Now BG is not leaving BorB….it’s just that BG thinks some of his stuff is too out there for even BorB readers, so he’s doing his own thing. Here it is;

Posted in: Uncategorized

This site changes with time but the man is the man.

Posted in: Too cool

The work produced by SANS and Qualys stands out as some of the best data produced on the state of security risks in most cases we allow ourselves to be exposed to. More on the data shortly. Just to clarify the statement, “we allow ourselves to be exposed to”; it is what it is. Organisations persist with doing the following:

I just read the “Special Issue: Security – How to protect corporate assets in a dangerous world”.

CW Australia, are you serious? What a load of nothing! A bunch of republished stories from the US and crap ones to begin with! Why?

You have guys like Darren Pauli and co. putting out some good stuff here in Australia, yet you publish rubbish from the US. (CW US publishes some good things but you dredged the bottom of the barrel for this issue).

Pg 20-21: “Are Security Pros Worrying About the Right Stuff?” – 2 pages of nothing that adds nothing to anyones knowledge.

Pg 22-25: “Burning Questions: NAC” – space filler?

Pg 26-28: “10 IT Security Companies to Watch”: What?..none in Australia or Asia Pacific? (Good for US readers but come on, give some support to the guys here!)

Yeah, we know that “IT Security” is the buzzword at the moment but give us something of substance and not the usual drivel to fill pages and make some CIOs feel like they’re on top of everything.

As reported by Patrick Gray in the SMH, this is a big one. Presented at Kiwicon, it does impact a lot of people/businesses. I won’t go into details either at present (I wasn’t there anyway) but you’ll know doubt get the info soon. (If you haven’t already through your own sources).

More presentation details –>

With announcements such as this one in Computerworld and ZDNet Australia, I wonder how much we have progressed. An old story from the mid 90s is interesting reading today; from Wired (circa 1994).

Since then, a score of ideas and businesses have come and gone. The dot com bust probably did not help most but floored business models did not help either. PayPal must standout for how it has entrenched itself and looks like being around for a while but who else apart from the traditional guys (Visa, Mastercard, Amex etc) are really competing and have potential to be major players? (Even these established players have had quite a few “ideas” that just went nowhere).

The principles remain the same – pay someone for a product or service. In turn, accept money for a product or service. Did some of the start-up failures overly complicate this basic principle? On the flipside, a new standard/market leader could relatively easily oversimplify the process and from a security perspective, further open up a raft of security issues to endanger economies and open up new opportunities for financial and cybercrime. Not that there’s not enough of this already.

No answers here but keen on people’s opinions on this.

Let me start by saying that many “experts” in our industry that I have spoken to also have a very strong opinion on this – many inline with what I am about to throw out there.

None have spoken out to my knowledge, given they feel they will be branded as conspiracy theorists and their reputations will be questioned and tarnished.

Are some “good guy” vendors doing “bad” things?

Kiwicon, New Zealand’s first hacker conference, took place in Wellington over last weekend. It was conducted with world class standard with great Speakers and smooth running from start to finish – our thanks go out to the organisers for all their efforts.

There were many familiar names, including Peter Guttman, Brett Moore, and Adam ‘Met1storm’ Boileau, as well as many first-time speakers who were warmly welcomed to the scene.

There were several presentations highlighting the effectiveness of old-school techniques against modern infrastructure, as well as introducing new techniques that are effective against legacy infrastructure.

And I bagged the Libs?! From the Sydney Morning Herald; “Schoolboy whiz helps draft Labor cyber policy

This has to rate as the stupidest thing I have read in terms of government (potential government) approach to our industry…..and I thought my last post on this had some of the dumbest stuff I have seen! Here’s the gist of this one:

“Tom Wood, the 16-year-old schoolboy who circumvented the Government’s $84 million internet filter scheme, has been enlisted by Labor to draft a sizeable chunk of its cyber safety policy.”

Good luck to the kid. He’s a star now.

Just when you think you’ve seen the dumbest shit you could, something always tops it!

If you’ve read BorB for a while, you know my thoughts on security surveys. I’d put the Beast or Buddha polls up against most of these surveys for relevance and informational value most times. :-)

So another has now been announced. See this Computerworld Australia story. 10 questions, as like most surveys, very subjective and final results providing what real world value? Look, anyone raising awareness of security issues, I do in a way congratulate them but lets try not to lose focus of the issues and the root cause of the problems we have. Just read the previous interview with MjR and map that against the survey questions and objectives. See my point? Anything new we’ll learn?

Not sure what the following quote was based upon from the story?!?!

“The risk is to remain vigilant and to not become complacent,” Warrilow said, adding the success of denial-of-service attacks and/or unauthorized penetration appears low.”

Does “vendor hype” actually reflect what is going on out there? Come on!

Anyway, I’ve given it some publicity, have a look for yourselves and become part of the statistics.

Older Posts »