Prime Target is criticised for its implausible premise regarding the NSA and mathematicians, while ignoring the real threat posed by quantum computing. read more

I’m now a GIAC Certified Forensic Examiner (GCFE). Honest! I’ve got a certificate and everything. It even came framed: According to the blurb: The GCFE certifies that candidates have the knowledge, skills, and ability to conduct typical incident investigations including e-Discovery, forensic … read more

Something is seriously wrong with my brain this week. Two incidents give cause for concern that I may have Frank Spencer syndrome: Incident 1 - over the weekend Rach asked me to have a look at the car because it wouldn't start. I got in it, turned the key and I got absolutely nothing from the … read more

This week, the massive online job site Monster.com released a security notice that their database had been hacked, potentially releasing the personal details of millions of registered users. This isn't the first time this has happened, and I'm sure it won't be the last.Leave aside the fact that … read more

I'm very busy on the work front at the moment, both in my day job and with the internet business. In my day job I'm involved in a major, very complex, government PKI project. PKI stands for Public Key Infrastructure and is basically a set of systems that can be used for issuing and signing digital … read more

The UK Cabinet Office has now made public information from the previously classified UK National Risk Register. This is available at [www.cabinetoffice.gov.uk/reports/n...](http://www.cabinetoffice.gov.uk/reports/national_risk_register.aspx.) This seems to backup what many scientists have been … read more

I'm currently sat in the departure lounge at Canberra airport with a 3 hour wait for my flight. Luckily I'm sat at a table that's near a bar, and also has a power socket I can use, so the combination of my laptop and Crown Lager should see me through. It feels weird travelling home on a Saturday … read more

This week I've made my first visit to our nation's capital - Canberra - for a 6-day course in Hacker Techniques, Exploits and Incident Handling. Canberra is a strange little city. It seems to me to be a cross-between Washington and Milton Keynes, in that it's clearly a Government town; the Federal … read more

This week I've been in Sydney on a training course to become a Qualified Security Assessor (QSA) for the Payment Cards Industry Data Security Standard (PCI-DSS). The PCI-DSS is a standard jointly devised by VISA, Mastercard, American Express, JCB and Discover that details the security controls that … read more

On Wednesday I attended AusCERT 2008. AusCERT is an annual conference for the IT Security industry organised by the Australian Computer Emergency Response Team. Held at the plush surroundings of the Crown Plaza Royal Pines Resort on the Gold Coast, the event is a chance for vendors such as Check … read more

It comes as no surprise to me that we're seeing a lot of news reports lately regarding lost or stolen government laptops and removable media containing personal information. In the last week alone we've seen records of 600,00 people have been lost by the Royal Navy, as well as the loss of 4000 … read more

Today was my first day in a new job - what will hopefully be my last working for someone else. The role and work I've been given is much more like what I'm familiar with - security compliance. The first project I've been given is to help a client - a subsidiary of a well-known Japanese car … read more

Lauren visited The Gabba today while some of us had to work. The Gabba is Brisbane's cricket ground and home to the Brisbane Lions AFL (Aussie Rules) team. We're into the school Winter Holidays now and as we're both working we've had to put Lauren into Vacation Care with her school. It costs money … read more

Here's an example of the kind of battle I have on a daily basis trying to get people into a security mindset: Me to Relationship Manager (RM): Can you please ask the client to complete the attached Business Impact Analysis (BIA) template so we can understand how valuable their data is in order to … read more

I really like the new Filehippo Update Checker. It scans your installed applications and checks to see if you have the latest versions installed. This is important because it's not just your operating system that can contain security vulnerabilities that need patching - applications need patching … read more

The security breach at TJX, owners of TK Maxx, which has led to the disclosure of 45 million customer's credit and debit card information comes as no surprise to us in the IT Security community. Unlike banks, insurance companies and they're like who are regulated by the Financial Services Authority … read more

It may have the feel of monopoly money but apparently the security features built into the new £20 note are quite good. Here's a handy guide for checking for forgeries: http://news.bbc.co.uk/1/hi/business/6444003.stm#graphic read more