This from the Washington Post is some serious business. In the old days, you’d be a raving conspiracy theorist to say this was going on. Nowadays, it’s just done and reported. Double-edged sword or what? Billions of dollars? Gees….that is one big investment. How this is managed is going to be interesting to follow if we ever hear much about it again.
Posted in WTF, governance, news | No Comments »
For you non UK or sub-continent readers, sorry, I thought I would throw this out there. 2 dynastys that will always be compared…..I have thrown together what I think are the best two teams from their eras.
Posted in Uncategorized | 29 Comments »
Michael Crawford at MIS raises some valid questions about the usefulness of the government producing yet another guide on IT security for CEOs and CIOs in his post; Critical infrastructure in the crosshairs.
A few of these things were produced in the last 18 months around various security topics, but I haven’t met one person who had actually seen them or was aware of them. I suppose by producing something like this, they can always say that they’re onto it! (ie; the protection of our critical infrastructure). How good is the focus needs to be asked.
Posted in Dumb Security, Risk Management, cyber crime, governance | No Comments »
Taking a bit of time to reflect right now…..almost a long time that we’ve been around. Thank you to all our supporters. BorB is now the most read IT Security Blog and News Site in Asia Pacific!* (But….the majority of readers are in the US and Europe!)…….?!?!
*estimated figures based upon potentially dodgy analysis.
Posted in Uncategorized | 11 Comments »
ComputerWorld in the US recently picked up on the ScanAlert/Geeks.com story and it’s an interesting read from the marketing perspective – ie; if we have the logo, clients may be more inclined to use our site. We covered this in some detail in a recent post.
Bottom line is that most sites are insecure the day they go live. We’re never lacking content for website security topics as shown in the category listing.
Things are getting better but there’s still a way to go. Now, 20% of organisations we meet have developers that have heard of OWASP (as a starter)….far better than 2 years ago. This is the core of the problem…pumping out web applications that are developed by teams that don’t understand security. Then, possibly, thinking about them being tested well after the go live or after funny things start to happen (like credit card fraud).
It all comes back to basic good security practice and controls throughout the SDLC…..yeah, I know, I am preaching to the converted. Just funny how marketing spin can take the focus away from good security practice and controls!
Posted in Bad Stuff, Dumb Security, Risk Management, Vulnerability Management, Web Application Security, cyber crime | 1 Comment »
Based upon my experience, the J.C.Penny problem as reported here TechNewsWorld (and all other IT news sites) is more prevalent than some would imagine. I’ve lost track of the number of times I have seen and heard about missing storage media.
Most of the lost media does not get into the wrong hands. It just gets lost and probably gets tossed and destroyed due to the finders of it not having the means to read what is there. Saying that, it only takes one episode of someone finding the means to read it to cause big damage to the organisation that mis-placed their data.
Posted in Bad Stuff, Dumb Security, governance | 1 Comment »
The signs look bad for Mac in 2008 in regards to security, in my opinion. As 2007 came to an end, you could see throughout the year that Mac security issues were growing in terms of mainstream reporting (though numbers did not increase that much from 2006: http://secunia.com/product/96/?task=statistics_2007).
The expectation is that it’s only a matter of time before Mac users start to face issues that PC users have been for many years. The concern is; will Mac users be ready? Are they educated enough? To be honest, most probably are not….making them a prime target.
Posted in Bad Stuff, MAC Security, Vulnerability Management, cyber crime | 3 Comments »
Our old mate Morgan’s presentation is here at Patrick Gray’s Risky Business Podcast. Well worth a listen!
Here is the brief on the presentation:
Posted in Bad Stuff, Dumb Security, Firewalls, Vulnerability Management, cyber crime | 1 Comment »
ScanAlert recently were sold to McAfee as I posted here a while ago. Good luck to them! But seriously, running a basic VA test and selling that as a full blown website security review/solution was always a bit of BS! Marketing over actual ability yet companies get duped! How smart is this Geeks mob to think a logo on their website and a basic VA meant they were secure?!
Checkout this story about Geeks.com being hacked and have a look at the “Hacker Safe” logo on the site! LOL
Posted in Bad Stuff, Dumb Security, PCI, PCI DSS, Vulnerability Management, Web Application Security, cyber crime | 9 Comments »
Picked this up from RSnake’s site. Worth a look…this is part of a larger 20 minute documentary he says.
Posted in Bad Stuff, Dumb Security, Firewalls, IDS, Risk Management, Vulnerability Management, Web Application Security, cyber crime, governance | No Comments »
The rantings of Craig Chapman, Computer Forensics Geek.
Barclays Bank in the UK is reportedly revising its security practises following the rip-off of 10,000 pounds from their own Chairman’s personal account by a fraudster.
http://www.computerworld.com.au/index.php/id;732567044;fp;16;fpid;1
Not surprisingly, Barclays have ‘accepted liability’ and also reimbursed the stolen 10,000 pounds into the Chairman’s account. But what if it were you or I, the plebs of the world, who had suffered this loss?
Read the rest of this entry »
Posted in Big Galoot Diatribe, Industry Specialists Talk | 3 Comments »
Press Release/Announcement:
Security-Assessment.com Australia/Asia Pacific is now operating under Securus Global.
As has been reported in recent times, Security-Assessment.com New Zealand has been sold to Datacraft in New Zealand.
As I mentioned before, Security-Assessment.com Australia/Asia Pacific has not been sold out and our business operations, commitment to clients, our team and approach to the IT Security industry remain the same. It’s business as usual continuing to deliver the quality services we have become renowned for….but we are making a few changes.
The Security-Assessment.com Australia business, brand and name will now come under the Securus Global business as the specialist consulting services delivery arm of the business. http://www.securusglobal.com/
Posted in news | 7 Comments »
Yep, you heard that right. Background: one of few Windows systems we use cannot send any attachments with email. We try everything and narrow it down to McAfee’s product. Numerous emails to support were like talking to a brick wall…. but you got to love this comment from the McAfee dude (thanks Dec), who tells us that email is not intended for file attachments. Trust me, there’s no hidden context to this email. Gees….here’s me doing the wrong thing for the last 15 odd years. Check this out! (oh, and by the way, this is just one part of a large email trail to get the problem fixed…many more funny parts to it….Dec…you want to post them?)….BTW, we gave up in the end. 
Posted in Bad Stuff, Dumb Security, Ford Falcon, Too cool, WTF | 3 Comments »
The old adage, you get what you pay for I reckon comes back to haunt us security people more than many. It’s still more the rule than the exception so to speak in many organisations that IT security specialists don’t have a say or even better, the final say on what products or services are implemented into an organisation. We see it all the time.
Why did you buy that product or service? Response from IT Security Manager; “It was not our call in the end. We gave our strong recommendation but the CIO went with something else!”
Let’s call it how it is. Many CIOs and major decision makers/stakeholders outside of Information Security make a call on price vs. quality. They also make decisions on how well they have been “treated” and “sold” by sales guys. (Not saying our own IS guys don’t also fall into that category…but most times, many IS dudes don’t make the final call).
Let me expand.
Posted in Bad Stuff, Dumb Security, Risk Management, Vulnerability Management, governance | 1 Comment »
You have to wonder about how successful such initiatives like this to filter “inappropriate” content to Australians is likely to be:
http://www.news.com.au/heraldsun/story/0,21985,22989008-662,00.html
http://www.abc.net.au/news/stories/2007/12/31/2129471.htm
Posted in Bad Stuff, Dumb Security, Research, WTF, cyber crime, governance, news | 6 Comments »
