We’ve just added a couple of new forums to Beast or Buddha:

- PCI DSS Discussion Forum
- Security Testing Discussion Forum

A few people have asked for more focused forums and we’re happy to oblige and see how they go. Please hop on, have a look and don’t be shy to post. (It only takes about 10 seconds to sign-up!) Lets see how they go.

To enter the forums, follow the link:
http://beastorbuddha.com/forums/index.php

Posted in: Uncategorized


Over at D’s site, Ockham’s Razor:
http://bsdosx.blogspot.com/

Worth as I’ve said before going through some of his archives also.

Posted in: Research, Too cool


By straxd

So Australia’s apparently getting filtering technology that’s mandatory for anyone who accesses the Internet.  Links about it are growing. Some examples are here, here and here.

In summary, it’s basically the Great Firewall of China but marketed slightly differently for the discerning Australian audience. Notice how Senator Conroy, Minister for Broadband, Communications and the Digital Economy (yes that is his title), says; “I was wondering if I could get the questions without it being accused of being the Great Wall of China” but not actually providing to us all the differences between China and what’s planned here.

Of course when we’re thinking technically here, what they’re planning won’t work – we know that. It’s simple enough to use a proxy or, if you want to be really clever, tunnel through an encrypted connection to somewhere with more freedoms of the Internet like Iran or Afghanistan. :) If they think this is going to do anything to stop child pornography then they’re either stupid or misguided. [DD Note: what..you give them two options?]
(more…)



This document is something that should interest senior business management (if you can get it to them and provide an overview on the value/benefits it will provide them). It’s not perfect but it is one of the better ones I have seen in recent times. CEOs, CFOs, COOs, Legals should all be on top of this. Try your luck with the CIO also, but chances are he’ll insert into either of two containers – inbox (never to see the light of day) or the one next to it called the “too hard basket”. (CIO explanation here). I am a stirrer but hey, pretty much on the mark here. :-)

Thanks to Security4all for highlighting the link to this:
http://security4all.blogspot.com/2008/10/free-action-guide-financial-impact-of.html

(Doesn’t take long to fill in the registration to download). Direct:
http://webstore.ansi.org/cybersecurity.aspx



Australia’s best IT Security conference, Ruxcon is fast approaching: 29-30 November, 2008.

Patrick Gray in his weekly IT Security podcast, Risky Business talks to Ruxcon organisor Chris Spencer who previews the program. Our own Fionnbharr Davies from Securus Global also talks about his presentation on Enterprise Security and some vuln releases attendees can expect to hear about.

Register online at the Ruxcon website at:
http://www.ruxcon.org.au/

Posted in: Research, Too cool


http://twitter.com/TurnbullMalcolm

Seems to be him. Otherwise, someone just has too much time on their hands. Cred to Malcolm for getting out there. Might be worth sending a few twits on “issues” of the current time, eg; Internet Filtering, Government’s approach to Information Security, etc etc.

Posted in: Too cool, WTF


A good friend in Mumbai and close to this subject on the ground suggests some efforts are somewhat misguided. He writes:

The Federation of Indian Chambers of Commerce & Industry (FICCI) has been unusually proactive in trying to push for “Secure wifi” connections in Mumbai (all aboard the anti-terrorism bandwagon). There has previously been a plan in place for deploying free wireless internet access in Mumbai before the recent terrorist email menace and since this has come up, FICCI (it’s not really their business to be talking about these things), have really begun evangelizing secure wi-fi. I suspect they would benefit in some manner by this?

Anyway, they are linking up securing Internet access to stopping terrorism – which is hilarious. Are they really suggesting that because terrorists won’t have access to free internet they will lose interest in bombing people???

(more…)



A recent poll of everyone I know and the results are in:

100% of individuals, small businesses and large business people I speak with either have never heard of “Stay Smart Online” or have never used it! This link here (like others in recent times) are the first many will ever have clicked to go to this site. Looking at the 1.2M over 3 years that AusCert is getting to do this (their newsletters) to keep them in existence just seems wrong when everything is freely available on the Net and you could pay someone less than 40K per year (if that) to produce something easily of better quality! Gees, for a monthly newsletter of that quality, I offer our services to do it for 2K per month!!! We won’t try to hard to make it better than the stuff delivered now but even without trying, it has to be better. The stuff is pretty ordinary and no one reads it, but us tax payers are footing the bill for it!

AusCert? As I have said before, I don’t know what they do. All the people in the industry that I know, don’t know what they do…and some that have heard of them, think it is a conference on the Gold Coast each year. (Not that there is anything wrong with the Gold Coast for a piss-up junket! – I’ll give them that and nothing else!).

Related posts:

http://beastorbuddha.com/2008/09/12/governments-stay-smart-online-programany-value-anyone-there/

http://beastorbuddha.com/2008/06/06/stay-smart-online-latest-australian-government-initiative/

Hey, lets really get serious about this Internet thing (thanks lolwat and Darren Pauli):
http://www.computerworld.com.au/index.php/id;1399635276

Scary stuff – what confidence these guys know what they are doing?



By Declan Ingram

Chip and pin scam ‘has netted millions from British shoppers’

Good example here of a creative attack vector. This is also one that we have been talking about for some time……and each time we do, people have rolled their eyes and made jokes about tin foil hats. :-)

Whilst this is obviously a bad thing, I can’t help but think how good it is that there is media attention for it now and people can start thinking about it.



http://www.theregister.co.uk/2008/10/15/secunia_tests_backlash/

Symantec for one protects against “all unknown and zero day threats”! They told me here. The testing must be flawed!

Trend Micro protects against the threats at the source, so attacking a system directly by Secunia shows the approach by them is flawed.

We know HackerSafe or whatever it is now called protects everyone from hackers.

And I am sure many of the others in the “test” also provide total protection – I just haven’t had time to confirm this with their marketing departments!

What a cheap publicity stunt guys! :-)



Older Posts »