happening in the security world of late with a large number of high profile attacks (iCloud Celebrity photos and JP Morgan are the latest as I write this). We plan some updates to the site this Autumn and Winter (from a Northern hemisphere perspective).

We've got some new ideas for patterns and and a number of developments on tools and methodology. Want to help? Get in touch at the usual address- info@open......

Thanks, OSA Core Team

We've added a new icons to the 13_02 set for an upcoming PCI pattern. We now have a White Hat to represent an ethical 'hacker' (I place it in quotes as the term originally meant computer user who hacked together code quickly to achieve a given objective, and has somewhat changed meaning in recent years), a.k.a Pen Tester.

The black/white hat took it's inspiration from the Mad Spy vs Spy comic, a firm favourite when I was younger, especially the rather good game on the C64 :-)

As usual the icon has been added to the icon library as SVG and PNG, and is included into the icons packs

When we founded OSA a few years back it seemed likely that we would soon inhabit a world where IT Security and the management of IT Risks would be a crucial part of the equation to ensure that our society and it's industrial, commercial and economic systems functioned effectively. There was already a strong case for ensuring that computing architectures were secure for financial services but it was less clear on the importance of security for Industrial Control Systems, or the need to ensure that social networking and information providers maintained high levels of integrity.

The pace of change has been surprising. We have seen sophisticated malware attacks on factory and process automation systems for critical infrastructure and utilities. A dramatic escalation in the skill of attackers from script kiddies looking for recognition amongst peers, to well funded criminal gangs exploiting credit card information, and finally towards nation states and espionage

Given this backdrop the latest impact from a twitter hack caught my eye last week:

http://www.guardian.co.uk/business/2013/apr/23/ap-tweet-hack-wall-street-freefall

Whether this was used for financial gain remains open to speculation, but the impact of this attack in an era of high frequency trading was dramatic, and the opportunity to exploit misinformation on this scale for significant financial gain is unquestionable.

It certainly suggests that an investment in 2 factor authentication is a worthwhile addition if you have a high profile Twitter account. Perhaps we will see some form of trust mark evolving for those accounts or information sources that are more trustworthy and have a certified degree of integrity...

There have been a remarkable number of news items lately on hacking operations uncovered at large organisations that have exfiltrated significant volumes of data and gone undetected for 6 months plus. The Qinetic example that Wired mention is typical of the breed.

Chinese 'Comment Crew' hackers emptied QinetiQ of top-secret military data

We're working on an Advanced Persistent Threats Pattern at the moment which will loaded as a draft into the library shortly for comments. If you have experience in this space and would like to comment please get in touch on the Info@ email address

Thanks, OSA Core Team