2013 has certainly been a watershed year for information security. But to understand how things might subsequently unfold in 2014, it's worth remembering that each and every revelation of 2013 will be processed and acted upon by humans. Humans with…

2014, the year that infosec gets political

"What we see is organisations fundamentally failing in their security because what they're trying to do is to hold the wall, and the wall doesn't exist any more. We've moved stuff out into the cloud, we've moved stuff out into tablets and put it out…

Turn your security inside out for added agility, says Oracle

 "How do you teach a person to duck a punch? You punch them in the face until they get it," said freelance information security consultant Dan Tentler, who designed Twitter's internal anti-phishing training program, at last week's…

To prevent phishing, punch your employees in the face

 2013 has become the year of cyber-espionage we were warned about. This online 'Cold War' demands a faster pace and a proper analytical basis, says Tenable Network Security"We, as far as I'm concerned, are in an arms race. It's the same…

Upping the pace to face the infosec 'Cold War'

Will it be the total surveillance society and internet licenses? A breakdown of authority, with e-militias fighting extreme anarcho-hactivists? Or one of the other two?Global research and advisory firms are meant to give you the big picture. That's…

Gartner's vision of infosec 2019: four scenarios, all bad

 The Cyberspace Law and Policy Centre at the University of New South Wales' Faculty of Law yesterday launched the whitepaper Data Sovereignty and the Cloud: A Board and Executive Officer's Guide, an easy-to-read document intended to help…

The 10 Commandments of Data Sovereignty

 How does your organisation cope when your data has left the building — or the country? Data sovereignty can be a vital legal issue, because data becomes subject to the laws of the country it's stored in — and that changes the risk…

UNSW helps close cloud computing's can of (legal) worms

 Renown cryptologist and security specialist Bruce Schneier has joined the board of the Electronic Frontier Foundation (EFF), one of the United States' longest-running and most influential digital rights and civil liberties lobby groups.…

Schneier joins EFF board in wake of NSA scandal

 According to Australia's Privacy Commissioner, Timothy Pilgrim, every single one of the high-profile investigations he completed in 2011–12 involved data security issues and information security is now the major issue affecting consumer…

Australia's Privacy Commissioner gets serious about infosec

Verizon's latest Data Breach Investigation Report (DBIR) provides its usual comprehensive and witty overview of our infosec war against the bad guys. But we already know its core messages, or should do: we're rubbish at defending ourselves, we're not…

Verizon DBIR confirms we're rubbish, so let's do something about it

Information security vendors are telling customers to think in a new way. At the core of their advice is the idea — the admission, if you like — that no matter how good the defences they sell, sooner or later the bad guys will get through.Trend…

Trend Micro's new paradigm: old (but good) advice in a new bottle

 A test of counterfeit Microsoft Windows and Office installers bought from local markets in Melbourne, Australia, seems to confirm the results of recent IDC research: dodgy software is generally either rubbish or a security…

Microsoft's Melbourne tests confirm: counterfeit software a security risk

Have we beaten the hackers, at least on one front? The number of discovered and reported software vulnerabilities increased rapidly from 1988 to 2005, peaked in 2006, then started dropping. But they rose again in 2012. A glitch in a real decline? Or…

Vulnerability mythbuster: Windows, Flash good; Apple, Linux bad

 Recent attacks on US newspapers are further proof that, despite making billions, the information security industry is pretty much screwed.My American colleague Antone Gonsalves has written up some&nbsp;lessons learned&nbsp;from the…

Chinese attacks show up useless infosec, again

 The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of three events in the last 72 hours that have convinced me that improvement in web application security is…

Nasty Ruby on Rails vulnerabilities highlight small websites' risk to us all

In a recent episode of a certain podcast, we discussed the idea that the new mobile platforms represent a once-in-a-generation opportunity to transform online security.
Whichever platform you pick -- iOS, Android or Windows Phone -- it's potentially…

Could 2013 be the year we finally sort out security?

 It was going to be the year of cyberwar, we were told on the eve of 2012. We've seen plenty of scary news stories since about dangerous nation-state actors, usually without naming them. But I reckon we've now got the focus wrong.That's…

2012: the Year of Cyberwar that wasn't

 A new cybercrime survey by Australian outfit Essential Research has begun to unravel the threads that vendors tend to tangle. Their initial results suggest things might not be nearly as bad as we're told.When it comes to inflated online…

Cyber crime wave: tsunami or ripple?

 The newly-updated Top 35 Mitigation Strategies from Australia's Defence Signals Directorate (DSD) has received high praise from Alan Paller, founder and director of research of the SANS Institute. It could even make Australia the…

High praise for Oz DSD's "Catch, Patch, Match"

 Australia's Defence Signals Directorate (DSD) has joined the increasing number of organisations promoting application whitelisting as a key security strategy with an updated version of its award-winning "Top 35 Mitigation…