Stories by Stilgherrian

2014, the year that infosec gets political

By Stilgherrian | 06 January, 2014 10:19

2013 has certainly been a watershed year for information security. But to understand how things might subsequently unfold in 2014, it's worth remembering that each and every revelation of 2013 will be processed and acted upon by humans. Humans with their unchanging human nature, and organisations created by us humans, with their similarly unchanging nature.

Turn your security inside out for added agility, says Oracle

By Stilgherrian | 20 December, 2013 11:30

"What we see is organisations fundamentally failing in their security because what they're trying to do is to hold the wall, and the wall doesn't exist any more. We've moved stuff out into the cloud, we've moved stuff out into tablets and put it out into the wide world, but the wall doesn't exist," says John Vine Hall, Oracle's security solutions director for Australia and New Zealand.

To prevent phishing, punch your employees in the face

By Stilgherrian | 01 November, 2013 10:05 | 2 Comments

"How do you teach a person to duck a punch? You punch them in the face until they get it," said freelance information security consultant Dan Tentler, who designed Twitter's internal anti-phishing training program, at last week's Breakpoint security conference in Melbourne.

Upping the pace to face the infosec 'Cold War'

By Stilgherrian | 30 September, 2013 16:02

"We, as far as I'm concerned, are in an arms race. It's the same old thing as the good old days of the Cold War," says Dick Bussiere, principal architect for Tenable Network Security in the Asia Pacific region. "The Russians would come up with something, the Americans would come up with a countermeasure, the Russians would come up with something else, and it never ends. I think we're kind of in a situation like that."

Gartner's vision of infosec 2019: four scenarios, all bad

By Stilgherrian | 28 August, 2013 13:38

Will it be the total surveillance society and internet licenses? A breakdown of authority, with e-militias fighting extreme anarcho-hactivists? Or one of the other two?

The 10 Commandments of Data Sovereignty

By Stilgherrian | 03 July, 2013 16:11 | 1 Comment

An overview of the key issues discussed in the UNSW whitepaper, Data Sovereignty and the Cloud: A Board and Executive Officer's Guide.

UNSW helps close cloud computing's can of (legal) worms

By Stilgherrian | 03 July, 2013 16:07

How does your organisation cope when your data has left the building — or the country? Data sovereignty can be a vital legal issue, because data becomes subject to the laws of the country it's stored in — and that changes the risk profile.

Schneier joins EFF board in wake of NSA scandal

By Stilgherrian | 28 June, 2013 16:25

Renown cryptologist and security specialist Bruce Schneier has joined the board of the Electronic Frontier Foundation (EFF), one of the United States' longest-running and most influential digital rights and civil liberties lobby groups. It's a move that will boost the EFF's intellectual heft in policy debates about online surveillance and privacy issues, as well as their influence in Washington.

Australia's Privacy Commissioner gets serious about infosec

By Stilgherrian | 30 April, 2013 15:28

According to Australia's Privacy Commissioner, Timothy Pilgrim, every single one of the high-profile investigations he completed in 2011–12 involved data security issues and information security is now the major issue affecting consumer privacy.

Verizon DBIR confirms we're rubbish, so let's do something about it

By Stilgherrian | 23 April, 2013 15:02

Verizon's latest Data Breach Investigation Report (DBIR) provides its usual comprehensive and witty overview of our infosec war against the bad guys. But we already know its core messages, or should do: we're rubbish at defending ourselves, we're not really getting any better, and we're concentrating on the wrong things.

Trend Micro's new paradigm: old (but good) advice in a new bottle

By Stilgherrian | 01 April, 2013 08:26

Information security vendors are telling customers to think in a new way. At the core of their advice is the idea — the admission, if you like — that no matter how good the defences they sell, sooner or later the bad guys will get through.

Microsoft's Melbourne tests confirm: counterfeit software a security risk

By Stilgherrian | 27 March, 2013 15:45 | 1 Comment

A test of counterfeit Microsoft Windows and Office installers bought from local markets in Melbourne, Australia, seems to confirm the results of recent IDC research: dodgy software is generally either rubbish or a security risk.

Vulnerability mythbuster: Windows, Flash good; Apple, Linux bad

By Stilgherrian | 26 February, 2013 01:10 | 4 Comments

Have we beaten the hackers, at least on one front? The number of discovered and reported software vulnerabilities increased rapidly from 1988 to 2005, peaked in 2006, then started dropping. But they rose again in 2012. A glitch in a real decline? Or a turn for the worse?

Chinese attacks show up useless infosec, again

By Stilgherrian | 04 February, 2013 14:14

Recent attacks on US newspapers are further proof that, despite making billions, the information security industry is pretty much screwed.

Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all

By Stilgherrian | 11 January, 2013 09:00 | 1 Comment

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Get Powerful Protection for All of Your Mobile Devices

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.