Amazing People doing Amazing Things…..Soon :)

Posted on August 26th, 2009 by Drazen Drazic

Stay tuned….

Getting asked by people all the time why I do things like “Twitter” for example. As if it is something not so worthy. Background: here and here.

So have decided I would look at some of the real benefits of such applications in relation to our industry (and wider) in a much longer post. Who’s wasting their time or missing out? Is it that uncool? LOL……we’ll see.

DD

Posted in Bad Stuff, Dumb Security, Ford Falcon, Research, Securus Global, Too cool, UFOs, WTF | 1 Comment »

Off Topic Post – Rugby Union is one dead arsed sport!

Posted on August 22nd, 2009 by Drazen Drazic

Now I am/was a Rugby Union supporter, but gees, this game is now so far behind Rugby League, it’s not funny. It’s that exciting, I can write this post as I watch the pinnacle of the sport, a Bledisloe game between Australia and the All Blacks and know I am not missing much as I type. Read on.

Read the rest of this entry »

Posted in Bad Stuff, Ford Falcon, WTF | 8 Comments »

Miracle at Securus Global

Posted on March 11th, 2009 by Drazen Drazic

Declan had a clean t-shirt in the morning but by 10am, the imagine of Fatemah had appeared on it. Freaky! (Top right)

Related to this? Hmmm….
Please no pilgrims to the Securus Global offices until we get this looked at by qualified experts, (eBay).

Posted in Ford Falcon, Too cool, WTF, news | 7 Comments »

Random thoughts….Is it just me?

Posted on March 10th, 2009 by Drazen Drazic

- Centralised password management tool here. Vuln free delusions – be fun to “test” this one. Consolidated risk. Nice!

- Data Breach Disclosure update in the US here. Fundamentals still missing to make this a fair and workable law for all. Wrote about this in Risk Management Magazine pp 14-15 in the September 2008 Edition. (May have to sign-in now to read it).

- My costs to maintain PCI QSA status to top 30K in 2009. Add another 20 odd K if we decide to become an ASV also again. PCI SSC doesn’t really care about my thoughts on why some of the costs are just money making grabs on their part. Danger for all is that if only the Big guys eventually are the only ones who can afford this, the level of QSA expertise and subsequent advice/service to merchants, service providers and the industry as a whole is going to become weaker so who wins? Do I battle these guys again or just suck it? No appetite at present for another battle with them. Read on:

Read the rest of this entry »

Posted in Bad Stuff, Disclosure Laws, Dumb Security, Ford Falcon, PCI, PCI DSS, Research, Risk Management, Too cool, Vulnerability Management, WTF, Web Application Security, cyber crime, news | No Comments »

How Porn kickstarted Intranets in a Large Global Business….

Posted on January 15th, 2009 by Drazen Drazic

Bit of an off-topic but remembered this story the other day and it made me chuckle to myself. Thought I would share it here and see if others have stories about how some successful projects came to fruition in a weird or funny way. Here we go:

There’s a large and very successful global business that to this day doesn’t know that their first Intranet was a porn site, and because of that porn site, a global business Intranet came into existence – it wasn’t going to happen without it (ie; the porn site) at that time. (Aside from about 4 people, though probably many more as the story has been passed on and is now probably considered just a myth). Click on:

Read the rest of this entry »

Posted in Ford Falcon, Too cool, WTF, Web Application Security | 4 Comments »

Roll out the 2009 Predictions……

Posted on December 22nd, 2008 by Drazen Drazic

Ah, lets just leave it to Anton Chuvakin who’s covering a lot of these “retarded” (his words) postings here at his blog.

Related post on “progress” (or rather lack of) in 2008. We can talk until the cows come home.

My prediction (more wishful thinking), I’ll go outside the industry. Shane Warne to do a Michael Jordan – return for the Ashes, smash the poms and then retire again. (Though this is dependent upon selectors, captain etc I suppose extending the “invitation”). Lets leave egos and any old grudges aside. Warne in 2009!  :-)

Posted in Ford Falcon | No Comments »

PM and Opposition Leader on Twitter

Posted on November 14th, 2008 by Drazen Drazic

Following in the footsteps of Malcolm Turnball, Kevin Rudd seems to have signed up also.

People have questioned recently whether it really is Malcolm Turnball here: http://twitter.com/TurnbullMalcolm. If it’s not, the guy’s going to a lot of trouble. If it is, and I believe it is, he’s doing well. Even exchanged a few posts with him recently. Good on him!

Now is this our PM here: http://twitter.com/KevinRuddPM?

May have to test how he responds soon. :) Well we have a direct forum on issues like Internet Filtering. (http://twitter.com/big_galoot).

Posted in Ford Falcon | No Comments »

Dumb Bosses…

Posted on November 11th, 2008 by Drazen Drazic

The danger here is that I may well cop some posts here myself (though hopefully I rarely fall into this category). :-)

Talking to a friend who I know is an awesome Infosec guy and also delivers. He’s been marked down somewhat in his performance appraisal because he’s; “not putting in above and beyond….”. (Read: he’s not coming in at 7am and leaving at 7pm). But all his work is delivered on time and quality. Colleague X whose projects are always late and generally troubled receives a good appraisal (as usual). Yeah, he’s one of those guys who’s in at 7am, leaves after the boss, and talks up his “successes”.

I always wonder what some of these bosses are thinking. Is it just their own belief that you need to be spending half your life in the office to show your worth or are they part of a monkey delivery system (where each link works on this premise)? (No relationship to the monkeynet). Saw a damn lot of this in my time in the Big 4 and investment banking world.

Read the rest of this entry »

Posted in Bad Stuff, Dumb Security, Ford Falcon, WTF | 13 Comments »

How cool would it be if Gordon Ramsay was an infosec consultant?

Posted on April 3rd, 2008 by Drazen Drazic

Each week he visits another company and sorts out their problems in his own unique way. I could imagine a talk with many CIOs going along the lines of:

“Oh ^%$ me….what the &*$# are you actually %*&*ing doing here? Okay, show me what you actually @%$ing know about *&^%ing security!?…..if your customers actually &*$^ing knew what the $*&$ you $*&$ing do and don’t *&$#ing do, you’d make them *&^$ing ill. And who’s this #&^$ing guy you have looking after $&##ing security. Why don’t you *(#$ing listen to him?!…… oh *&#$ me!”

Blunt or beating around the bush…..what works best? I would watch this show. :-)

Posted in Ford Falcon | 4 Comments »

McAfee: Email is not intended for sending attachments….

Posted on January 7th, 2008 by Drazen Drazic

Yep, you heard that right. Background: one of few Windows systems we use cannot send any attachments with email. We try everything and narrow it down to McAfee’s product. Numerous emails to support were like talking to a brick wall…. but you got to love this comment from the McAfee dude (thanks Dec), who tells us that email is not intended for file attachments. Trust me, there’s no hidden context to this email. Gees….here’s me doing the wrong thing for the last 15 odd years. Check this out! (oh, and by the way, this is just one part of a large email trail to get the problem fixed…many more funny parts to it….Dec…you want to post them?)….BTW, we gave up in the end. :-)

Read the rest of this entry »

Posted in Bad Stuff, Dumb Security, Ford Falcon, Too cool, WTF | 3 Comments »

Too good not to highlight……

Posted on November 1st, 2007 by Drazen Drazic

I know this one about the House of Lords debating the liquid ban has done the rounds, but gees it’s worth a read. “The Register” dudes cover it well.

Posted in Bad Stuff, Dumb Security, Ford Falcon, Too cool, WTF | 1 Comment »

The Worm fights back…..

Posted on October 25th, 2007 by Drazen Drazic

Hot on the heels of the ABC and Press Club in Australia trying to defeat the Worm (part of the Australian election debate) – unsuccessfully, Security Researchers are also discovering that it cannot be beaten. In fact, the Worm is not only now defeating attacks to kill it, it is fighting back. Is it just coincidence that this all came to a head on Sunday night? Is this another reason to vote in the Worm friendly Labor Party? Hmmmm….you have to wonder.

The Worm has become a living entity now by the looks of things as reported in Network World and as verified by IBM – with AI powerful enough to allow it to make decisions on the fly to attack those it sees as a threat to it’s existence.

Reports out of Tihsllub where the Worm is believed to have originated are sketchy, with all IT services down for the last 4 days. We have though heard through reputable sources that have managed to get out of the city, that there are unconfirmed reports that the developers of the Worm confessed to having lost control. One of the developers, known only as “Eddie”, is reported to have stated before his untimely disappearance; “It was just for fun…no money…no government…no terrorism….just prank on my girlfriend……now it goes crazy…..it’s alive! I am in fear of my human!”

So the warning to all: whatever you do, if you come across the Worm, don’t approach it or try to engage it in any way, just pretend it’s not there. But, if you are backed into a corner and have no other options, just be nice to it. That may be enough!

Posted in Bad Stuff, Ford Falcon, WTF | 6 Comments »

“Ethical Hacking”….that term is a worry….

Posted on August 7th, 2007 by Drazen Drazic

Courses that teach under-skilled individuals the basics of “hacking” are a worry to me. Companies that teach “ethical hacking” courses are worry…….most I know I would not hire to review a static one page site. What is that they are trying to achieve? I read the course objectives for pretty much all of these courses and they worry me.

So….big company that can afford to send netadmin to one of these courses now thinks netadmin can do network and web app pen test…..saving bucks now by not hiring a third party?!?! Akin to me reading the “Idiots Guide to Accounting” and professing to be able to manage the financial books of News Limited.

Come on….WTF….give the professionals some credit!

Posted in Applications, Bad Stuff, Disclosure Laws, Dumb Security, Ford Falcon, Vulnerability Management, WTF, Web Application Security, cyber crime, governance | 15 Comments »

IPv6….when…why….security?

Posted on May 10th, 2007 by Drazen Drazic

Is this getting any closer? It’s funny that the security weaknesses are already being discovered – for a while – what many years now?

Most security presentations continue to deliver the message that we’re only facing these security problems today (forget that many apps are also doing it) because of the inherent in-secureness of the architecture we all work on. Isn’t v6 supposed to fix that?! Or is it still focussed on being the fix to IP addresses today running out one day? (Like coal, oil)..Who knows?

It’s funny that a whole generation of IT dudes missed the early 90s where we all (or most) saw Unix and TCP/IP as old and on the way out systems and protocol…and Novell NetWare (and somewhat Windows) and IPX/SPX as the new world.

Did we move backwards or what? You can tweek and tune an old Ford Falcon GT to go as fast as a Ferrari…but you can’t guarantee at those speeds it will be safe. Sounds like a pretty cool analogy or am I just living in the past?

Posted in Ford Falcon, Vulnerability Management | 2 Comments »