News and Opinion

Patrick Gray's picture

Risky Business judged Australia's best technology audio program

Awww shucks...
April 23, 2012 -- 

Risky Business has scooped another Lizzie award for excellence in IT media at this year's Mediaconnect IT Journalism Awards.

The podcast edged out competition from other IT publishers and the ABC to take the award for Best Technology Audio Program for the third year running.

Big thanks go out to all the listeners who make Risky Business a viable media outlet, the guests who take the time to appear on the show and to the sponsors who keep a roof over my head.

Patrick Gray's picture

So long, CabinCr3w, and thanks for the mammarys

For criminal masterminds, these guys are thick as...
April 12, 2012 -- 

Melbourne's Age newspaper is carrying a delicious little item today.

The long arm of the law has caught up with the alleged ringleader of the CabinCr3w hacking group. Over the last few months CabinCr3w have pwned a bunch of law enforcement websites, even doxing a bunch of officers.

Pretty ballsy stuff, right? You'd think if you're starting a war with law enforcement you'd have your opsec shit in order, yeah?

Well, apparently not!

Patrick Gray's picture

Apple struggles to contain Flashback

Starters pistol fired on Mac malware...
April 11, 2012 -- 

I think it's safe to say that the Flashback malware is the first "big one" affecting Apple users.

Reports say up to 600k boxes have been hosed, and if recent statements out of Cupertino are any indication, Apple staffers are running around like the proverbial headless chickens trying to contain this outbreak.

It seems the Apple security team has taken a leaf out of Microsoft's book -- they're targeting Flashback's C&C servers and will issue a removal tool through its software update service.

Patrick Gray's picture

CREST launches in Australia

Pentester certification scheme to launch with government support...
March 9, 2012 -- 

The Australian government has announced the establishment of the Council of Registered Ethical Security Testers, or CREST.

CREST is a pretty big deal in the UK. Over there it's an extremely serious series of tests that can give hiring organisations a semi-reliable indication that a tester knows what they're doing. If you don't have your CREST certification, there's work you simply can't do.

But who knows what it'll morph into here -- the jury isn't just out, it hasn't even been empanelled yet. Government involvement isn't usually a good start.

Patrick Gray's picture

Wikileaks Stratfor email dump could be FBI sting

Wikileaks obtained Stratfor e-mail from group infiltrated by FBI...
March 7, 2012 -- 

Global law enforcement swooped overnight, arresting a handful of online miscreants who, between them, have generated more headlines than the rest of the online underground put together.

That's right, LulzSec has been comprehensively pwnt. Some were arrested yesterday in raids, others, arrested some time ago, had their indictments unsealed by the courts.

Patrick Gray's picture

Symantec light on AV compromise specifics

Some odd answers forthcoming...
February 9, 2012 -- 

Symantec claims customers using its endpoint protection and antivirus products are not at risk following revelations the company's AV source code was stolen in 2006.

But when it comes to providing specifics, Symantec is guarded.

Following yesterday's blog post, Symantec has claimed recycled source code from its corporate antivirus product of 2006 makes up only 5% of current endpoint protection software.

But it won't say which 5%.

Patrick Gray's picture

UPDATED: Symantec's spin department at work?

Source disclosure has Symantec in damage control mode...
February 8, 2012 -- 

UPDATED WITH COMMENT FROM SYMANTEC BELOW

So it's happened -- a significant chunk of Symantec's source code has been made available online as a torrent.

This followed the release of a pretty loltastic Pastebin dump which purports to show e-mail negotiations between a Symantec staffer and the hackers who obtained the source.

Patrick Gray's picture

Verisign pwnz0red: Reuters report

Verisign successfully attacked in 2010: Report
February 3, 2012 -- 

An interesting news piece hit the wires overnight describing the 2010 breach of a handful of Verisign's corporate systems.

The story was broken by the Reuters news agency and is peppered with sensational quotes like a former NSA and DHS guy saying "ZOMG this will end the interwebz" despite the fact the guy knows about as much as we do about the breach. You can read the whole thing here.

Patrick Gray's picture

Oops! McAfee discloses 1k customer e-mails

D'oh! Next time use the BCC field!
November 30, 2011 -- 

McAfee Australia leaked 971 customer e-mail addresses in a botched e-mail marketing campaign last week.

The addresses of the recipients were placed in the visible TO field instead of the BCC field.

It's an all-too-common mistake, made especially embarrassing for McAfee because it's not the first time in recent memory something like this has happened.

Patrick Gray's picture

RSA attackers pwnz0r Australians

760 other companies hit in RSA attacks....
October 26, 2011 -- 

Infosec reporter Brian Krebs published a splendid post a couple of days ago that apparently unmasks 760 victims of the same group that owned RSA.

I've had a look through the list and pulled out all the Australian organisations I could find. From the looks of things this list was compiled by observing computers connecting back to evil C&C in China. That would explain why there are so many ISPs listed -- it's likely it wasn't the ISPs that got pwnz0riz3d, it was their customers.

Syndicate content