Outsourced (unauthorised) Vulnerability Assessment – Testing for Porkies!
August 28, 2009

Looking at data like this from the Conficker Working Group and talking to many Information Security Managers/CSOs still having to deal with outbreaks in their organisations, you have to wonder what’s going on? The general theme seems to be; “Infrastructure lead told us this was under control….they patch (always!)…..they now tell us [post infection], they “sometimes” patch!….Now it’s out of control!”

LOL…usually same guys who see no merit in vulnerability assessment/management systems and penetration testing (plus security in general?). Why buy something like QualysGuard when you can get a pretty thorough test for free I suppose? (If you can deal with the repercussions). From the CSO perspective; Automated Porkie Testing…no client-side input required. :)

Comments (0)
Posted in: Bad Stuff, Dumb Security, Risk Management, Vulnerability Management, WTF


Macs, Snow Leopard, Malware etc….
August 27, 2009

I suppose having some form of detection “engine” at the ready even if it’s just sitting idle, (if that is really what Apple is considering and it’s not just speculation waffle), makes sense in the longer term…..if that one day comes where all us Mac users come under attack!? Quicker to download a signature than a complete application when time could be of the essense. But if gameovered….doesn’t matter anyway, Hmm….Nothing new here.

Comments (0)
Posted in: Bad Stuff, MAC Security, Vulnerability Management


Amazing People doing Amazing Things…..Soon :)
August 26, 2009

Stay tuned….

Getting asked by people all the time why I do things like “Twitter” for example. As if it is something not so worthy. Background: here and here.

So have decided I would look at some of the real benefits of such applications in relation to our industry (and wider) in a much longer post. Who’s wasting their time or missing out? Is it that uncool? LOL……we’ll see.

DD

Comments (1)
Posted in: Bad Stuff, Dumb Security, Ford Falcon, Research, Securus Global, Too cool, UFOs, WTF


Off Topic Post – Rugby Union is one dead arsed sport!
August 22, 2009

Now I am/was a Rugby Union supporter, but gees, this game is now so far behind Rugby League, it’s not funny. It’s that exciting, I can write this post as I watch the pinnacle of the sport, a Bledisloe game between Australia and the All Blacks and know I am not missing much as I type. Read on.

(more…)

Comments (8)
Posted in: Bad Stuff, Ford Falcon, WTF


Randon Links and Rants…….

- Didn’t the 4 Corners Episode; “Fear in the Fast Lane” generate some discussion and debate this week? I didn’t post anything about it myself here for a couple of reasons; (1) I didn’t think anything new and worthwhile was worth highlighting, and, (2) People were “twittering up a storm” over it – some of it very over the top. (Refer to #4corners on Twitter search for more on that). Interestingly, from within our own industry, the discussion was more personal – questioning people’s credentials as “experts” as opposed to the actual content itself in many cases. Some fair questions raised and some not so in my opinion. I welcome your thoughts here.

-Which leads me to discussions and analysis on who are the “experts”. Anton Chuvakin, our Qualys and PCI friend ponders the question here; “A Myth of an Expert Generalist“. The same question was also raised in the Beast or Buddha forums a little while ago in the post titled; “Internet Security ‘Expert‘”. I had some thoughts on this topic (and the 4 Corners episode) on my twitter; here and here. Chris Gatford, an industry colleague in Australia and one of the people heavily featured during the 4 Corners episode responded to this here.

- Hackers vs Federal Police was a big story this week here as reported in the SMH; “Hackers break into police computer as sting backfires“. Some things get reported and some don’t: http://r00tsecurity.org/files/zf05.txt. No more to add. Everyone’s a target and everyone’s ownable (well at least you’d bet on it it being the case). Kind of makes a mockery of some of the talk on the conference circuit. Waffle vs substance…what do people want to listen to? Can most even judge?

- I’ve recently been invited to write for Tek-Tips Forums. Yep, that’s my mug. I’ll link the posts from here also when I remember to do so. After coming back from a holiday, the inspirational juices aren’t really flowing but I expect things will start to annoy me and then I’ll be back to normal. :)

- Had to repost this one: “How not to setup a Hotel Safe”; I took this photo recently in a hotel in Croatia. At first I thought I must be missing something here (like being able to program the code) but no, this is it. Needless to say, I didn’t use the “safe”. :)

- And finally, off the Information Security topics. The latest issue of Top Gear magazine (which I thought was not the Australian one – yuk….but seems now like some sort of a combination of Aus and UK) has a home fridge magnet Cool Wall – most cool! Here’s my “Cool Wall“.

Comments (0)
Posted in: Bad Stuff, Dumb Security, Risk Management, Vulnerability Management, Web Application Security, cyber crime, news


CERTs in Australia….and the saga continues….
August 18, 2009

From Australian IT; “AusCERT sidelined in CERT revamp“. Sadly the big question that most will raise from this is; “What will happen to the yearly junket, (I mean conference), on the Gold Coast?” Be shocked if anyone even responds to this post.

Positive to see the Government doing things. Hopefully it’s being well planned and thought out.

Comments (17)
Posted in: Risk Management, cyber crime, news


Memories of 2005……not an IT Security topic…..
August 16, 2009

My Rugby League team, the West Tigers, had been having a pretty ordinary year until about 6 weeks ago. They’re now 6-0 in the last 6 weeks. I had no expectations before I went overseas….(not in the running for the finals), but it was great to come back and see they had won every game while I was away! (Yes, I am superstitious enough to believe that it was me being away….but today they won 56-10 so that’s BS!) :)

Now the point of this post:

(more…)

Comments (5)
Posted in: Too cool, Uncategorized


Might sit back this time for "Snow Leopard"……maybe….maybe not.

The last update to Mac’s operating system (Leopard) didn’t really live up to the hype in my opinion but still, I’d rather be on the Mac than Windows. Just a personal choice. Thanks to cmlh for the link to this comparison between Windows 7 and the last version of the Mac OS. Worth a read if interested. Then again, with an upgrade price of around $30, who knows, I may get the urge to get it sooner. http://www.apple.com/macosx/

LOL at the dude(s) that responded to a recent press article on Mac security that I was quoted in…assuming I was on anything but the Mac and how dare I bag Mac security. But that’s another story. :) Got to love the Mac fanboys. They are a passionate bunch.

Comments (2)
Posted in: MAC Security


Me Presenting at Conferences. Laying Down Conditions…..I'm Laid Back but…
August 14, 2009

Coincidental timing….seeing a discussion on Twitter and forum here between a few people on why I don’t do presentations at large conferences.

Nice to know that people give me that cred worth discussing…thank you.

(more…)

Comments (1)
Posted in: Bad Stuff, Dumb Security, Research, Risk Management, Too cool, WTF


Securus Global News and Information
August 13, 2009

I don’t normally use this forum to talk about the business side of things for Securus Global but thought I would take an opportunity to talk a bit about what’s been happening.

2009 surprisingly has seen good growth for us. Still hoping we’re not going to see some delayed effect of the Global Economic Crisis.

While we’ve always had a large client base in Melbourne, we’ve recently setup a permanent presence there and we’re looking at doing the same for other Australian cities. Asia and other international clients we support from Sydney at present (and travel as required like we always have), but we’re looking at our position here. (Also based upon international partnerships).

With this expansion, we are looking for good people, so we’re keen to hear from experienced and passionate Information Security Specialists. Generally, the level of expertise we look for is as described here. Working with many of Australia’s largest organisations across most industry sectors (in particular across critical infrastructure), we’re seen as leaders in our field and we’ve built our reputation and differentiation on the quality of our work and people. There’s few others that can now match our client-base and we’re proud of our achievements to have gotten to where we are.

(more…)

Comments (0)
Posted in: Securus Global, news


Older Posts »