As you know, we’ve retired this Beast. I’d like to thank everyone who read, contributed and supported “Beast or Buddha”. We’ll be back soon with something new. In the meantime, grab us at home base at Securus Global where we are continue doing what we do best!

All the Best
Drazen Drazic
22 September, 2010

Comments Off
Posted in: Uncategorized


As a CISO/CSO/Security Manager, you were hired by your organisation to perform a role. How many people go back to the advertisement they responded to and check-off what you are actually doing now, versus what the original role description stated the role would/should be?

I know talking with many people out there that this is one of their biggest issues in their role today – either the role not being as it was promoted/advertised and/or you not having the support to perform the role your were hired to do.

It’s made cynics of so many people in our industry and in a weird way, has also kept people, albeit unhappy in organisations longer, given the fact that there’s a belief that wherever security people go, it will be much of the same…..so at least, “better the devil you know”. This blog is full of posts, (since day 1 about the trials and tribulations of Information Security people) trying to do their job and battling every step of the way for even small gains. I won’t link to these posts….to many but have a search here if you want further references.

I’m not going to go over all the old issues again here. What I am going to put forward is another idea, that at a minimum, may provide Information Security professionals with a sense of worth, accomplishment and within their organisation, a position whereby an organisation can choose to accept professional opinion, views and recommendations – or not, but at least the Information Security professional can rest secure in a position of having at least gone on record from an overarching management, governance and strategic perspective. (The following need not only relate to the most senior Information Security person in the organisation – but anyone who holds to a belief that things should be better than they are now). Read on……

(more…)



Liverpool City Council has burned down. Reported here in the SMH.

Listening to the Mayor being interviewed on radio this afternoon; you get the sense that the data loss and impact will be huge. I don’t think she [the Mayor] seems to get what a problem they have. They believe they have backup tapes “from last Thursday”, but don’t seem to have computers to restore them to. They believe they’ll have *a* computer in a temporary office, “but no email”.

Listening to this, I just thought, what a f**king disaster! What genius decided that a DRP was not worth having? (Unless of course this has all been reported incorrectly). If not, this will be a great case study.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.



- Wayne from Securus Global did us proud at the DefCon Social Engineering CTF Tournament in Las Vegas recently. It picked up a bit of press coverage. Just a couple of examples from ITNews and InfoWorld. Really demonstrates how someone can target an attack and relatively simply (with the right training, know-how and expertise), own a company. Unfortunately, we don’t see many organisations doing this type of assurance and testing – nor have an interest in it. Keen on your thoughts.

- Louis from Securus Global was involved with the French team that blitzed it at the DefCon Hacking CTF. Both Wayne and Louis, along with other Securus Global team members will be doing a few presentations in Melbourne and hopefully Sydney soon on various topics including penetration testing, web application security, social engineering and others. Stay tuned to our website as we kick off again our series of Breakfast Briefs and Technical Sessions in Q4, 2010.

- This is pretty cool. The character in a new novel with a hacker as one of the leads is based upon Dean Carter. Reported here at ZDNet. Who’s going to play Dean in the movie will be interesting.

- Checkout the Australian Information Security Bloggers Directory and see what the local guys are up to.

- Local scene roundup here.

- In numerous links above, you’ll see Securus Global has a new website. It’s a WIP (again). Websites and website development is a pain. Too much information, too little information….can you win? We’re better at testing and breaking them than we are at making our own I reckon but that’s an old story. Would love to hear from people on their thoughts on which security organisation has a good website. Just curious…. :)

- With the election just around the corner, we can safely say that neither major party seems to have a clue about technology; the Internet, eCommerce and everything else related. Few if any issues and questions I have posted here will/are being addressed. I do ask again though, where has the money that Stephen Conroy promised, and has used in his marketing for the Internet Filter, ie; the millions for additional policing for child protection on the Net gone? Almost 3 years of hearing about it. No answers.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.



Let it “anger” the “Christian Lobby”: Coalition filter stance angers Christian lobby.

Would love to get some bible quotes to establish any precedence for their position. Anyone? :-) (Assuming you abide by, and accept that as “law”).

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.



The Cloud Security Alliance has announced a new cloud security certification here.

No attempted wit, humour nor sarcasm could do this justice so I will sign off now.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in: Dumb Security, WTF


Great to see the local scene just kicking on. So much going on now and no shortage of things to attend.

——————————————————————————————–
Ruxcon 2010: 20-21 November, 2010 (Melbourne). Details and CFP information:
http://www.ruxcon.org.au

Monthly Ruxcon meetings (Ruxmon) in Melbourne. Details:
http://www.ruxcon.org.au/2010-rmmm.shtml

Kiwicon 2010: 27-28 November, 2010 (Wellington, NZ). Details and CFP information:
https://www.kiwicon.org/

Owasp seems to be pretty active with monthly meetings (or almost now), regular events in Sydney, Melbourne, Perth. Contact your local city chapter for more information, or if there is up to date information on the Owasp website, could someone let me know? (I am on the mailing list).

AISA (Australian Information Security Association) membership is now over 1000. Sydney, Melbourne, Brisbane, Canberra and Perth hold monthly meetings plus social events and the Annual Seminar Day will be the biggest ever in 2010. With membership still only still $50, it’s worth having a look. Details on AISA and upcoming events for all cities:
http://www.aisa.org.au/

Australian Information Security Bloggers Directory and Twitter accounts here.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in: Research, news


Yeah….I ain’t…but I love this…but I never was….!

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in: Uncategorized


Release from ANSI. (I’ve included this as an FYI for Australian Information Security people). This link below has the content of the email sent out recently.

Related post regarding recent Australian Government activity here. Coordination? Focus? Lessons?

———————————————————————————————
White House Releases National Strategy for Trusted Identities in Cyberspace
http://www.ansi.org/news_publications/news_story.aspx?menuid=7&articleid=2576

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.



From memory, the co-sell with the Internet Filter by Stephen Conroy was a promise of additional funds for policing – cyber-protection of children. Have I missed something? Has any of this kicked off or is it just an ongoing promise as part of the ongoing Internet Filter promotion?

Previous posts: http://beastorbuddha.com/category/internet-filtering/

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.



Older Posts »