2013 has certainly been a watershed year for information security. But to understand how things might subsequently unfold in 2014, it's worth remembering that each and every revelation of 2013 will be processed and acted upon by humans. Humans with their unchanging human nature, and organisations created by us humans, with their similarly unchanging nature.
Stilgherrian |
06 Jan |
Read more
"What we see is organisations fundamentally failing in their security because what they're trying to do is to hold the wall, and the wall doesn't exist any more. We've moved stuff out into the cloud, we've moved stuff out into tablets and put it out into the wide world, but the wall doesn't exist," says John Vine Hall, Oracle's security solutions director for Australia and New Zealand.
Stilgherrian |
20 Dec |
Read more
"How do you teach a person to duck a punch? You punch them in the face until they get it," said freelance information security consultant Dan Tentler, who designed Twitter's internal anti-phishing training program, at last week's Breakpoint security conference in Melbourne.
Stilgherrian |
01 Nov |
Read more
"We, as far as I'm concerned, are in an arms race. It's the same old thing as the good old days of the Cold War," says Dick Bussiere, principal architect for Tenable Network Security in the Asia Pacific region. "The Russians would come up with something, the Americans would come up with a countermeasure, the Russians would come up with something else, and it never ends. I think we're kind of in a situation like that."
Stilgherrian |
30 Sep |
Read more
Will it be the total surveillance society and internet licenses? A breakdown of authority, with e-militias fighting extreme anarcho-hactivists? Or one of the other two?
Stilgherrian |
28 Aug |
Read more
An overview of the key issues discussed in the UNSW whitepaper, Data Sovereignty and the Cloud: A Board and Executive Officer's Guide.
Stilgherrian |
03 Jul |
Read more
How does your organisation cope when your data has left the building — or the country? Data sovereignty can be a vital legal issue, because data becomes subject to the laws of the country it's stored in — and that changes the risk profile.
Stilgherrian |
03 Jul |
Read more
Renown cryptologist and security specialist Bruce Schneier has joined the board of the Electronic Frontier Foundation (EFF), one of the United States' longest-running and most influential digital rights and civil liberties lobby groups. It's a move that will boost the EFF's intellectual heft in policy debates about online surveillance and privacy issues, as well as their influence in Washington.
Stilgherrian |
28 Jun |
Read more
According to Australia's Privacy Commissioner, Timothy Pilgrim, every single one of the high-profile investigations he completed in 2011–12 involved data security issues and information security is now the major issue affecting consumer privacy.
Stilgherrian |
30 Apr |
Read more
Verizon's latest Data Breach Investigation Report (DBIR) provides its usual comprehensive and witty overview of our infosec war against the bad guys. But we already know its core messages, or should do: we're rubbish at defending ourselves, we're not really getting any better, and we're concentrating on the wrong things.
Stilgherrian |
23 Apr |
Read more
Information security vendors are telling customers to think in a new way. At the core of their advice is the idea — the admission, if you like — that no matter how good the defences they sell, sooner or later the bad guys will get through.
Stilgherrian |
01 Apr |
Read more
A test of counterfeit Microsoft Windows and Office installers bought from local markets in Melbourne, Australia, seems to confirm the results of recent IDC research: dodgy software is generally either rubbish or a security risk.
Stilgherrian |
27 Mar |
Read more
Have we beaten the hackers, at least on one front? The number of discovered and reported software vulnerabilities increased rapidly from 1988 to 2005, peaked in 2006, then started dropping. But they rose again in 2012. A glitch in a real decline? Or a turn for the worse?
Stilgherrian |
26 Feb |
Read more
Recent attacks on US newspapers are further proof that, despite making billions, the information security industry is pretty much screwed.
Stilgherrian |
04 Feb |
Read more
The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is impossible -- unless both developers and business managers seriously lift their game.
Stilgherrian |
11 Jan |
Read more