I'm a GCFE. But Will I Use It?

IMG_1585_1.jpg

I’m now a GIAC Certified Forensic Examiner (GCFE). Honest! I’ve got a certificate and everything. It even came framed: GCFE Certificate

According to the blurb:

The GCFE certifies that candidates have the knowledge, skills, and ability to conduct typical incident investigations including e-Discovery, forensic analysis and reporting, evidence acquisition, browser forensics and tracing user and application activities on Windows systems.

I’ve got no idea if I’ll get to use these skills. The company I work for is considering applying for us to offer PCI Forensic Investigator (PFI) services, and in order to become eligible there needs to be a number of us suitably qualified. If I were to become a PFI it would sit nicely beside my current PCI QSA designation, so as well as auditing organisations to ensure they adequately protect credit card information, I could also be called on to conduct a forensic investigation in the event they suffered a breach of cardholder data.

The course was fairly intense but it mainly focused on Windows forensics. I’ll probably need to follow this up with the Advanced Computer Forensic Analysis and Incident Response course so I can thoroughly investigate attacks across the network and on multiple platforms.

I really enjoyed the course. The technical aspects were superb and the forensic toolkit that shipped with the course has already come in useful. The course is not just technical however, it also covers the procedural side of forensics and e-Discovery. This is necessary, but being a US-based course it was based on US federal legislation and procedures. I’ll need to bone up on the related Australian legislation and evidentiary procedures to ensure I’m doing the right things to satisfy chain of custody and admissability of evidence for any investigations here.

Review of 2010 / Plans for 2011

A few years ago on BBC2 in the UK there was a programme called Dave Gorman's Important Astrology Experiment. I don't know if you watched it but the concept behind the series was that Dave would follow exactly what was recommended for his star sign in a selection of horoscopes, and then see how that affected his happiness. For measuring happiness he used the triad of Love, Health and Wealth. happiness-triad.jpg

It was a funny series, but the reason I mention it is that I've always thought that using the happiness triad is a really good tool for life planning. If you think about it, most new year's resolutions will fall into one of the three boxes.

I thought I'd share a few of my plans for 2011 and also look back at how 2010 measured against my own happiness triad.

Review of 2010

I'll start with last year. For Love, that's got to be a big positive because me and Rach finally tied the knot. Lauren makes me happy every day. All is well in the Haines household on the Love front.

As for Health, that's been a mixed bag. I had no real health problems last year, with the exception of a few warning signs that it was time to slow down. I managed to lose a few pounds before the wedding, and then proceeded with much fervour to put them straight back on again during the month I had off work for the wedding and honeymoon, and 3 weeks for xmas.

The warning signs were mainly due to too much drinking. I don't drink a fraction of what I did when I was in the Navy. Maybe that's the problem? In the Navy drinking was pretty much mandatory so my tolerance to it was much greater than it is today. In 2010, I didn't drink that often, but when I did it tended to be binge drinking. I had some really good nights out which involved drinking far more than is good for you, and on a few occasions i started to develop numbness on one side of my face after a drinking session, or during, which isn't a good thing. A kind of Bell's Palsy apparently, according to a nurse friend of ours.

So on the health front it was a mixed bag.

Finally there's Wealth. I look at wealth in two ways - financial wealth and wealth of knowledge.

Financial wealth was going quiet well for most of the year. I've managed to maintain my 4-day a week job while steadily, but not greatly, growing the IPChitChat business. Although I still don't draw a salary from IPChitChat we did make a few payouts for ourselves during 2010 as a return on investment. This meant we were in a lucky position that Rachelle was able to give up her job and come and work from home for the business.

All was going well with the finances up until the wedding. As much as you plan and budget, it always ends up costing more than you originally planned. And so it proved. Even though it was a relatively cheap wedding by comparison to the standard these days, we've still left ourselves with quite a bit of debt which I'll probably be paying off for the next 2 years! This means that coming into January Rach has started looking for a part-time job again just to help us through this sticky patch. It's funny how there seems to be an inverse relationship between love and wealth when it comes to getting married!

In terms of wealth of knowledge, I feel that this is where I made the most gain in 2010. I was very lucky to travel quite a bit during 2010 and travel does indeed broaden the mind, even if I did spend most of it in bars! Similarly, I maintain an interest in lots of different subjects and read extensively. I don't know about you but I find as get older my thirst for knowledge increases exponentially. Importantly I learnt an enormous amount that will contribute to growing my business.

On the business side of things I may look back at 2010 as a year of procrastination. There was no real major achievement but like I said, I did learn a lot. It's amazing how much you learn by doing the wrong things. I spent far too much time during 2010 just trying to get things to work, rather than concentrating on the big picture. I don't know how many hours I lost messing about with technical things that really should be left to someone who knows what they're doing. I've learnt that lesson. At the same time, those hours spent learning the technical side of business will help me in the future. I'll explain more when I discuss plans for 2011 below.

So all in all not a bad year. Am I happier at the beginning of 2011 then I was in January 2010? I'd say yes, I am.

Plans for 2011

If we look at the Love side of the happiness triad, well I'm married now so I suppose it's just downhill from here! Just kidding. The emphasis for 2011 needs to be on life-balance. It's very easy to just get obsessed with work and forget that there's other people in my life. Even though I have a job and a separate business, I need to be conscious of the fact that i need to put some time aside as family time. All work and no play makes Jack a dull boy, as the saying goes.

Health, now that's a continuing battle. I know I've probably said this the last 10 years in a row, but this is the year when I get really fit and healthy. Honest.

Wealth. I spent most of 2010 having my finances under control. My credit card balances were 0 because i paid the balance off in full each month. That was until the wedding. 2011 is going to be a frugal year. I've already made a concerted effort to reduce expenses. The next goal is to increase income, and the way I'm going to do that is through the business.

I've now launched netcloudsecurity.com which will hopefully contribute something, but that's more out of a response to events. The problem with providing services, of any kind, is that the amount of $ output you get from it is entirely dependant upon the number of hours you put into it. The ultimate goal is surely to create passive income, where you create something that continues to generate revenue without further work from yourself.

In the next few weeks I'll be launching another website, which will be my main focus of attention for the 2011. This website draws on my experience as a PCI QSA and will hopefully be something that will help many businesses and individuals.

They key business lesson that I've learnt from 2010 that I will apply to this year is that I definitely need to focus on the core activities that generate revenue. As I've said, far too much time was spent in 2010 troubleshooting technical problems and learning new technical skills. For example, I spent many a hour last year building my new PCI site using the Drupal Content Management System (CMS). Drupal is a fantastic CRM and in the right hands, can do everything you want it to. To save a bit of money and due to budgetary constraints, I decided to build the entire site myself. Whilst I got the majority of it built I spent hours if not days messing about trying to get some of the basics working, such as displaying my content correctly in RSS feeds.

Last week I finally gave up on Drupal and the new website will be shortly launching in Wordpress. The Wordpress CRM is great for getting sites up and running very quickly. It perhaps doesn't offer all of the features that Drupal does but who cares, it's content that's important. I realise that now.

For IPChitChat we had some great success with outsourcing, and we're now at the point where if we want anything doing technically with the website we'll simply outsource it. We've finally found some developers on Elance.com that we're really happy with and trust. The developers we chose are a company in Vietnam. We placed a number of projects on Elance with them last year and because they're a) extremely affordable, b) professional, and c) quick to respond, we'll be using them for the majority of our technical work in 2011.

You may think that you are saving money by doing it yourself but you're really not. I now follow my own advice that I've spouted many times before - you need to put a price on your time. If it takes you 2 weeks to do a job that an external developer can do in 2 days, is it really saving money to do it yourself?

As an example, we had 3 jobs that we asked our developers to do last week. They did the entire work in 2 days for a total cost of $175. It would have taken me a week at least. A week of my time is worth far more than $175.

I said previously that all the lost time in 2010 doing technical work was not entirely mis-spent. This is because having a certain level of knowledge really helps when you outsource work to others. For instance, If I decide to build any new sites in Drupal and outsource the work, I'm confident that I'll be able to draw up detailed specifications for the work, and be able to properly vet what gets delivered. There's also lots of small technical jobs that I'll be able to do quickly myself without having to outsource it.

In summary, for 2011, the goal is to maintain the Love score, but improve on Health and Wealth.

Manila to India

I've recently returned from a work trip which included my first ever visits to the Philippines and India. The purpose of the trip was to carry out a PCI DSS audit for one of my clients. As is the way these days my client has outsourced their call centre to a company in Manila, and have also outsourced some application support to another company in New Delhi, India. The thing about PCI DSS is that if you outsource work, you can only be validated as compliant if your service providers are also compliant, which is what I had to check.

For a change I wasn't traveling on my own this time. Brad from my client's security team came along with me. It actually worked out quite well as he, like me, likes a beer (or two) so we got on great. The only problem was he's an Arsenal fan ;-)

We left Brisbane on the Monday morning and flew to Singapore. We had a couple of hours at Singapore Airport and then flew to Manila. Singapore Airport has got to be one of the best airports in the world. With free wi-fi and xbox 360 the time can really fly!

The first thing I noticed about Manila was the traffic. It's by no means the first country I've visited where traffic laws seem to be non-existant but it was still a sight to behold. Talk about everyone for themselves. Surely if someone just sat the country down and explained to them that if they only followed a few basic rules of the road they would all get to their destination a lot quicker.

The second thing I noticed was the security. As well as seeing police on every corner I was surprised to find that to enter our hotel, the Holiday Inn, we had to pass through a metal detector. It wasn't just our hotel it was like that everywhere. Not just the hotels but the Malls as well. And boy are there a lot of malls! As well as the metal detectors pretty much all of the shops had guards on the door, many of them armed. It was a bit disconcerting walking into Starbucks with two armed guards on the door.

I really wasn't expecting that level of security everywhere. After all the Philippines is predominantly a Catholic country so hasn't had the problems that other countries in the region have had such as Indonesia. I questioned one of our contacts in Minala about the situation and he just answered "Well, it's an election year". Reading up on it now I see that the Philippines has had a history of trouble with militant groups so the heavy security everywhere is an effort by the Government to remove this threat. The policy seems to be working.

Work-wise the Manila visit ended up being a waste of time. The first thing I have to do when I start an audit is to properly define the scope. The scope for a PCI DSS audit in simple terms is any system that processes, stores or transmits cardholder data. However, it's not quite that simple. What many of my clients have trouble understanding is that I may have to include other systems within the scope of my audit that have nothing to do with processing credit card data, if those systems have not been completely separated, at a network level, from the systems that are in-scope. It's got to be proper network segmentation which usually means using a firewall to control traffic between networks and network segments. As an auditor I can't just take their word for it, I have to do a physical inspection of the network and firewall configuration to verify that they have indeed separated their cardholder data systems from the rest.

So this is usually the first thing that I check. This sets the scope for the rest of the audit. If everything's properly segregated then I may only have to look at a couple of systems. But if they haven't implemented network segmentation then their whole network could be in-scope and I could choose to sample as many systems as I like. When it comes to sampling it all depends on what confidence I can get that they've secured their systems in a standardised way to the same level. For instance, if they've got 50 PC's that they all build with an identical image and they apply the exact same security to all 50 and the users haven't got rights to change any of the settings, they I may only need to sample one PC. On the sample principle, if they build all their PC's, servers, routers, etc independently with different settings then I may need to choose a large sample.

I always try and warn clients about the rules regarding scoping and sampling as I often end up having a battle when I tell them I need to audit a system that has nothing to do with processing credit card data.

Anyway... The reason the Manila visit ended up being a waste of time was because their security team at their US headquarters had a problem with me looking at their firewall and servers. Not sure what they had to hide. They had plenty of advance notice of our visit so I really don't know why the issue couldn't have been sorted out before I arrived. We spent two days waiting while the local Managers in Manila tried to negotiate with the team in the US to allow me access. We even put our flight out back 24 hours to give them more time but in the end it still wasn't sorted out. I did what I could so the trip wasn't a complete waste of time. I audited some areas which I knew would definitely be in scope whether I looked at the firewall or not. But in the end no firewall access means I couldn't determine the scope which meant I couldn't complete the audit.

In the mean-time while this was all going on we had a couple of cracking nights out in Manila. The nightlife there really is quality.

The first night we just went out to a local restaurant called the Banana Leaf, where, as the name suggests, you eat your meal off a banana leaf. After that we went to a local bar which had had some live entertainment. After a band, a group of women calling themselves the Mucho Girls came on. They were like a Filipino version of the Pussycat Dolls. And you know what, they were really good!

The second night we had out in Manila we went to the Hard Rock Cafe. This is a bit of a thing for me going back to my Navy days. Whenever we were in a major city around the world we always headed for the Hard Rock Cafe. Don't ask me why.

Unlike most Hard Rock Cafe's I've been in around the world this one wasn't full of shit-faced sailors. What it was full of was middle aged and older men, mainly Americans, with young Filipino girls that they had purchased for the evening/day/week, or in one case according to a guy Brad talked to, 3 weeks. It was all a bit sad really. We were just happy to play pool.

There was one thing about Manila, and the Manila Hard Rock Cafe was representative of this, that set it apart from all the other places I've visited in the world - namely the amount of staff. Being the 12th most populated country in the world there are a lot of people, and in Manila they seem to go out of their way to give as many people as possible jobs. Unnecessarily so in many cases.

Wherever you go in Manila there seems to be more staff on than really necessary. You go into a shop and there's often more staff than customers. In hotels and office buildings there seems to be a porter in every lift. In the office buildings I visited there were not only guards on the building reception but there were also guards on the entrance doors to every floor. Now this makes for great customer service. Sometimes it can be a little annoying though, like in the shops when you're browsing (the exchange rate makes Manila a great place to shop) and the staff, thinking they're being attentive, follow you around everywhere and stand at your side when you're looking at stuff. If you reach to take an item of clothing off a rack, for instance, they'll try and beat you to it so that their customers don't have to go through the indignity of having to take clothes off of a rack themselves. It's all very bizarre. They must be the friendliest people in the world though. You lose count when walking through a mall of how many times you hear "Hi Sir", "Hello Sir", "Good Morning Sir".

In the case of the Hard Rock Cafe, this over-staffing issue resulted in us having our very own guy to look after our pool table. We didn't ask for him he was just assigned to us as soon as we started playing pool. He'd rack the table for us. If the white went down he'd retrieve it for us and replace it on the table (I was slightly disappointed he wasn't wearing a white glove and didn't inspect and dust the ball each time before replacing it), and each time we needed a drink he'd happily go off to the bar to fetch us another. This was all to easy. All, I should say, for less than $1 AU a game.

About 12 pints later when we realised we were struggling to hit a ball straight we went through to the other room to have a meal and watch the band.

When we were playing pool there was this great band on TV. They were doing cover versions of Black Eyed Peas songs and other recent hits. They were that good that at first before glancing at the TV I didn't realise that they were a cover band. It took me ever longer to realise that the band on TV were in fact playing in the room next door. I'm a bit slow on the take-up these days.

So we went through and had something to eat. The band went off and then who should come on stage... none other than Manila's very own Mucho Girls. They were following us!

The next day I felt very ill. Before you think it was really unprofessional of me going out drinking when I'm working the next day, in my defence we didn't have to start work until the afternoon. None of the staff were available to speak to me before the afternoon. I think they must be working on US time or something to align with their US counterparts but they started work in the afternoon and worked through until really late.

At first I thought I just had an hangover. I had stomach cramps and the runs and just presumed it was something to do with the lake of beer I had consumed the night before. When I was still the same 24 hours later I realised it probably wasn't the cause of the beer. I was ill for the rest of the trip and then some.

We left Manila on the Friday and headed to Singapore for the weekend. The client very nicely put us up in Singapore for the weekend so we could fly straight to India ready for Monday.

As soon as I got the hotel I went straight to bed as I felt awful. I still had stomach cramps but then I started to get cold sweats. I couldn't get warm. I had the air-con turned off (it was over 30 degrees and 100% humidity) and the quilt doubled over on top of me but I couldn't stop shaking. I finally got off to sleep and woke up the next morning feeling a little better. Through the night I had sweated that much that the bedding looked like someone had soaked it in a bath and then crumpled it up in heap on the bed.

It was nice to have the Saturday to chill out and not do anything. I was determined to not let the side down and get myself right so I could have a night out with Brad that Saturday night.

Before the trip, on the advice of the client, I had been to the Travel Doctors to get a load of shots (6 in all) for India, and they also gave me a 'Gastro pack'. This is basically a travel pack containing anti-biotics, re-hydration tablets, etc and a travel health booklet. I took a few tablets through the day and just drank water, and come the evening I felt much better. There was no way I was going to miss a night out in Singapore.

To start the evening we did the touristy thing and headed to the Long Bar at the Raffles Hotel for a Singapore Sling. I had been to Singapore with Rach and Lauren before but having Lauren with us we never made it to the Long Bar.

I must say I'm not usually that bothered about cocktails but the Singapore Sling tastes amazing. We had two of them, although when we got the bill we had a bit of a shock. $24 each, i.e. per cocktail!

We then took a rickshaw down to the Riverside - Clarke Quay and Boat Quay, where there's a large collection of riverside restaurants and bars. The poor guy sure worked for his money cycling with us two on the back. He had a right sweat on by the time we arrived. He also tried to charge us a fortune for the privilege. We haggled him down to a reasonable price but it still would have been cheaper getting a taxi. We also looked like a gay couple on the back of the rickshaw being given a guided tour of Singapore!

We started off at a pub and watched a bit of Premier League footie, and then chose a Japanese restaurant to get some scran. The food was great but I couldn't eat that much as I still felt like I'd been kicked in the stomach.

In hindsight drinking alcohol while I was still clearly ill and after taking anti-biotics wasn't a good idea. The next day the runs had returned.

We had an early evening flight to India on the Sunday so went for a whistle-stop tour of Singapore on Sunday afternoon to take a few pics.

I really like Singapore. It's not as cheap as the Philippines, Thailand or other parts of South East Asia but you also don't get any of the traffic chaos and you don't risk damaging your digestive system when you go for a meal. In fact, they drive better in Singapore than they do in Brisbane. It's all very civilized. The strict health and safety laws in Singapore also means that all of the restaurants and other food retailers must display a health certificate grading it from A to D.

It was a little bit different to New Delhi, that's for sure.

It was my first time in India - my only prior knowledge of India mainly from watching Slumdog Millionaire. I know Slumdog Millionaire was mainly set in Mumbai but that film made it look like paradise compared to what I saw.

Immediately from arriving at the Ghandi International Airport I knew we'd be in for a culture shock.

We had been assigned a driver by the company we were visiting so on exiting the Arrivals lounge we looked for our names amongst the huge group of signs being held up by other drivers. We slowly walked past them all but couldn't see our names. We hung about outside for a while figuring he might be running late and every now and again went and walked the line of drivers holding signs to check we hadn't missed ours.

We thought about just getting a taxi but when I went to try and find the taxi rank all I could find was mini-cab drivers. I couldn't find any official taxis or even taxi rank like you get in most city airports.

After a while a couple of Indian guys approached me and asked if I needed help saying they had noticed that we'd been waiting ages. Obviously I was a bit wary of a couple of strangers approaching me out of the blue for no good reason and held on tight to my luggage. Well, you hear stories don't you! They were actually really friendly. They told me they were Australians and advised me never to get one of the mini-cabs as you never know where you might end up. They also told me that our driver might be waiting for us at the other exit. What! There are two exits! I couldn't believe it. We had been waiting about an hour by that time without realising that there was a second exit. It was also well past midnight.

We toddled off to the other exit and sure enough our driver was there holding the sign. He didn't look very happy. We realised later in the trip that that was just his face. As we approached him he put his hand out so I reached my hand out to shake his hand but what he was actually doing was reaching out to take my bags. I did feel like an idiot!

It took nearly an hour to get to our Hotel which was in Noida, an industrial and business area north of New Delhi, chosen for the proximity to the company I was visiting. As it was dark I couldn't really see much of our surroundings.

We stayed at the Park Plaza Hotel in Noida. The hotel was really nice, as nice as any I have stayed in. I can't quite say the same about the location though.

When we arrived at the airport the first thing I noticed was that the visibility in the terminal didn't seem quite right. It seemed really smoky. I couldn't really smell smoke but there was definitely something in the air. I presumed it was just smog that had infiltrated the airport terminal. Again when we got to the hotel the hotel also seemed to be full of smog. This time it did smell more like smoke though.

The next morning I woke up and opened the curtains to get my first proper glimpse of India and the result was nothing. Zero visibility. It was like a thick cloud had descended and smothered the entire city. I presumed this was really bad smog. With a population of 12 million in New Delhi I was half expecting it.

I was wrong. Later in the day it started to clear, and I spoke to our hosts who told us that it was fog. It happens every year in that region of India about the same time. The smoky smell I was getting in the hotel was just due to the fact that it's not a non-smoking hotel. They don't even have any non-smoking rooms. Every morning that week there was zero visibility until the fog cleared later in the day. It's a good job we had evening flights as all planes were grounded in the morning.

When the fog eventually cleared this is what I saw out of my hotel window:

IMG_0081

Not exactly the Taj Mahal.

Although the hotel was luxury it was quite a shock to find it was situated smack bang in the middle of a residential area.

As we left the hotel to head to the office the sights and sounds were overwhelming.

On the sides of every road were tents and corrugated iron shelters housing people. Many of these were across the road from relatively wealthy homes. The contrast between rich and poor living side-by-side was startling. People seem to do everything at the side of the road. They live at the side of the road, eat, sell goods and inevitably shit and piss at the side of the road. We lost count of the amount of people we saw happily taking a piss at the side of the road.

Besides the road-side dwellings there were also plenty of slums that seemed to sprawl all over the landscape.

The roads were also an experience. We thought Manila was bad but that was nothing compared to India. At least Manila had things like traffic lights, even if most people ignore them.

The roads were full of potholes and no one stuck to a lane. In most cases there weren't any proper lanes. The traffic pretty much crawled everywhere. Every now and then we'd get going and then we'd suddenly have to stop for a cow in the middle of the road. Every time we did stop we'd get old ladies or kids, no older than Lauren, running out tapping on the car windows begging.

I really felt awful. I wasn't sure whether I should give something to them or not. The driver made a point each time we left the hotel or office of immediately using the central locking to lock all the doors and made sure all the windows were fully up. Much like Manila, security in Delhi is taken very seriously. I couldn't help feeling guilty all the time I was there. Seeing all that poverty really puts things into perspective. In Britain and Australia people moan about being poor but even the poor have a proper roof above their head and get at least 2000 calories a day. The poor in Britain and Australia just have to shop at Netto (just kidding).

So was this a life-changing experience making me want to give up my capitalist materialistic ways? Maybe for a couple of days... and then I saw the Apple iPad announcement!

Throughout our trip there were regular power cuts. Both at the hotel and office there were regular power interruptions. The office had their server room on a UPS (Uninterruptible Power Supply) as is normal for most companies, but they didn't extend this to the office environment. I'm surprised half of the equipment isn't fried. We had a morning of repeated power cuts in Brissie a few weeks ago which has resulted in knackering our fridge/freezer and our DVD player.

On our first evening in India our hosts took us out for a meal. We went to a place called the Kebab Factory. My stomach was still in a precarious state but when in Rome and all that. I could hardly go to India and not have an Indian meal. There are two choices on the menu at the Kebab Factory - Vegetarian and Non-Vegetarian. Being a carnivore I chose none-veggie. The way it works is they bring you out a starter to try, and then another one, and then another one, and so on until you're about 20% past full, and then they start on the main courses. Pretty much everything was spicy, ranging from warm and tingly to Nuclear.

It wasn't even my first curry of the day. When it came to Lunch at the office I was auditing, our hosts led us into a room where a chef had prepared a small curry banquet just for us.

Normally I would love this. I do like a good curry but by this time I'd already had a good 4 days of running to the toilet. I ate it, I didn't want to offend our hosts after all, but with every mouth-full I was dreading the impending explosion in my bowels.

The curries in India are not like the ones I used to eat in the UK. Some of the curry houses in Australia are a bit closer to the real thing. The main difference seems to be the sauces. They don't use so much of the thick gravy sauces like you get with the traditional British curry.

On our second day in India (Tuesday) we had a day off due to it being Republic Day. Incidentally it was also Australia Day; a public holiday for pretty much the same reason (independence from the colonial masters).

We was hoping that we might be able to make it into Delhi for the parades. We had no chance though. The security was really tight. We would have needed to have booked tickets week in advance. We couldn't get anywhere near the centre of Delhi due to the security. All the news channels and papers were speculating about the possibility of a terrorist attack.

I watched some of the parades on TV. For the most part it was a parade of their Armed Forces. Much like the old Soviet Union and China, they like to parade their ballistic nuclear missiles down the road.

Instead of going to the parade our driver took us to the Mall. When we got there it was pretty much empty, most people were probably still at home watching the parades. That soon changed in the afternoon. It was heaving!

We did some shopping and had some lunch. The malls in Manila and India are just as good as you get in any western country, but the prices are amazing. It just goes to show how cheap they can make the goods for and how much markup we have to pay in Australia.

When we left the mall a few hours later we expected we'd have to ring our driver to come and pick us up. We had him mobile number. But no, when we exited the mall we found that he was still sat there patiently waiting for us. He'd been there all the time. Poor sod. It was great having our own driver the whole time we were there so we made sure we gave him a good tip at the end of the stay.

The hospitality we received in India was faultless. Both the company and the hotel we stayed in even went as far as giving us gift-wrapped gifts when we left.

In the end, the India visit also seemed to be a bit of a waste of time as well. As I discovered, the only reason they are in scope is because they have the ability to access a table in a database which contains card numbers. They have no reason whatsoever to access that table. Once my client sorts out the table by rendering the card numbers unreadable (e.g. encryption or truncation) as they must do to be PCI compliant, and then remove access to the table, then the Indian company will not need to be audited.

The flight back from India was quite a trip. To save a bit of money my client had us returning via Dubai and then Singapore with Emirates, rather than going straight back via Singapore with Singapore Airlines, who we flew with on our outbound trip. All in all the travelling time was 24 hours (with a 4 hour stop in Dubai and 2 hours in Singapore). To make it worse it was a night flight from India to Dubai so we'd already been up all day. By the time I got home we'd been up for 48 hours and i'd spent most of the journey burning up and feeling like shit. I was worried that when we got to Brissie they might have the SARS scanners in place looking for people with fevers and I might get quarantined. In my own town!

It looks like I may be going back to Manila again quite soon. I don't think I'll need to go back to New Delhi. I loved Manila and Singapore but New Delhi was probably not the best introduction to India. The people are lovely but I'm not sure I'd want to holiday there. Saying that we didn't really get too see that much of the city. We didn't even see any of the final preparations for the Commonwealth Games.

That two weeks was the longest I've ever spent away from Rach and Lauren. I love traveling and I'm grateful for the opportunities that my job brings. But it is nice to get home again.

More trip photo's on Flickr (I've made the pics Public so no need to log in).