From the Western Australian branch of the Australian Computer Society; they are launching two new “Centres of Excellence”. Information here. Information supplied by Philip Argy. Thank you to the ACS for passing this to us. We look forward to hearing more about this initiative.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in: Research, news


Tim Ferriss in his blog; The Benefits of Pissing People Off. Worth a read I reckon. Our industry is no different is it?

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in: Too cool


Good luck to the AGD team with CERT Australia. Further reports:
- Australian IT mentions the role of AusCERT in this.
- AusCERT’s press release here.
*** Should have included this also in original post: http://www.ag.gov.au/cybersecurity

For those attending the AISA National Annual Seminar Day; David Campbell, (Director Australian Government Computer Emergency Readiness Team) will be talking about the new CERT. Should be an interesting presentation.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.



I enjoyed listening to Paul Ducklin on the latest Risky Business podcast that featured interviews on this iPhone “worm”. Worth a click through to Risky Business.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.



- We got a chance to do some Endpoint Security testing for ZDNet here: How effective is endpoint security? Thanks for the feedback on this one. We only had a very small window to get this done and given more time, the results in terms of scope of testing would have been much larger. It is what it is and we hope you liked it. Hopefully a part II, with some really cool stuff.

- Fionnbharr Davies from Securus Global (Thoth) will be presenting at Kiwicon 2009. Fionn’s talk synoposis: “Linux kernel rootkits are everywhere, but no modern (public) detection system exists. Linux rootkit checkers are currently woefully inadequate, often focusing upon mundane and outdated techniques that are only used by the lowest of the kiddies. I will briefly highlight common modern rootkit techniques as seen in real in-the-netz linux rootkits, and walk through my Antilulz tool, which is an LKM designed to be loaded at times of peak paranoia to give your kernel the once over. I’ll continue the conversation discussing what a rootkit would need to do to defeat these checks, and expand upon antilulz to continue the cold war. If I’ve time, I’ll talk a bit about the state of rootkit detection, and will discuss real-time kernel IDS techniques, and why they are extremely hard to do”.

- Thanks to Craig B and fudsec.com for having me on; Testing the Vendor Guarantees. Guaranteed Security….Just Show Us the Money.

- Some articles at Tek-Tips. Here’s a couple of the latest ones:

Clouding the Solution Landscape: Mediocrity vs Strategy – Going the Easy Path

Data Classification Policies – Forgotten Purpose

As always, keen on your thoughts.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in: cyber crime, news


I enjoy following what the local guys have been up to. Well worth bookmarking the following Australian blogs:

- Donal at Ockham’s Razor latest post Troubleshooting-101 is a typical Donal brain dump of ideas. Smart guy and also doing some great things with Nodecity. Check them out.
- Big 4 man Matthew at Infamous Agenda has really started to get stuck into it. Is there another Big 4 Infosec dude blogging away? Great to see. A heap of new posts here covering; web application security, cloud security, security requirements, security governance.
- The biggest blogger from the west, @xntrik doesn’t post that often but always posts interesting things at un-excogitate.org. Checkout the Internet Censorship video in his latest post.
- Jarrod at /dev/null has posted a book review of; Security Metrics: Replacing Fear, Uncertainty and Doubt. Check out his other recent posts also. Jarrod’s recently moved to the dark side (consulting). :)
- Eldar (@wireghoul) has a new advisory and more information and updates to “Graudit” in his blog, Just Another Hacker. He’ll also be presenting at the next AISA National Annual Seminar Day on Graudit.
- Phillip Hall at CyberSecurity Junkie has been writing about WordPress, Windows 7 and Password security. You can get Phillip on twitter also @PhilHall.
- Bradley Schatz blogs about Forensics at Inside out. I enjoy reading Bradley’s work. He knows his stuff and posts on some interesting topics. Check it out if you haven’t already.
- Paul Ducklin (CEO of Sophos) doesn’t only spend time talking about Malware at his blog, Duck or grouse. Recent topics aside form malware facts and figures include; ACMA, Social Networking, Computer Security in Schools. One of Australia’s best infosec speakers.

I haven’t covered everyone, but if you are blogging in Australia or know of someone who is, let us know and we’ll add them to the Australian IT Security Blog Directory.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in: news