Security Consortium Watch…..
March 9, 2010

I’m not going to go back over all the old posts to try to remember who all these mobs were, but is there a consortium still doing anything? eg; ICASI and SAFECode. etc etc…..

Some previous posts mentioning them: http://beastorbuddha.com/?s=consortium

Not much more to add that I haven’t already said in the link above and links within the posts.

Is there a Cloud one also? Sure there is. :)

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (1)
Posted in: Bad Stuff, Dumb Security, WTF


Advanced Persistent Threat…APT…WTF!?
February 28, 2010

I know it has taken me a while to catch up, but I relegated it low priority when I first heard of this “APT” business. Bad of me? Who made this stuff up? This is something you’d only make up for a laugh. But, all of the sudden, my industry is talking about it. FFS. Is this an American thing?
:) ….if I had to mention that to a client. “Stand back…..you have an APT!!!”…… “Thanks Draz…awesome we hired you to save us!”

I have nothing! If this makes Wikipedia, (which it may have by now (Ed: yeah, I know it’s there), I’d love to chat (Ed: modified to not scare people), with that genius  who invented the term, (for our industry).

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (15)
Posted in: Bad Stuff, Disclosure Laws, WTF


Symantec Customers Immune to Rising Security Threats! (Late Update: Maybe Not!)
February 23, 2010

Symantec Press Release 22 February, 2010: Symantec 2010 State of Enterprise Security Study……

(Time to pump out another piece of marketing to get people thinking about buying Symantec. Here’s the report if you are interested in wasting a few minutes).

Just reading this now…….wooo…..hang on……what I don’t see anywhere in this report is a proud statement that Symantec customers are the lucky few that are safe from malicious attacks that other businesses are facing.

Why is this not in there Symantec? Surely you should be beating your own drums given you so proudly told us all some time ago that your product(s), and I quote; will provide “…proactive protection against unknown and zero-day threats”. It’s the Symantec Guarantee!

As such, surely Symantec customers do not have the same concerns as those poor businesses you mention in your study. Let us know if this was just an error on your part, or Symantec just not wanting to show off here because, surely you would not use bullshit marketing in the past?! :)

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (20)
Posted in: Bad Stuff, Dumb Security, Too cool, Vulnerability Management, WTF, cyber crime


Big Best Congrats to iiNet……..
February 4, 2010

Made my day when I heard iiNet won their case against the Film Industry! Here reported by itnews. Awesome. Hoping some common sense will prevail and workable collaborative efforts can happen now. Well done iiNet.

Some of our previous posts on this topic…worth a read:
http://beastorbuddha.com/?s=iinet

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (0)
Posted in: Dumb Security, Internet Filtering, WTF


Internet Censorship – Taking the Power Back (REPOST)
January 30, 2010

This video was put together by Donal and Wade at the recent RSA Conference in San Francisco (April 2009).

Dan Kaminsky, Pete Lindstrom and Marcus Ranum put forward their thoughts on Australia’s plan to censor the Internet. Dan talks about many of the issues that Securus Global’s Matthew Strahan talked about in his interview with ban.this.url. Surprising that these concerns have barely rated a mention here. Marcus certainly adds some interesting analogies and angles to the whole debate.

Related Posts on Internet Filtering. Thanks to Donal and Wade for representing BorB at the Blogger Meetup at the conference.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (3)
Posted in: Bad Stuff, Dumb Security, Internet Filtering, WTF


Obama position on Internet Censorship

Thanks to Wade for this one (and @Wadeis on Twitter). A bit late on my part, but worth a read.

Obama position on; “…right to a free internet….and unshackled internet” – article from The AGE: White House steps into China-Google row.

I wonder how that marries up to Stephen Conroy’s position and thoughts? Yes, I know he’ll “sell” his “project” as a different beast but is it really? We know the implications. More here: http://beastorbuddha.com/category/internet-filtering/

Can you have shades of grey here and spin to suit the occasion/scenario? Keep the fire burning people.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (0)
Posted in: Bad Stuff, Dumb Security, Internet Filtering, WTF


China, Google, Marketing etc etc…..
January 25, 2010

Random thoughts: News?, OMG really?….nah!, Awesome marketing move Google!, Using the Net for spying…you naughty boys China…you’re the only ones and need to be punished :) , Hang on, he who controls the pipes…controls it all? It’s okay as long as it’s not someone other than us doing it!, yawn…..news?, Great marketing….I’m pulling out of China too! Write it up journos, I need more business!

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (1)
Posted in: Bad Stuff, Dumb Security, WTF, cyber crime


"The Great Australian Internet Blackout" Information

Run by Electronic Frontiers Australia (EFA), “The Great Australian Internet Blackout” is on.

Some background on this from our perspective can be found here. This is important.

We’ve been against this Government “initiative” from the outset. It is flawed on so many levels, so please, have a read and pass this information onto your colleagues, family and friends, if you haven’t already.

We need critical thinkers to push this information out into the broader community who may not understand the real issues outside of the Government spin on it. We need to wake up our fellow Australians!

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (1)
Posted in: Dumb Security, Internet Filtering, WTF


Looking at what makes good Application Security knowledge.
January 7, 2010

It’s always interesting reading about larger scale fraud like this one recently with the Bank of Queensland. You wonder in cases like this, had the accused pulled the pin earlier, would he ever have gotten caught? You wonder how many do get away with it – stopping before obvious alarm bells start to ring?

There’s no generic solution/strategy for fraud detection to critique, as each organisation addresses it’s own internal security and risk management practices differently, but there is a scary pattern of misguided thought in regards to securing systems and actually defending against, and detecting fraud. It’s “security” by definition but are many blinkered in regards to what the full definition of “security” encompasses? I think so.

Many in the security industry are focussed to the point of obsession on only vulnerabilities and technical attack vectors (new attack type X, new attack type Y – all generally old stuff just re-invented in different ways but promoted as new big things by many in the industry). It’s such a narrow focused view that stops at the technical exploit. That’s not where the role of a security professional should stop. Read on:

(more…)

Comments (6)
Posted in: Applications, Bad Developers, Bad Stuff, Dumb Security, Forensics, IDS, IPS, Risk Management, Vulnerability Management, WTF, Web Application Security, cyber crime, governance


Only 2 minutes a day to a secure business – Trust Me!
January 2, 2010

It amazes me that just as I think there’s no more new Ab Blaster type machines that could possibly be created, a new one pops up on one those infomercials. They get stupider and stupider looking with each generation, but given those infomercials aren’t cheap, they must sell a bomb.

Who buys these things I think to myself? The obvious answer is those people who don’t know any better, know nothing about exercise and fitness, and who actually believe these things will give them; easily, in quick time and with minimal effort on their part, the same abs as the athletes who promote the devices, (who most likely have never used these machines).

Here’s the big tip: Commitment to getting there, combined with a strict diet and exercise routine will get you those washboard abs. The new whiz bang device on it’s own won’t. It won’t even play a large percentage in getting you there. I’ll guarantee that one!

No Rocket Science degree required to get the analogy here. :)

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Comments (12)
Posted in: Bad Stuff, Dumb Security, WTF


« Newer PostsOlder Posts »