Random Links and Rants…….
June 17, 2009

Must have been a week or two for lists:
- Anton’s “Security Information Trust Pyramid“. Why? Why not! Related to this thread on Australian IT Security Media?
- Matt on “What do you need to know to work in infosec?” A view from inside a Big 4? What do you think?

Kiwicon 2K9 is in the planning. Follow the site for updates, or on Twitter @kiwicon if that floats your boat.

@SecurusGlobal has been setup on Twitter. Follow us for news, updates and goings on. Awesomely exciting…..Ha….but just as exciting as most of Twitter. :) See you also at @DDrazic.

AISA is also on Twitter: @AISA_National, @Melbourne_AISA, @Perth_AISA.

Discussion on Policy Frameworks here from the Forums section.

Some new updates to the Australian IT Security Blog Directory. Check it out and support the local guys. If we’re missing someone, please let us know.

Comments (9)
Posted in: Research, Too cool, WTF


Cracking PCI DSS Compliance – Thanks CIO Magazine!
May 23, 2009

How to get PCI DSS compliance right! This is the most awesome piece of journalism that has hit the Internet for a while. If you are one of the thousands of organisations hit by the burden of becoming PCI compliant, look no further than this article for the hot tip on kicking it. For those that have been through it, I bet you wish you had something like this when you were doing it:
http://www.cio.com.au/article/304081/how_get_pci_dss_compliance_right

Many thanks to Mike for highlighting this one. :-)

Comments (0)
Posted in: Bad Stuff, Dumb Security, PCI, PCI DSS, Too cool, WTF, cyber crime


Bruce the Rock Star of IT Security
May 9, 2009

By SGirl1:

The closest the security industry has to a rock star“. LOLs Bruce….love to see the quality of your groupies! Does Gene Simmons have anything to worry about? :)

Comments (3)
Posted in: Dumb Security, Too cool, WTF


Australian Internet Censorship – Take The Power Back
April 27, 2009

This video was put together by Donal and Wade at the recent RSA Conference in San Francisco (April 2009). For more information and/or to get involved, go to: www.nodecity.com/empower.

Dan Kaminsky, Pete Lindstrom and Marcus Ranum put forward their thoughts on Australia’s plan to censor the Internet. Dan talks about many of the issues that Securus Global’s Matthew Strahan talked about in his interview with ban.this.url. Surprising that these concerns have barely rated a mention here. Marcus certainly adds some interesting analogies and angles to the whole debate.

Related Posts on Internet Filtering. Thanks to Donal and Wade for representing BorB at the Blogger Meetup at the conference.

Comments (2)
Posted in: Bad Stuff, Dumb Security, Internet Filtering, Too cool, WTF


What you are really getting from the cloud…..
April 22, 2009

Okay, thanks for the responses to the last post. Yep, this does deserve it’s own post.

Makes a mockery of leaders in technologies (like SaaS eg; Qualys) that have been doing great things for years that are now classified as in the same cloud….lumped in with the likes of the below.

Reboot: “I think it’s to late though….critical mass of acceptance of the term [cloud] is now to great! We’re going to have to live with many failed technologies that have a new lease of life now under a “new” name. Bit like this Ferrari here.”
:-)

Comments (14)
Posted in: Bad Stuff, Dumb Security, Too cool, WTF


Random Links and Rants…….

- Donal going all multimedia on us and taking the censorship debate to the streets of San Francisco; nocleanfeed-usa-feedback. D’s also been working on nodecity. If you are decision maker for your business communications, this is worth a big look, and do contact Donal for more information.

- Christian (best of the west) at un-excogitate asking the question as to whether Information Security people could work less hours. :) Also checkout his post on Sandboxing a Windows VM on Ubuntu.

- Anton analysing the Breach Report 2009. I’m so cynical and have so little time for surveys that having someone else dissect the things works for me. Thanks Anton. Seriously though, I suppose it is one of the better ones. A few things I really question in the report but don’t want to get into it. LOL.

- Great to see a Big 4 dude want to punch people re: Cloud Computing. Go Matthew…join the club. I think it’s to late though….critical mass of acceptance of the term is now to great! We’re going to have to live with many failed technologies that have a new lease of life now under a “new” name. Bit like this Ferrari here. :)

- If you’re trying to stay away from Twitter, then this link to Security Twits won’t be of interest to you. Otherwise, this is a good place to start for infosec industry people.

Comments (3)
Posted in: Too cool


Random Links and Rants…….
April 9, 2009

- This is probably my favourite read in recent times: Marcus Ranum’s essay on The Anatomy of Security Disasters. I’m not going to disect it and offer up differing views because for one, it’s a good post and secondly, I agree with most of it (Gees, see my next link). In an ideal world…maybe…..real world; Risk Management methodology “implementations” are quite sad at the best of times. More here. Scroll down to some of the older posts and Ostrich Risk Management – still the most successful Risk Management approach today in IT security.

- Had to laugh at this one from Donal’s Ockham’s Razor. Anything from Life of Brian is good. Hey, he’s not the messiah but we can still use the parables can’t we?

- My favourite PCI DSS commentator (along with Mike), Anton Chuvakin does an exceptional job as usual – this time covering the not so widely reported in Australia, US House of Representatives Hearing on PCI DSS. No need to expand more on that.

- Everyone’s on the Twitter bandwagon. Thought this was pretty cool here. Still hard to explain to those not on it. Still wondering myself.

- Had a laugh during the week about industry preciousness. Always funny to see how others judge their own self-importance and what’s cool and what isn’t in our line of work. I reckon get over it. It’s not a rock star or movie star cool type of industry we’re in. So many people taking themselves so seriously in terms of their own importance, relevance and celebrity in a small and very internal looking industry. That effort and model overall needs to be flipped on it’s backside with information flowing out to broader society instead of an eternal mutual self-congratulatory environment. Those guys who are flowing that information out have my respect. Ah, flame on. :)

Have a good Easter break to all of you that celebrate it and make sure you watch Life of Brian at some stage over the weekend since it’s that time of the year.

Comments (1)
Posted in: Dumb Security, Too cool, WTF


Random Things – Busy Few Weeks
March 20, 2009

- Just got back from New Zealand. As always, great to get over there but wish I had more time. NZ has to be the pound for pound world leader in researchers and research. So many good guys there! And there’s also Kiwicon.

- Pat’s kicked off a new site at Risky.Biz. Some really cool stuff now and a heap of new things coming up. Good luck with it all Pat!

- Been following the SPSP/PCI SSC latest here at Mike’s site.

- New jobs posted at Beast Hot Jobs. Still working to get this going. Yeah, I know, wrong time but hopefully we’ll get there. Check it out.

- Internet Filtering/Censorship in Australia: Trying not to post too much on this because I keep hoping it will just die, but everytime I start to think it is going away, it comes back. Example here. Things in NZ are not much better, potentially worse. All really scary stuff.

- I wonder what I could have seen if I plugged my laptop into the cable poking out at Sydney Airport where another parking payment machine should have been. Nah…probably not much.  :)

Comments (0)
Posted in: Dumb Security, Internet Filtering, PCI, PCI DSS, Risk Management, Too cool, Vulnerability Management, WTF, Web Application Security, news


Miracle at Securus Global
March 11, 2009

Declan had a clean t-shirt in the morning but by 10am, the imagine of Fatemah had appeared on it. Freaky! (Top right)

Related to this? Hmmm….
Please no pilgrims to the Securus Global offices until we get this looked at by qualified experts, (eBay).

Comments (7)
Posted in: Ford Falcon, Too cool, WTF, news


Random thoughts….Is it just me?
March 10, 2009

- Centralised password management tool here. Vuln free delusions – be fun to “test” this one. Consolidated risk. Nice!

- Data Breach Disclosure update in the US here. Fundamentals still missing to make this a fair and workable law for all. Wrote about this in Risk Management Magazine pp 14-15 in the September 2008 Edition. (May have to sign-in now to read it).

- My costs to maintain PCI QSA status to top 30K in 2009. Add another 20 odd K if we decide to become an ASV also again. PCI SSC doesn’t really care about my thoughts on why some of the costs are just money making grabs on their part. Danger for all is that if only the Big guys eventually are the only ones who can afford this, the level of QSA expertise and subsequent advice/service to merchants, service providers and the industry as a whole is going to become weaker so who wins? Do I battle these guys again or just suck it? No appetite at present for another battle with them. Read on:

(more…)

Comments (0)
Posted in: Bad Stuff, Disclosure Laws, Dumb Security, Ford Falcon, PCI, PCI DSS, Research, Risk Management, Too cool, Vulnerability Management, WTF, Web Application Security, cyber crime, news


« Newer PostsOlder Posts »