I started to talk about this in a response to the last post here.

I am seeing this trend of organisations with false and mis-leading promises being targeted with our industry’s ire, and as I said, rightly so but is the focus blinkered? I think so…..the easy targets are being hit while others continue to get away with it over and over again.

ScanAlert seems to be one of, if not the most hated products/services by people in our industry. Just look at most security bloggers pages and you’ll see pretty much a consensus of people’s opinions of it. See latest post here for example.

There’s plenty of individuals in our industry who put their thoughts out there and get attacked (when deserved) for it. I know I do. Individuals are easy to target!


Watch the Lifelock ad on the site as it scrolls through. :-) Story at ha.ckers.org.

From the story in Yahoo! News.

Another one to add to the list of failed magical solutions? You have to take any promises of total security with a grain of salt. See recent posts about ScanAlert and the links within the links. (Aside: Is this the most hated product/service in the IT Security industry?)

But then again, we have the old Symantec Guarantee. Posted here again for your viewing pleasure and evidence requirements for any legal action you may ever contemplate. (Though by clicking on the software agreement when you installed it, you probably signed away all rights you had anyway, but worth a shot!)

Hot off the press from Patrick who sent me this one: Telstra distributes malware-infected USB drives at AusCert.

Thanks to all the people that have been reading my posts on AusCert and those people who have been sending me emails about the posts and their AusCert experience. I was going to close it off with yesterday’s post but I’ve been asked a few times now to add some final thoughts. So here we go:


I can see many “sore” heads this morning walking around, but then again, that’s pretty standard throughout AusCert. The dinner last night (Tuesday) was pretty good and great to catchup with people. Always enjoy my time with my mates at TrustDefender. (Blatant promo for the guys. They will do well and I highly recommend you check them out).

Here we go:


Now I am only covering so much in my posts, but Patrick Gray’s podcasts are well worth a listen to get deeper into the AusCert conference:


Posted in: Uncategorized

What a weird start to the day…Keynote speaker is John Stewart from Cisco but before he starts, the MC (AusCert dude), looking very sombre, tells the delegates that he has read stuff on Blogs talking about AusCert day 1 and also the lack of local content versus overseas presenters after the first day. He seems really upset by it. “Gees!”, is he talking about me? Or this? I cringe and then I think, hell yeah…..if me, good!…if not me……Good! If this is the wake up call you need, then whoever did it, it may well be worth it to get this conference (and organisation) back to reality! (Personally, I have nothing to do with AusCert and neither do any of my clients….I have no idea of their relevance….I have no idea why I do not! I run a team of security consultants and researchers and none of them do either!) But that’s another story.


Posted in: Uncategorized

There’s some interesting links also within the following posts at 0×000000 (and yeah, some backwards and forwards between sites):


Interesting that the mainstream IT press hasn’t really picked up on the latter.

Okay, I don’t have great expectations of AusCert conferences as most know. They’re a great junket and the social side of things is fantastic. Content though is usually ordinary with only a handful of presentations worth remembering.

I was looking forward to seeing Scott Charney’s “Enabling End to End Trust” keynote given recent discussions about his paper since it’s release. Scott: Impressive background, impressive presenting skills, but gees, if you’re going to travel half-way around the world to talk about your End to End Trust, talk about it!


Posted in: Research, cyber crime

It would be really sad for the Australian and New Zealand security community if we did not have Ruxcon and Kiwicon, (and OWASP this year I here was pretty good).

Just thinking about this as I head up to another AusCert conference on the Gold Coast. It’s not that we lack security conferences here in Australia and some of them are even okay……rare few though that don’t wheel out the same old people rambling on about the same old topics and working on their own self-promotion.


Posted in: Research

As I mentioned before, we’re putting together a Blog Directory of Australian and New Zealand security bloggers and independent news sites. So far, not so many, but if you’d like to be on the list, email me or get me through the “Contact Me” section of the website.

Posted in: news

Older Posts »