Internet Banking in NZ - Will be interesting to see some test cases….

July 4th, 2008 Drazen Drazic

The Kiwis have had this on the table for a while. Computerworld NZ and MIS Australia amongst others have covered it recently with changes being made to the rules governing online banking in New Zealand.

The Computerworld NZ story has a quote that doesn’t seem to make that much sense but in context of the history of this and what could have been, is now a bit more understandable; The move is expected to boost customer confidence that losses from online fraud will be covered by the banks”.

While the motives are clear, regardless of spin put on the reasons, it does raise more questions than it answers and is something I suppose will be tested eventually in a legal scenario.

Mac and Linux users I suppose need to be worried. Will basic firewalls on those systems constitute “security software”? This will be an interesting one to follow. I am sure banks in other countries that don’t throw liability back as a general rule are also watching this.

Posted in Risk Management, Vulnerability Management, Web Application Security, cyber crime, news | 1 Comment »

Trend Micro attacks the bad guys on their own turf….

June 22nd, 2008 Drazen Drazic

Trend Micro announced today that they are now protecting the consumer by going after the bad guys directly. While specific details were not released, I ascertain from the advertisement in the Sunday paper today that they have developed some technology to fight the bad guys on their own turf and are able to neutralize threats from them before they can affect you and I.

“Only Trend Micro PC-cillin Internet Security Pro gives you bulletproof protection from every trick invented to steal your identity. Its unique Web Threat protection blocks bad stuff at the source, before it gets near you and your PC. And its keystroke encryption makes it impossible for someone to get your password”

We await more information on this. Amazed this has not made headline news in the IT media! :-)

Related post.

Posted in Bad Stuff, Dumb Security, Vulnerability Management, WTF, Web Application Security, cyber crime, news | 3 Comments »

39% of Australians Victims of Cyber Crime?

June 10th, 2008 Drazen Drazic

Another survey and some more frightening statistics as reported in CW and affiliated sites. Luckily the company that undertook the survey has the solution; “Protection against all Internet threats“. (Hey, their words, not mine!)

Does anyone have a link to the survey? 39% sounds pretty high but I have no context from the articles.

Secondly, AVG seems to have joined Symantec with the magic solution. Amazing that we allow companies to get away with such advertising! Related post on mis-leading and false advertising.

Posted in Bad Stuff, Dumb Security, WTF, cyber crime, news | 5 Comments »

The monkeynet project kicks off…..

June 6th, 2008 Drazen Drazic

Speculation has been rife and the rumour mill going crazy but I can announce that the monkeynet project has now kicked off. Visit and explore the site for more information and to stay abreast of the latest news on the monkeynet project. (Find the secret area with information on the “secret” projects). Join the initiative and become part of the monkeynet project.

Background:

Read the rest of this entry »

Posted in Research, news | 8 Comments »

Stay Smart Online - Latest Australian Government Initiative…

June 6th, 2008 Drazen Drazic

I wonder what the old teams and program developers at NOIE/AGIMO etc think about the latest re-branding of government’s effort to demonstrate care about individual’s and businesses use of IT. (As reported here). I remember the old NOIE site. It was pretty good; rich full of information and a great source of help and knowledge. It was a shame relatively very few people were aware of it.

The latest incarnation with a few added “features” comes at a cost of $1.2M (just on the contract alone to AusCERT as reported by the Australian Newspaper). Will be interesting to see how it all goes…….

Posted in Risk Management, Vulnerability Management, Web Application Security, cyber crime, news | 6 Comments »

Be careful of being too cockey…Lifelock CEO cops it….

May 25th, 2008 Drazen Drazic

Watch the Lifelock ad on the site as it scrolls through. :-) Story at ha.ckers.org.

From the story in Yahoo! News.

Another one to add to the list of failed magical solutions? You have to take any promises of total security with a grain of salt. See recent posts about ScanAlert and the links within the links. (Aside: Is this the most hated product/service in the IT Security industry?)

But then again, we have the old Symantec Guarantee. Posted here again for your viewing pleasure and evidence requirements for any legal action you may ever contemplate. (Though by clicking on the software agreement when you installed it, you probably signed away all rights you had anyway, but worth a shot!)

Posted in Bad Developers, Bad Stuff, Dumb Security, WTF, cyber crime, news | 4 Comments »

Australian/New Zealand Security Blogs

May 13th, 2008 Drazen Drazic

As I mentioned before, we’re putting together a Blog Directory of Australian and New Zealand security bloggers and independent news sites. So far, not so many, but if you’d like to be on the list, email me or get me through the “Contact Me” section of the website.

Posted in news | 3 Comments »

Securus Global Update

April 29th, 2008 Drazen Drazic

We’ve just released the updated Securus Global website:
www.securusglobal.com

Since we changed our name from Security-Assessment.com Australia/Asia Pacific to Securus Global, the response from our clients and the industry has been fantastic. Thank you to everyone.

We’ve tried to make the new site different and hopefully a site that provides you with information more than just our service offerings. The information in the side-bars will continue to evolve and to provide further industry information and help to businesses. Stay tuned to the site and hopefully consider Securus Global if there’s ever anything you need assistance with.

Drazen Drazic
Securus Global

Posted in news | No Comments »

Daily Security News Changes

April 8th, 2008 Drazen Drazic

We’re expanding the coverage of DSN and also now categorising (as best we can) all the latest IT Security news feeds from around the world. You can still in one view read everything, or just view the category that interests you. In the next couple of weeks, our research team will work to expand some of the categories such as “Security Theory”. As usual, your comments, criticisms and ideas are most welcome.

Posted in news | No Comments »

Some good IPv6 links….

March 31st, 2008 Drazen Drazic

These are well worth a look. From Ockham’s Razor:
http://bsdosx.blogspot.com/2008/03/ipv6-trix.html

Posted in Research, news | 1 Comment »

Australian Information Security Association (AISA) - Consider Joining

March 26th, 2008 Drazen Drazic

If you are not aware of the Australian Information Security Association (AISA), please do consider joining. (AISA is a non-profit volunteer run organisation aligned to no vendors).

Becoming a member makes you part of Australia’s largest association of Information Security professionals. Membership gives you; monthly meetings/presentations (from industry specialists and peers), interest group participation, member forums, social events, enormous networking opportunities in person and online, opportunity to participate in industry strategy, monthly newsletters and other updates, plus other side benefits such as discounts and/or free entry to industry events and conferences. More Information.

The annual membership fee is only $50 at present and for all members who join before June 30, 2008, your membership will be valid until June 30, 2009! If you have any questions, contact AISA or myself. To join, you can do this online.

I am posting this as part of the AISA National organising committee.

Posted in news | No Comments »

IT Security Bloggers and Twits Directory

March 24th, 2008 Drazen Drazic

I like Jennifer Leggio’s idea so much, I thought it might be a good one to explore here in Australia/NZ/Asia Pacific. (Thanks to Wade for the original link and cmlh for his support). (Possibly then pass on bulk updates to Jennifer if she’s keen).

So, either respond here, the forum post, the contact me or direct email if you want to be added to the list. We’ll link the directory from the main page and hopefully build more of a community around the blogging dudes here in our region and regular BorB readers.

Posted in news | No Comments »

Kicked off the Forum…..

March 14th, 2008 Drazen Drazic

Click on the link above in the menu or here. Just for a bit of fun.

Posted in news | No Comments »

Metl getting some major press…I hear the groupies are flocking in also now…

March 5th, 2008 Drazen Drazic

Adam Boileau, our old colleague, 18 months down the track is getting some serious traffic now for this. Why freeze some RAM?

ComputerWorld

Sydney Morning Herald

Gees, even Slashdot! :-)

I hear even some guitar mags may be picking this up also now based upon the pic in The Age and The Sydney Morning Herald. Onya Metl!

Additions: I just fixed the SMH link with the photo. Also, it was interesting to talk with Patrick Gray today about this:
“Hi Draz — your readers might want to hear the Risky Business interview I did with Metl about this whole thing. The Sydney Morning Herald actually picked up this story from the podcast and linked back to it… no one else bothered. Que sera, what can you do?”
That’s a bit slack not passing the credit back to where it’s due. Anyway, here is the original source from Pat: Risky Business #52.

Posted in Forensics, Research, To cool, news | 3 Comments »

OWASP Australia AppSec 2008 Conference

February 8th, 2008 Drazen Drazic

The OWASP Australia AppSec 2008 Conference is on February 27-29th. Details here.

Looks like being a good event. Who’s going?

Posted in Research, Web Application Security, news | 1 Comment »

US goes big on network surveillance…

January 28th, 2008 Drazen Drazic

This from the Washington Post is some serious business. In the old days, you’d be a raving conspiracy theorist to say this was going on. Nowadays, it’s just done and reported.  Double-edged sword or what? Billions of dollars? Gees….that is one big investment. How this is managed is going to be interesting to follow if we ever hear much about it again.

Posted in WTF, governance, news | No Comments »

Security-Assessment.com now operating under Securus Global

January 9th, 2008 Drazen Drazic

Press Release/Announcement:

Security-Assessment.com Australia/Asia Pacific is now operating under Securus Global.

As has been reported in recent times, Security-Assessment.com New Zealand has been sold to Datacraft in New Zealand.

As I mentioned before, Security-Assessment.com Australia/Asia Pacific has not been sold out and our business operations, commitment to clients, our team and approach to the IT Security industry remain the same. It’s business as usual continuing to deliver the quality services we have become renowned for….but we are making a few changes.

The Security-Assessment.com Australia business, brand and name will now come under the Securus Global business as the specialist consulting services delivery arm of the business. http://www.securusglobal.com/

Read the rest of this entry »

Posted in news | 7 Comments »

Australia moving towards Internet filtering…..

January 2nd, 2008 Drazen Drazic

You have to wonder about how successful such initiatives like this to filter “inappropriate” content to Australians is likely to be:

http://www.news.com.au/heraldsun/story/0,21985,22989008-662,00.html
http://www.abc.net.au/news/stories/2007/12/31/2129471.htm

Read the rest of this entry »

Posted in Bad Stuff, Dumb Security, Research, WTF, cyber crime, governance, news | 6 Comments »

Security-Assessment.com Australia/Asia Pacific is not part of the Datacraft purchase of SA NZ

December 11th, 2007 Drazen Drazic

You may have read this morning that Datacraft NZ has purchased Security-Assessment.com in New Zealand.

I just wanted to highlight that this is just Security-Assessment.com NZ and not Security-Assessment.com Australia/Asia Pacific. We have not sold out and our business operations, team and approach to the IT Security industry remain the same. We wish NZ all the best but it’s business as usual for us here in this region.

If you have any questions, please don’t hesitate to call or email me.

Posted in news | No Comments »

“State Sponsored” attacks……more out in the open but were they ever not?

December 3rd, 2007 Drazen Drazic

This one from the Times Online openly warns businesses that they are being targeted by state sponsored attacks. (Aside: “State Sponsored”? What a dumb term). (Also covered by Howard Dahdah in Computerworld Australia).

What is it with this softly softly response to these potential and real “attacks”? How many official responses to supposed evidence that this is occurring are being sent to the countries involved? Is it a case of governments just not being sure as to how to approach this subject? Probably.

Do we know how serious or what the implications can be? Of course we do.
Read the rest of this entry »

Posted in Bad Stuff, Dumb Security, Research, Risk Management, Vulnerability Management, WTF, cyber crime, news | 4 Comments »

« Previous Entries