According to Australia's Privacy Commissioner, Timothy Pilgrim, every single one of the high-profile investigations he completed in 2011–12 involved data security issues and information security is now the major issue affecting consumer privacy.

Verizon's latest Data Breach Investigation Report (DBIR) provides its usual comprehensive and witty overview of our infosec war against the bad guys. But we already know its core messages, or should do: we're rubbish at defending ourselves, we're not really getting any better, and we're concentrating on the wrong things.

Information security vendors are telling customers to think in a new way. At the core of their advice is the idea — the admission, if you like — that no matter how good the defences they sell, sooner or later the bad guys will get through.

A test of counterfeit Microsoft Windows and Office installers bought from local markets in Melbourne, Australia, seems to confirm the results of recent IDC research: dodgy software is generally either rubbish or a security risk.

Have we beaten the hackers, at least on one front? The number of discovered and reported software vulnerabilities increased rapidly from 1988 to 2005, peaked in 2006, then started dropping. But they rose again in 2012. A glitch in a real decline? Or a turn for the worse?

Recent attacks on US newspapers are further proof that, despite making billions, the information security industry is pretty much screwed.

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.

In a recent episode of a certain podcast, we discussed the idea that the new mobile platforms represent a once-in-a-generation opportunity to transform online security.

It was going to be the year of cyberwar, we were told on the eve of 2012. We've seen plenty of scary news stories since about dangerous nation-state actors, usually without naming them. But I reckon we've now got the focus wrong.

A new cybercrime survey by Australian outfit Essential Research has begun to unravel the threads that vendors tend to tangle. Their initial results suggest things might not be nearly as bad as we're told.

The newly-updated Top 35 Mitigation Strategies from Australia's Defence Signals Directorate (DSD) has received high praise from Alan Paller, founder and director of research of the SANS Institute. It could even make Australia the world's infosec leader.

Australia's Defence Signals Directorate (DSD) has joined the increasing number of organisations promoting application whitelisting as a key security strategy with an updated version of its award-winning "Top 35 Mitigation Strategies".

The wave of ransomware masquerading as law enforcement operations has reached Australia. Instances of an Australian Federal Police (AFP) branded scam have been reported attacking PCs this week. A more serious scam has been attacking business servers.

Symantec's so-what launch of a minor facilities upgrade in Sydney illustrates a key problem facing all information security vendors. How do you convince the pointy-haired bosses to go for your company's tender when it's almost impossible to reveal any meaningful comparisons with the competitors?

VMware pitches virtualisation as the answer to BYOD security. Running a work-related virtual smartphone inside an employee's physical host phone, as the company has previously deployed onto Android, brings security benefits.