Gees….the Mac OSX boys are copping a bit of a flogging on the Net now…..It’s like payback time! But is that fair?

It’s no surprise and you didn’t need to be old Nostradamus to predict it was going to happen. (Even I did!). But, the big heroes are now talking up what we all knew was the bleeding obvious! It was just a matter of time. Still, to be fair to Apple (and I use a Mac – 2 in total the office, all else….yeah, variations of Linux as primary machines for the guys and one failed 6 month Vista “experiment” which became Linux), they are not supported by a bunch of vendors helping to support their security! Okay, it’s only a matter of time…I know….but seeing something today on a test machine (Windows)….after many years…..scared me big time. I saw the Norton Antivirus screen!



These are well worth a look. From Ockham’s Razor:
http://bsdosx.blogspot.com/2008/03/ipv6-trix.html

Posted in: Research, news


It used to be a standout and bold new statement; “Compliance vs. Security – one goes one way and the other goes the other way and rarely the two meet – as they should!” People would think about it and go; “Yeah….wow…that is so true now that I think about it!”. How times change and this has now almost become accepted as fact?!

PCI DSS compliance is somewhat heading down this path. I am hesitant to say it is totally but the indications are not good. Given recent news about Hannaford and ongoing news about TJX and other breaches plus things we see in the industry ourselves, I thought it might be good to re-hash this one:

http://beastorbuddha.com/2007/09/05/pci-choosing-your-auditors-carefullypart-ii/



The rantings of Craig Chapman, IT Security Legend and good bloke.

I’ve previously drivelled-on about the time I was approached at a conference by a couple of computer forensic ‘experts’ from a global IT co.

If you believed their story, these guys were IT super-heroes. The only things missing from this pair of turkeys was their red capes, masks and tight fitting, lycra underpants (although I strongly suspect these were being worn under their tailored suits).

(more…)



This is a topic that is going to be covered again tomorrow in a post by BG. What can IT Security specialists actually really do when investigating an “incident”? Too many kid themselves that they can provide the client with the full service. As good as I think Securus Global is, I would never promote that we can do this properly ourselves without specialist guidance and advice from legals and police type people. Too many heroes out there think they can and that is dangerous. There’s a difference between an investigation and an “investigation” that would be used for a legal case.

Risky Business talks to Declan Ingram from Securus Global on this topic:
http://www.itradio.com.au/security/?p=64



The recent St. George Bank story shows how something can grow and become a bit blown out of proportion relative to the originally reported story. Some of the responses to the story on the News site demonstrates a lack of understanding some people have that drives fear in the community about doing business on the Net. Is this one a storm in a teacup? (I know I am critical at times about things we see, but on the flipside, sometimes perspective is tainted by underlying fears that have no direct correlation to the topic at hand).



If you are not aware of the Australian Information Security Association (AISA), please do consider joining. (AISA is a non-profit volunteer run organisation aligned to no vendors).

Becoming a member makes you part of Australia’s largest association of Information Security professionals. Membership gives you; monthly meetings/presentations (from industry specialists and peers), interest group participation, member forums, social events, enormous networking opportunities in person and online, opportunity to participate in industry strategy, monthly newsletters and other updates, plus other side benefits such as discounts and/or free entry to industry events and conferences. More Information.

The annual membership fee is only $50 at present and for all members who join before June 30, 2008, your membership will be valid until June 30, 2009! If you have any questions, contact AISA or myself. To join, you can do this online.

I am posting this as part of the AISA National organising committee.

Posted in: news


I like Jennifer Leggio’s idea so much, I thought it might be a good one to explore here in Australia/NZ/Asia Pacific. (Thanks to Wade for the original link and cmlh for his support). (Possibly then pass on bulk updates to Jennifer if she’s keen).

So, either respond here, the forum post, the contact me or direct email if you want to be added to the list. We’ll link the directory from the main page and hopefully build more of a community around the blogging dudes here in our region and regular BorB readers.

Posted in: news


New Columnist: Donal O Duibhir

Why do we beat our heads against brick walls? Is it a form of mass masochism in Information Technology? Who built the walls? Who architected the building, and did they realise the building was supposed to travel in time like Doctor Who’s tardis while repelling alien invaders? …all the while the owners, masters and operators changing every so often without leaving enough intellectual property in the form of documentation or related artefacts… Why is this?

(more…)



Will we in 10,20,30 or 100 years time look back at what some of the big vendors throw at us now and compare it directly to the old snake oil days. (Thanks SFB in the forum). (Take anything in the link as you would with anything on the net and check the sources yourself….my point being the sales techniques…)



Older Posts »