Nice timing with the little muscle man picture. Hacker Safe not safe again. You’d think they’d learn but no…..

Everyone as we know should be using Symantec. They have the guarantee against “unknown and zero-day threats” as documented here.

Give us a flex dude!

The following is an enormous bitch about the PCI Security Standards Council. If you are sick of hearing about PCI DSS or reading about it from me, hit the “back” key now.

Securus Global/DD is industry focused so if this means I lose business because I piss off the PCI SSC, so be it! They’ve already cost me business because of how they operate. Before I rant, let me start with this from a couple of weeks ago; my last rant about them. Interesting responses! Also thought it was finally getting better at the end. Little did I know…….

Now for the latest in Fawlty Towers operations:


Just wrote about this on ITSecuritylink.

Posted in: Bad Stuff, WTF

We’ve just released the updated Securus Global website:

Since we changed our name from Australia/Asia Pacific to Securus Global, the response from our clients and the industry has been fantastic. Thank you to everyone.

We’ve tried to make the new site different and hopefully a site that provides you with information more than just our service offerings. The information in the side-bars will continue to evolve and to provide further industry information and help to businesses. Stay tuned to the site and hopefully consider Securus Global if there’s ever anything you need assistance with.

Drazen Drazic
Securus Global

Posted in: news

No surprise the Chaser dudes got off.

Previous post on this and full clip. This was a classic!

By Declan Ingram

PCI clearly states in requirement 10: “Track and monitor all access to network resources and cardholder data” And rightly so. It goes on to say “Determining the cause of a compromise is very difficult without system activity logs.”

It certainly is. Infact, for nearly all attacks where card data is at stake, it can border on impossible. Enterprise log management is hard. It is expensive, and there are few organisations that do it well. Not only that, but the organisations that do it well are also much more likely to have their general state of security much higher – meaning that (all things being equal) they are less likely to suffer a breach in the first place.

Talking today to a very successful business that came from the bricks and mortar ranks a few years back and now 90%+ of their business is online: the worry and real concern on management’s faces as to why they are now in a pretty scary position really made angry about so many “IT” businesses who supply “IT” services to these types of businesses.

Sometimes I am hard on the businesses themselves (and they deserve it), but there are times where they just do rely, depend and trust people in our profession to do the right thing by them….and they don’t!

What blows me away is:


Darren Pauli puts it our there at CW with his new Vent IT section (good stuff Darren!):

You can see if you squint really hard what they are trying to do but gees, it seems like they are [the government], swinging a bat in dark room hoping to connect with the “target” – not that they really know what the target is. In the meantime, connecting with all else in the room and doing some big damage and creating a mess. Bad analogy?

Somewhat related:

“The cloud… pretty!”….thanks Wade for pointing me to this one at loglogic. This opened up a bit of discussion between a group of us on this “security in the cloud” business. Thought some of the comments would be worth putting together.

Some of my thoughts were previously covered here also. Anyway, the following are some of our ramblings. Feel free to add your comments.


Maybe I should be nicer and say Security People vs. Security Vendor Sales guys. Two different worlds as we’ve talked about before and as we had a laugh about here with the Symantec Guarantee.

Security product sales guys can be dangerous to an organisation that takes on trust these products are going to be their security salvation. Remember this one? Happy to send the press release out but when actually questioned by Michael Crawford……no response! I got a nice wrap for this from Marcus Ranum and the boys at SANS at the time.


Older Posts »