This first of 3 part series discusses the development of the Stuxnet malware, the legal and ethical issues. This thought provoking article raises questions into cyber terrorism and weather this is for offensive or defensive purposes.
Nick Morgan | 10 May | Read more
It seems like every other website we visit today presents us with a “login with a social network” button. We are sometimes presented with a choice, usually between Facebook, Twitter or LinkedIn. But the most common social network encountered is Facebook and the most common scenario where we are offered this option is when we attempt to use a technology-focused service online. This is starting to change and we will start to notice it in a matter of months.
In October of 2012, Kaspersky Labs discovered what could be the most powerful and complex computer virus to date. They are calling it Red October, after the submarine featured in the Tom Clancy novel and movie of the same name, because of the way that it has been lurking around for the past five years gathering top secret intelligence from countries all over the world.
Charles Trentham | 02 May | Read more
Cyber security threats are on the rise. As a result, there is a focus on systems managing the critical infrastructure that everyone depends upon. Critical infrastructure is loosely defined as assets essential for the economy and overall society to function.
Wayne Chung | 01 May | Read more
Cyber security is the double edged sword of modern business. Because the Internet is an evolving technology that carries enormous potential and vulnerability, cyber security embraces questions of internet freedom, network architecture and the economic potential of cyberspace
Gordon Makryllos | 09 Apr | Read more
I recently attended a conference in Sydney featuring many of Australia’s top corporate and governmental cybersecurity officers. One common message was repeated by almost all of the speakers and I think it represents the emergence of a different and very important tone in the increasingly difficult and protracted cyberwar we all face.
Phil Vasic | 25 Mar | Read more
Information Security, IT Security, Technology Security, IT Risk and Security and IT Risk Services are all names that organisations use to define a functional unit within their enterprise that is responsible for the security, integrity and operational assurance of their information assets and operating environment.
Puneet Kukreja | 15 Mar | Read more
A curious thing is taking place in the world of technology. Over the past ten years the landscape of electronics and what we believed to be possible/impossible has drastically changed. We can purchase movie tickets via our smartphones while drinking our skinny lattes at a neighboring coffee shop. We can purchase that coffee through a credit system that the barista scans via our mobile devices. That same coffee can then be entered into our calorie counters through the same device where a warning may or may not be displayed telling us that we are dangerously close to our allotted calories for the day.
Charles Trentham | 06 Mar | Read more
The NSW Government Digital Information Security Policy (version 1.0, dated November 2012) requires that all NSW Government Departments, Statutory Bodies and Shared Service Providers must have an Information Security Management System (ISMS) based on a comprehensive assessment of the risk to digital information and digital information systems.
Mark Jones and Russell Clarke | 26 Feb | Read more
There’s been bit of coverage in the technology press about Google’s “Indexing” of tens of thousands of publicly available printers connected directly to the Internet.
Darren Arnott | 06 Feb | Read more
Despite our desire for simplicity, IT continues to become more complex. Decentralised applications or client-server models have become the norm. Smartphones and tablets are pushing mobile computing into a new era and changing user behaviour. Cloud has significantly altered the way we provide IT solutions and how we meet business needs with technical solutions.
Gordon Makryllos | 30 Jan | Read more
The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.
Stilgherrian | 11 Jan | Read more
Over the last 2-3 years cloud computing has promised, and in many instances delivered, a lower total cost of ownership. This has helped organisations return the focus of operation to their core activities—reducing the effort spent on managing IT infrastructure and applications.
Puneet Kukreja | 19 Dec | Read more
You've embraced SSL/TLS because, well that's what your security folks told you to do right? So the sensitive parts of your website are now protected with SSL. You might even be using client certificates to authenticate connecting parties. Sounds great, but now you have new threats to defend against - the Distributed Denial of Service (DDoS) and application layer attacks over SSL.
John Ellis | 05 Dec | Read more
In my last CSO blog I posted about the Australian Federal Governments recent proposal that requires Internet Service Providers to retain their customers’ activity logs for a period of two years.
Cyber security remains one of the most dynamic fields within the technology industry. Because of the financial and political impact of cybercrime, attackers are continuously looking to innovate and outsmart security vendors and consulting companies. As a result, the IT community is perpetually engaged in a contest of strategy to combat new cyber threats. These are some of the top security threats we can expect to see developing over the next year, including top tips to combat these dangers.
Gordon Makryllos | 05 Dec | Read more
New threat research released by Trend Micro gives empirical evidence that an aggressive breed of phishing attacks is well underway.
Mainstream Australian media sites now regularly mention hacking incidents carried out by the hacktivist group 'Anonymous'. The group recently defaced several prominent Australian websites, and has now also claimed to have stolen user credentials and contact information from Pizza Hut Australia.
The malware BKDR_ADDNEW, better known as 'DaRK DDoSseR' in the underground, is a tool that provides distributed denial of service (DDOS) capability combined with password stealing functionality. The tool costs $30 and has been available for several years.
Nart Villeneuve (Senior Threat Researcher) | 13 Nov | Read more
Insider threats — for example, data theft, intellectual property loss, privacy breaches and financial fraud — can be the most challenging IT risks for an organisation to address because they may or may not be happening. But if an insider threat occurs, it could no doubt hurt financially and/or publically. So how do you implement early detection to discover and expose these threats?
Stuart Meyers | 13 Nov | Read more