This is an interesting take on Vista from CNET; “Why Microsoft must adandon Vista to save itself“.

Maybe Philippe Courtot’s prediction is not as out there as some would think.

Related post:

Posted in: Bad Stuff, news

It will be interesting to see if this attempt to settle is the end of the TJX saga. Somehow I think not but who knows.

And, for “All Customers”, the following:

“TJX will hold a future, three-day Customer Appreciation special event in which prices at all T.J. Maxx, Marshalls, HomeGoods, A.J. Wright stores in the U.S. and Puerto Rico and all Winners and HomeSense stores in Canada will be reduced by 15%. “

I’m serious….have a read through the link……you couldn’t make this stuff up!

This was an interesting story this week:

It made me think, have antivirus products gotten any smarter?

I remember in the early days of computer viruses (early 90s) when antivirus products had signature recognition and/or CRC checks against files. (Gees…have things changed or do we have less now?) Remember the “heuristic detection” claims?

A product called Victor Charlie emerged that should have been a disruptive technology but for some reason, never made it. (Read: VHS vs Beta etc etc….same old story). We actually deployed it country wide at the company I worked for at the time (in combination with the usual signature based scanning just to be sure…as you did at the time).

The product was smart…far smarter in terms of approach/forward thinking than anything else we were seeing emerge from the main anti-virus vendors.

Now keep in mind, this is early 90s. This product would reside in memory and “bait” viruses – intercepting calls to interrupts 13H and 21C (gees, correct me if I got that wrong, it has been a while)…the calls that needed to made to either infect the boot sector or files directly.

Skipping ahead….it would then capture a string of the virus code, alert the user/admin and then store that string, enabling the admin to use the captured string within the scanning component of the package to scan for other potential instances in the environment….all on the fly.

Now the latter part, ie; capturing a string of code to use on the fly in a new scan was not perfect but gees, that ability to detect an unknown virus by way of the “baiting” technique at the time was brilliant.

It just never took off. Far ahead of its time and the dudes that developed it, I have no idea what ever happened to them; Bangkok Security Associates. Had these guys succeeded, I wonder if things may have progressed differently. (Yeah, I know the number of bits we work with now has increased but maybe the intelligence of the guys working on the protection side of things may have also!)

We’ve recently made it easier to respond to posts so hopefully that may encourage more people to post their opinions.

We’ve also just added a contact me link in the “About Me” section of the main page. I am very keen to get feedback and also hear from fellow security people, and those people who have their own blogs or just want to have a chat and expand their network of contacts.

In addition, we’re also looking for contributors to the site, so if you have something you’d like to share and you think BorB would be a good place, send it to me. I can’t guarantee everyone but I will read every submission and respond to you.

We are looking at expanding BorB and these things are our first steps. We value everyone who comes here so your thoughts, comments and ideas are most welcome.


Drazen Drazic

Posted in: news

From the Financial Review story by Michael Crawford, talking about the Deloitte 2007 Global Security Survey.

I’ve questioned the relevance and accuracy of such surveys before and I can understand why the local guys would be distancing themselves from this piece of work to a degree. Related post: . Don’t get me wrong….for some basic awareness, they’re not bad but as a definitive guide….hmmm.

Are standards dropping in the banks? I wouldn’t say that based upon our experience.

We do though see little to no improvement in the regulatory environment here in Australia that would further push stronger practices.

Anyway, the next “Big” survey will probably paint a different picture. :-)

A take on defining hackers, ethical hackers and penetration testers by Matthew Strahan (SA Consultant):

A short time ago there was a discussion here about the term “ethical hacker” versus the term “penetration tester”.

The term “ethical hacker” is thrown around quite a lot nowadays without any real concern of whether it’s accurate or not. When people ask what I do, I find that “ethical hacker” or “professional hacker” gets the point across much quicker than a full discussion of what a penetration tester or a security consultant actually does.

The interesting thing is that I don’t really like to think of myself as a “hacker” or “cracker” since those terms are fundamentally different to what a “penetration tester” does.

Though we may use similar tools to the hackers, we are by nature, defenders, and hackers are by nature attackers.

Lets look at the difference between attacking and defending. (more…)

Roses Only with a few problems at the moment in regards to credit card security

ABC News reports it as the first case of its kind in 5 years?! Really?

This will be an interesting one to follow.

Some big calls made here.

Gees, they’re busy those kiwis lately.

Police surveillance gone a bit wrong:

How good was this at the recent APEC Meetings in Sydney? Security at its finest! See the followups after the video for more of a laugh.

Older Posts »