Symantec Customers Immune to Rising Security Threats! (Late Update: Maybe Not!)

Posted on February 23rd, 2010 by Drazen Drazic

Symantec Press Release 22 February, 2010: Symantec 2010 State of Enterprise Security Study……

(Time to pump out another piece of marketing to get people thinking about buying Symantec. Here’s the report if you are interested in wasting a few minutes).

Just reading this now…….wooo…..hang on……what I don’t see anywhere in this report is a proud statement that Symantec customers are the lucky few that are safe from malicious attacks that other businesses are facing.

Why is this not in there Symantec? Surely you should be beating your own drums given you so proudly told us all some time ago that your product(s), and I quote; will provide “…proactive protection against unknown and zero-day threats”. It’s the Symantec Guarantee!

As such, surely Symantec customers do not have the same concerns as those poor businesses you mention in your study. Let us know if this was just an error on your part, or Symantec just not wanting to show off here because, surely you would not use bullshit marketing in the past?! :)

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Bad Stuff, Dumb Security, Too cool, Vulnerability Management, WTF, cyber crime | 20 Comments »

Door to Door Spam Chaser Style

Posted on February 21st, 2010 by Drazen Drazic

Classic Chaser work:

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Too cool, cyber crime | No Comments »

Opening yourself up to criticism – putting it out there…..

Posted on November 27th, 2009 by Drazen Drazic

Tim Ferriss in his blog; The Benefits of Pissing People Off. Worth a read I reckon. Our industry is no different is it?

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Too cool | No Comments »

Loving Cloud Computing

Posted on October 5th, 2009 by Drazen Drazic

Thanks to Wade for sending me this.

Posted in Dumb Security, Too cool | 4 Comments »

Amazing People doing Amazing Things…..Soon :)

Posted on August 26th, 2009 by Drazen Drazic

Stay tuned….

Getting asked by people all the time why I do things like “Twitter” for example. As if it is something not so worthy. Background: here and here.

So have decided I would look at some of the real benefits of such applications in relation to our industry (and wider) in a much longer post. Who’s wasting their time or missing out? Is it that uncool? LOL……we’ll see.

DD

Posted in Bad Stuff, Dumb Security, Ford Falcon, Research, Securus Global, Too cool, UFOs, WTF | 1 Comment »

Memories of 2005……not an IT Security topic…..

Posted on August 16th, 2009 by Drazen Drazic

My Rugby League team, the West Tigers, had been having a pretty ordinary year until about 6 weeks ago. They’re now 6-0 in the last 6 weeks. I had no expectations before I went overseas….(not in the running for the finals), but it was great to come back and see they had won every game while I was away! (Yes, I am superstitious enough to believe that it was me being away….but today they won 56-10 so that’s BS!) :)

Now the point of this post:

Read the rest of this entry »

Posted in Too cool, Uncategorized | 5 Comments »

Me Presenting at Conferences. Laying Down Conditions…..I’m Laid Back but…

Posted on August 14th, 2009 by Drazen Drazic

Coincidental timing….seeing a discussion on Twitter and forum here between a few people on why I don’t do presentations at large conferences.

Nice to know that people give me that cred worth discussing…thank you.

Read the rest of this entry »

Posted in Bad Stuff, Dumb Security, Research, Risk Management, Too cool, WTF | 1 Comment »

A CIO and CEO Guide to improving corporate security today – it is possible.

Posted on August 10th, 2009 by Drazen Drazic

Just got back and saw this was confirmed:
http://www.iirme.com/securecon/workshops/c.html

CEOs, CIOs and Middle East Gov and Gov Security seems to be the audience.

Should be fun…..there is no slides…….just talk…..they accepted that….(somewhat I think). :) I prefer to just talk……

This will be an all-out session and I hope Bruce S (Keynote) will be there….Pass this link to 20 of your friends and you will receive…magically a new notebook.

Posted in Applications, Bad Developers, Bad Stuff, Disclosure Laws, Dumb Security, Firewalls, Forensics, PCI, PCI DSS, Research, Risk Management, Securus Global, Too cool, Vulnerability Management, Web Application Security, cyber crime, governance, news | No Comments »

Random Links and Rants…….

Posted on June 17th, 2009 by Drazen Drazic

Must have been a week or two for lists:
- Anton’s “Security Information Trust Pyramid“. Why? Why not! Related to this thread on Australian IT Security Media?
- Matt on “What do you need to know to work in infosec?” A view from inside a Big 4? What do you think?

Kiwicon 2K9 is in the planning. Follow the site for updates, or on Twitter @kiwicon if that floats your boat.

@SecurusGlobal has been setup on Twitter. Follow us for news, updates and goings on. Awesomely exciting…..Ha….but just as exciting as most of Twitter. :) See you also at @DDrazic.

AISA is also on Twitter: @AISA_National, @Melbourne_AISA, @Perth_AISA.

Discussion on Policy Frameworks here from the Forums section.

Some new updates to the Australian IT Security Blog Directory. Check it out and support the local guys. If we’re missing someone, please let us know.

Posted in Research, Too cool, WTF | 9 Comments »

Cracking PCI DSS Compliance – Thanks CIO Magazine!

Posted on May 23rd, 2009 by Drazen Drazic

How to get PCI DSS compliance right! This is the most awesome piece of journalism that has hit the Internet for a while. If you are one of the thousands of organisations hit by the burden of becoming PCI compliant, look no further than this article for the hot tip on kicking it. For those that have been through it, I bet you wish you had something like this when you were doing it:
http://www.cio.com.au/article/304081/how_get_pci_dss_compliance_right

Many thanks to Mike for highlighting this one. :-)

Posted in Bad Stuff, Dumb Security, PCI, PCI DSS, Too cool, WTF, cyber crime | No Comments »

Bruce the Rock Star of IT Security

Posted on May 9th, 2009 by Drazen Drazic

By SGirl1:

The closest the security industry has to a rock star“. LOLs Bruce….love to see the quality of your groupies! Does Gene Simmons have anything to worry about? :)

Posted in Dumb Security, Too cool, WTF | 3 Comments »

Australian Internet Censorship – Take The Power Back

Posted on April 27th, 2009 by Drazen Drazic

This video was put together by Donal and Wade at the recent RSA Conference in San Francisco (April 2009). For more information and/or to get involved, go to: www.nodecity.com/empower.

Dan Kaminsky, Pete Lindstrom and Marcus Ranum put forward their thoughts on Australia’s plan to censor the Internet. Dan talks about many of the issues that Securus Global’s Matthew Strahan talked about in his interview with ban.this.url. Surprising that these concerns have barely rated a mention here. Marcus certainly adds some interesting analogies and angles to the whole debate.

Related Posts on Internet Filtering. Thanks to Donal and Wade for representing BorB at the Blogger Meetup at the conference.

Posted in Bad Stuff, Dumb Security, Internet Filtering, Too cool, WTF | 4 Comments »

What you are really getting from the cloud…..

Posted on April 22nd, 2009 by Drazen Drazic

Okay, thanks for the responses to the last post. Yep, this does deserve it’s own post.

Makes a mockery of leaders in technologies (like SaaS eg; Qualys) that have been doing great things for years that are now classified as in the same cloud….lumped in with the likes of the below.

Reboot: “I think it’s to late though….critical mass of acceptance of the term [cloud] is now to great! We’re going to have to live with many failed technologies that have a new lease of life now under a “new” name. Bit like this Ferrari here.”

:-)

Posted in Bad Stuff, Dumb Security, Too cool, WTF | 14 Comments »

Random Links and Rants…….

Posted on April 22nd, 2009 by Drazen Drazic

- Donal going all multimedia on us and taking the censorship debate to the streets of San Francisco; nocleanfeed-usa-feedback. D’s also been working on nodecity. If you are decision maker for your business communications, this is worth a big look, and do contact Donal for more information.

- Christian (best of the west) at un-excogitate asking the question as to whether Information Security people could work less hours. :) Also checkout his post on Sandboxing a Windows VM on Ubuntu.

- Anton analysing the Breach Report 2009. I’m so cynical and have so little time for surveys that having someone else dissect the things works for me. Thanks Anton. Seriously though, I suppose it is one of the better ones. A few things I really question in the report but don’t want to get into it. LOL.

- Great to see a Big 4 dude want to punch people re: Cloud Computing. Go Matthew…join the club. I think it’s to late though….critical mass of acceptance of the term is now to great! We’re going to have to live with many failed technologies that have a new lease of life now under a “new” name. Bit like this Ferrari here. :)

- If you’re trying to stay away from Twitter, then this link to Security Twits won’t be of interest to you. Otherwise, this is a good place to start for infosec industry people.

Posted in Too cool | 3 Comments »

Random Links and Rants…….

Posted on April 9th, 2009 by Drazen Drazic

- This is probably my favourite read in recent times: Marcus Ranum’s essay on The Anatomy of Security Disasters. I’m not going to disect it and offer up differing views because for one, it’s a good post and secondly, I agree with most of it (Gees, see my next link). In an ideal world…maybe…..real world; Risk Management methodology “implementations” are quite sad at the best of times. More here. Scroll down to some of the older posts and Ostrich Risk Management – still the most successful Risk Management approach today in IT security.

- Had to laugh at this one from Donal’s Ockham’s Razor. Anything from Life of Brian is good. Hey, he’s not the messiah but we can still use the parables can’t we?

- My favourite PCI DSS commentator (along with Mike), Anton Chuvakin does an exceptional job as usual – this time covering the not so widely reported in Australia, US House of Representatives Hearing on PCI DSS. No need to expand more on that.

- Everyone’s on the Twitter bandwagon. Thought this was pretty cool here. Still hard to explain to those not on it. Still wondering myself.

- Had a laugh during the week about industry preciousness. Always funny to see how others judge their own self-importance and what’s cool and what isn’t in our line of work. I reckon get over it. It’s not a rock star or movie star cool type of industry we’re in. So many people taking themselves so seriously in terms of their own importance, relevance and celebrity in a small and very internal looking industry. That effort and model overall needs to be flipped on it’s backside with information flowing out to broader society instead of an eternal mutual self-congratulatory environment. Those guys who are flowing that information out have my respect. Ah, flame on. :)

Have a good Easter break to all of you that celebrate it and make sure you watch Life of Brian at some stage over the weekend since it’s that time of the year.

Posted in Dumb Security, Too cool, WTF | 2 Comments »

Random Things – Busy Few Weeks

Posted on March 20th, 2009 by Drazen Drazic

- Just got back from New Zealand. As always, great to get over there but wish I had more time. NZ has to be the pound for pound world leader in researchers and research. So many good guys there! And there’s also Kiwicon.

- Pat’s kicked off a new site at Risky.Biz. Some really cool stuff now and a heap of new things coming up. Good luck with it all Pat!

- Been following the SPSP/PCI SSC latest here at Mike’s site.

- New jobs posted at Beast Hot Jobs. Still working to get this going. Yeah, I know, wrong time but hopefully we’ll get there. Check it out.

- Internet Filtering/Censorship in Australia: Trying not to post too much on this because I keep hoping it will just die, but everytime I start to think it is going away, it comes back. Example here. Things in NZ are not much better, potentially worse. All really scary stuff.

- I wonder what I could have seen if I plugged my laptop into the cable poking out at Sydney Airport where another parking payment machine should have been. Nah…probably not much.  :)

Posted in Dumb Security, Internet Filtering, PCI, PCI DSS, Risk Management, Too cool, Vulnerability Management, WTF, Web Application Security, news | No Comments »

Miracle at Securus Global

Posted on March 11th, 2009 by Drazen Drazic

Declan had a clean t-shirt in the morning but by 10am, the imagine of Fatemah had appeared on it. Freaky! (Top right)

Related to this? Hmmm….
Please no pilgrims to the Securus Global offices until we get this looked at by qualified experts, (eBay).

Posted in Ford Falcon, Too cool, WTF, news | 7 Comments »

Random thoughts….Is it just me?

Posted on March 10th, 2009 by Drazen Drazic

- Centralised password management tool here. Vuln free delusions – be fun to “test” this one. Consolidated risk. Nice!

- Data Breach Disclosure update in the US here. Fundamentals still missing to make this a fair and workable law for all. Wrote about this in Risk Management Magazine pp 14-15 in the September 2008 Edition. (May have to sign-in now to read it).

- My costs to maintain PCI QSA status to top 30K in 2009. Add another 20 odd K if we decide to become an ASV also again. PCI SSC doesn’t really care about my thoughts on why some of the costs are just money making grabs on their part. Danger for all is that if only the Big guys eventually are the only ones who can afford this, the level of QSA expertise and subsequent advice/service to merchants, service providers and the industry as a whole is going to become weaker so who wins? Do I battle these guys again or just suck it? No appetite at present for another battle with them. Read on:

Read the rest of this entry »

Posted in Bad Stuff, Disclosure Laws, Dumb Security, Ford Falcon, PCI, PCI DSS, Research, Risk Management, Too cool, Vulnerability Management, WTF, Web Application Security, cyber crime, news | No Comments »

It’s never to late to give up the bad stuff……

Posted on February 1st, 2009 by Drazen Drazic

In a rare event as most Sydney-siders would acknowledge, I met a top cabbie last night. Thick Italian accent (been here 50 years :) )…we had a great chat on my drive home. All his kids had finished Uni and were in top jobs and life is good. Topic turned to vices (as they do) and things that are not good for the health – women at the top of his list (in a nice way)…He drank a little (sometimes), which he acknowledged was not healthy, but smoking; “no good mate, don’t smoke…..my father drank and smoked and the smoking killed him”.

“Gees mate, sorry to hear that. How old was your father when he died?”

Cabbie: “95!…….. I reckon he would have have lived to 130!”

ROFL….who knows, he probably could have! Lessons there.

Thanks St. George cabs cabbie. The world needs more people like you. :)

Posted in Too cool | No Comments »

How Porn kickstarted Intranets in a Large Global Business….

Posted on January 15th, 2009 by Drazen Drazic

Bit of an off-topic but remembered this story the other day and it made me chuckle to myself. Thought I would share it here and see if others have stories about how some successful projects came to fruition in a weird or funny way. Here we go:

There’s a large and very successful global business that to this day doesn’t know that their first Intranet was a porn site, and because of that porn site, a global business Intranet came into existence – it wasn’t going to happen without it (ie; the porn site) at that time. (Aside from about 4 people, though probably many more as the story has been passed on and is now probably considered just a myth). Click on:

Read the rest of this entry »

Posted in Ford Falcon, Too cool, WTF, Web Application Security | 4 Comments »

« Previous Entries