 |
|||
|
May 9, 2008
Is there anything bad happening on the net not being blamed on “Chinese Hackers”? Forget the story….same old stuff. Some of the comments here are priceless: www.theregister.co.uk/2008/05/08/belgium_india_china_warnings/comments/ Now just in case there is some language issues thing here in translation, this is a sarcastic post and in no way talking bad about Chinese Hackers. Point those probes in another direction. Comments (2)
Interesting and good to see IPv6 get a mention/submission in Australia’s 2020 Summit. The submission is here. Not sure where it is headed as I couldn’t see any mention in the Initial Summit Report. Maybe others have heard more about this? We haven’t lacked in some good write-ups on IPv6 in recent times. Thanks to Donal for passing this one from Arbor Networks onto me. The Google IPv6 2008 Conference panel video is well worth seeing if you haven’t already. Are we getting much closer? Previous Beast or Buddha posts: From 2001; IPv6 and the Future of the Internet. May 8, 2008
Declan’s recent post on logging being a double edged sword started some interesting discussion. Anton Chuvakin follows-up further on his blog and writes: “Reverse compliance” is a motivation to purposefully avoid technologies that have a chance of telling you that you are NOT in compliance. Sadly, logging is featured very high on the list of such technologies that a) tell you about all the problems with your compliance posture (e.g. direct violations of regulatory requirements, lack of controls, inefficient controls, policies not followed, etc) as well as b) are mandated by various regulations (e.g. PCI DSS) and c) actively used by auditors for finding compliance issues. May 6, 2008
The rumours about this company or that company wanting to buy into Securus Global continue but this one we are seriously considering. This should turn us into THE global force of Infosec Consulting: Look out world! May 5, 2008
With little to no regulation around IT security practices and controls in Australia, have we fallen behind other major trading partners like the US and countries in Europe? I think the answer is most definitely yes but I welcome your thoughts on this. This is not new…it’s something I have ranted about for a while here but as we see the landscape change elsewhere for tighter regulation(s), data breach disclosure laws for eg; coming into existence in other parts of the world, we seem to talk more than act. The PCI DSS has been the biggest thing to hit Australian business in terms of some form of enforcement of good practice and even that is operated outside of the bounds of government and local controls. No one’s perfect, but have we really progressed much in the last few years? Sure, security awareness is higher than it has ever been, but are security issues being addressed at their core/root or does awareness just mean actioning the latest hot area/topic? I put it out there that that is the case. Who’s addressing risk management properly? Who’s approaching security from a strategic perspective? It’s more than just an IT security issue. It’s a business issue, it’s a shareholder value issue, it’s a national security issue..etc etc… Is regulation the key to change here? If not, what is? May 1, 2008
By Declan Ingram Upon speculation that Microsoft had build backdoors into Vista, Niels Ferguson, a developer and cryptographer at Microsoft wrote: “The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data……..Over my dead body“ That’s very reassuring.. Until this was released : “Microsoft device helps police pluck evidence from cyberscene of crime“. After the awesome Kiwicon 2k7, the 2008 event has been announced. |
Categories
|
||
