Yeah, it’s tough at the moment…Sunday night in the far north of Australia. It took me a bit longer to get up here than I thought it would (sorry Frank…had hoped to catch up with you). That long lunch on the harbour though is on the cards when I get back!

Hitting the rivers soon I hope for some fishing and croc watching.

Getting into that “4 Hour Working Week” book but I reckon I’ll probably take some on board and be realistic about the rest of it. You just get some books after the event. :)

Audioslave pumping in the background as I try to go through emails….nice….Brother-in-law has two new tatts….encourages me to get another tomorrow. Lets see how it goes when the wine wears off. Stephanie did his dragon “freehand”….not sure if I am that brave….just trace the transfer for me I reckon…

Damn interesting and worrying to watch the US situation…..saw the presidential debate (even in Townsville)….personally thought McCain looked like another idiot of the last 8 years but I heard later most pundits thought he won the debate…..am sure I was not on any drugs and while Obama was not overly impressive, he still seemed to stand head and shoulders above this other guy who used words to BS just like his mate has done for 8 years. While not our problem here, it does affect us…..good luck America!

Posted in: Uncategorized


How was it? What did I miss at this year’s Global Security Week?

Posted in: Uncategorized


And, if you read what is written in Australia’s “My Business” magazine, it; “demands your attention”.

Scroll down to this gem here but you’ll need the hardcopy to really get the gist of this awesomely stupid and poorly researched article. Where has “My Business” been for the last 3 years?

There is just so much in this article I could comment on, but it’s just not worth it and most people here would gain zero from anything I have to add. Worth a read for a sad laugh though!

One I will mention is that there is a table in there which I see is Visa’s (from somewhere…see later) and that’s described as; “See the handy at-a-glance table included in the article appearing in this month’s My Business for an indication of PCI DSS compliance chores in relation to the annual tally of credit card transactions”

The source is: http://www.visa.ca/en/merchant/fraudprevention/ais/merchlevels.cfm

For any readers of “My Business”, please skip over this article. Talk to your acquiring bank and QSA if you need further information. I can’t understand what message they have tried to convey. They seem confused by it all. Please “My Business”…you are a source of valuable information to small business….look at some quality control on what you publish.

Posted in: Bad Stuff, PCI, PCI DSS, WTF


This is a topic I’ve covered quite a bit and I was asked recently to write an article for Risk Management Magazine on this topic.

http://www.riskmanagementmagazine.com.au/

You can read it online pp 14-15. I would be interested in your thoughts and comments.



It’s a full moon as I post this….kind of feels fitting. Sometimes people criticise me when I post off-topic stuff here….Funny how the hits to Beast or Buddha seem to multiply at times when I’m not talking IT security. I wonder sometimes whether I should just head down the path of passing opinions on the funny things in life I run into instead and become a Web 2.0 dude talking it. That stuff seems to interest people in our industry more at times than a post on the latest rant about someone doing something in our industry, which outside of our industry, no one seems to give a rats about anyway. Surprising that…. (he laughs).

(more…)



Interesting to see the output so far of the work undertaken by AusCert as part of the Stay Smart Online program. I wasn’t even aware it had started, but we’re a couple of newsletters and alerts into it I noticed today. As discussed here previously, I have to wonder who’s using this service or even aware of it? Not sure I have changed my views on the value to the taxpayer…..easy money for some….need to get me some gigs like this!



From the feeds, CookieMonster nabs user creds from secure sites. Just looking at the responses to it.



Some companies need to do some homework on the people they’re hoping to go into business with. Had this mob taken some time to research Securus Global, and myself, they’d probably have realised that we’d have zero interest in working with them or promoting them to our clients.

Without mentioning names and in this case, who cares if it tarnishes the lot of them, they’re a “HackerSafe” type company that provides a “seal” for a company’s website that says it is safe from hackers (if the Nessus scan passes them).

Their website is dominated by the typical BS and testimonials that if their seal is on your website, your business will grow. All credit to anyone promoting some good practice but there’s a difference between that and false and misleading advertising. Anyway, nothing new here….we’ve been over all this many times before.

Just another tip to these guys. Your site has some pretty cool vulns in it….. :-)

Maybe you should engage Securus Global to fully test it for you.



Gees, what planet have I been on? Never heard of these guys and they sound important by their title:
http://www.securityfocus.com/brief/814

Now I am worried I have missed something.

Posted in: Research, WTF


…..and gets censored and asked to “refrain from posting”.

The famous Big Galoot has now upset my favourite lady in IT security research, Joanna Rutkowska.

Though we don’t have the details of what was said given responses to her blog are checked and censored before being posted, we understand, she’s aware of the stuff in the forum here.

We’ve defended Joanna here in the past and if the Big Galoot has overstepped the boundaries of political correctness, well all I can say is…..he probably deserves everything he gets by not being allowed to post on Joanna’s forum ever again.

Big Galoot needs a wikipedia entry I believe. Just so people can reference the man who is the “Opinion” of this industry! (Some hooks don’t even need bait….do they BG?) :-)

Posted in: Uncategorized


Older Posts »