Enjoying this semi-holiday…..
September 28, 2008

Yeah, it’s tough at the moment…Sunday night in the far north of Australia. It took me a bit longer to get up here than I thought it would (sorry Frank…had hoped to catch up with you). That long lunch on the harbour though is on the cards when I get back!

Hitting the rivers soon I hope for some fishing and croc watching.

Getting into that “4 Hour Working Week” book but I reckon I’ll probably take some on board and be realistic about the rest of it. You just get some books after the event. :)

Audioslave pumping in the background as I try to go through emails….nice….Brother-in-law has two new tatts….encourages me to get another tomorrow. Lets see how it goes when the wine wears off. Stephanie did his dragon “freehand”….not sure if I am that brave….just trace the transfer for me I reckon…

Damn interesting and worrying to watch the US situation…..saw the presidential debate (even in Townsville)….personally thought McCain looked like another idiot of the last 8 years but I heard later most pundits thought he won the debate…..am sure I was not on any drugs and while Obama was not overly impressive, he still seemed to stand head and shoulders above this other guy who used words to BS just like his mate has done for 8 years. While not our problem here, it does affect us…..good luck America!

Comments (4)
Posted in: Uncategorized


I missed the party again this year…..
September 27, 2008

How was it? What did I miss at this year’s Global Security Week?

Comments (0)
Posted in: Uncategorized


There's a new credit card security standard called "PCI DSS"…
September 19, 2008

And, if you read what is written in Australia’s “My Business” magazine, it; “demands your attention”.

Scroll down to this gem here but you’ll need the hardcopy to really get the gist of this awesomely stupid and poorly researched article. Where has “My Business” been for the last 3 years?

There is just so much in this article I could comment on, but it’s just not worth it and most people here would gain zero from anything I have to add. Worth a read for a sad laugh though!

One I will mention is that there is a table in there which I see is Visa’s (from somewhere…see later) and that’s described as; “See the handy at-a-glance table included in the article appearing in this month’s My Business for an indication of PCI DSS compliance chores in relation to the annual tally of credit card transactions”

The source is: http://www.visa.ca/en/merchant/fraudprevention/ais/merchlevels.cfm

For any readers of “My Business”, please skip over this article. Talk to your acquiring bank and QSA if you need further information. I can’t understand what message they have tried to convey. They seem confused by it all. Please “My Business”…you are a source of valuable information to small business….look at some quality control on what you publish.

Comments (4)
Posted in: Bad Stuff, PCI, PCI DSS, WTF


Looking at reasons why data breach notification could fail – Risk Management Magazine story
September 17, 2008

This is a topic I’ve covered quite a bit and I was asked recently to write an article for Risk Management Magazine on this topic.

http://www.riskmanagementmagazine.com.au/

You can read it online pp 14-15. I would be interested in your thoughts and comments.

Comments (3)
Posted in: Disclosure Laws, Risk Management


Crazy 7 days…just wondering if I just noticed it or whether it's just normal….
September 15, 2008

It’s a full moon as I post this….kind of feels fitting. Sometimes people criticise me when I post off-topic stuff here….Funny how the hits to Beast or Buddha seem to multiply at times when I’m not talking IT security. I wonder sometimes whether I should just head down the path of passing opinions on the funny things in life I run into instead and become a Web 2.0 dude talking it. That stuff seems to interest people in our industry more at times than a post on the latest rant about someone doing something in our industry, which outside of our industry, no one seems to give a rats about anyway. Surprising that…. (he laughs).

(more…)

Comments (1)
Posted in: Too cool, Uncategorized


Government's Stay Smart Online program…Any Value? Anyone There?
September 12, 2008

Interesting to see the output so far of the work undertaken by AusCert as part of the Stay Smart Online program. I wasn’t even aware it had started, but we’re a couple of newsletters and alerts into it I noticed today. As discussed here previously, I have to wonder who’s using this service or even aware of it? Not sure I have changed my views on the value to the taxpayer…..easy money for some….need to get me some gigs like this!

Comments (5)
Posted in: Dumb Security, Research, WTF, cyber crime


Interesting to see how the various banks are positioned on this one.

From the feeds, CookieMonster nabs user creds from secure sites. Just looking at the responses to it.

Comments (0)
Posted in: Bad Stuff, Research, Web Application Security, cyber crime


You just have to let some business opportunities go….
September 11, 2008

Some companies need to do some homework on the people they’re hoping to go into business with. Had this mob taken some time to research Securus Global, and myself, they’d probably have realised that we’d have zero interest in working with them or promoting them to our clients.

Without mentioning names and in this case, who cares if it tarnishes the lot of them, they’re a “HackerSafe” type company that provides a “seal” for a company’s website that says it is safe from hackers (if the Nessus scan passes them).

Their website is dominated by the typical BS and testimonials that if their seal is on your website, your business will grow. All credit to anyone promoting some good practice but there’s a difference between that and false and misleading advertising. Anyway, nothing new here….we’ve been over all this many times before.

Just another tip to these guys. Your site has some pretty cool vulns in it….. :-)

Maybe you should engage Securus Global to fully test it for you.

Comments (0)
Posted in: Bad Stuff, Dumb Security, Vulnerability Management, WTF, Web Application Security


Center for Internet Security (CIS)?!
September 10, 2008

Gees, what planet have I been on? Never heard of these guys and they sound important by their title:
http://www.securityfocus.com/brief/814

Now I am worried I have missed something.

Comments (8)
Posted in: Research, WTF


The Big Galoot steps into the researcher vs. ZDNet Warz….
September 9, 2008

…..and gets censored and asked to “refrain from posting”.

The famous Big Galoot has now upset my favourite lady in IT security research, Joanna Rutkowska.

Though we don’t have the details of what was said given responses to her blog are checked and censored before being posted, we understand, she’s aware of the stuff in the forum here.

We’ve defended Joanna here in the past and if the Big Galoot has overstepped the boundaries of political correctness, well all I can say is…..he probably deserves everything he gets by not being allowed to post on Joanna’s forum ever again.

Big Galoot needs a wikipedia entry I believe. Just so people can reference the man who is the “Opinion” of this industry! (Some hooks don’t even need bait….do they BG?) :-)

Comments (3)
Posted in: Uncategorized


Older Posts »