An open letter to Roxon from CSO Australia's Jarrod Loidl.

For as long as I can remember there has been a vicious debate about the speed of deploying security patches and tempering it with patience enough to test them. This mantra was born from a number of historical reasons.

The security industry seems to be broadly polarised by the Attorney-General's recent announcement of the formation of CREST Australia (Council of Registered Ethical Security Testers).

2011 was an interesting year for information security. Institutions began to make much greater use of the Internet as a mechanism for obtaining and sharing information, including conducting operations against their enemies. Today, we are escalating towards a far darker cold cyber war era, 2012 is going to have a dark side.

In a previous article I introduced the three top causes of security breaches in 2011: SQL Injection, Weak Passwords and Social Engineering Attacks.

Software development is not easy. In fact, I don’t think I’ve ever really seen a job with more conflicting priorities.

It's been an interesting year for those following information security news. We started the year with the Vodafone breach, one of the largest privacy breaches ever experienced within Australia.

Recently I was assigned to an engagement with one of the Principal Consultants. This consultant has a tremendous amount of experience and someone for whom I have great respect.

Every year sees an increase in usage of the Internet. Broadband penetration rises. More websites are created. Business grows by sharing information with their partners. This desire to reach the masses and provide goods and service cheaper and faster than their competitors often means trade-offs are made. These trade-offs typically involve trading accessibility for security.

While the recent attack against RSA has caused many to question the RSA two factor solution, most people have ignored the more practical and more likely threats facing two factor authentication today.