* Posts by Jonbays

10 posts • joined 27 Nov 2012

Patch-crazy Aust Govt fought off EVERY hacker since 2013

Jonbays

Have to agree Coward and of course we don't have any mandatory breach disclosure laws so if you did have a breach you don't need to worry about it anyway as long as its not your own financial account data why would you worry!

1
0

ONE in A HUNDRED reported bugs exploited, says Cisco

Jonbays

This is a bit misleading so how many breaches are caused by exploits of unpatched known vulnerabilities? It cuts both ways. Patching is the simplest and most effective way of mitigating being breached or compromised and it can be easily automated and managed for a majority of systems for lower cost than anti virus which isn't working anyway. Don't believe me than ask the Australian Signals Directorate. Their 'Top 4 Mitigation Strategies' which are:

1.Application Whitelisting;

2.Patch Applications;

3.Patch Operating System;

4.Minimise Administrative Privileges.

0
0

Possible Lizard Squad members claim hack of Oz travel insurer

Jonbays

Mandatory Breach Reporting Laws need enacting in Australia

Data Breach's like this where nothing is done to assist or help the victims really do go to show you can't trust business to protect its customers data and government need to step in with simple clear legislation requiring prompt disclosure to allow people to take protective action and or $M fines for multiple breach's or late or no disclosure. This will force organisations to essentially do the right thing for their own financial benefit as they clearly won't do it to protect their customers.

4
0

CloudFlare ditches private SSL keys for better security

Jonbays

CF are really only trying to avoid any legal liability in having to manage and secure keys which is not beyond them just costs money they don't want to spend. Few clients will be helped by this move to "secure" them form NSA prying which for most people is the least of your worries.

0
0

SHOCK HORROR: Oz's biggest govt agencies to miss infosec deadline

Jonbays

Application control works and no it's not hard to decide what apps you want who to run on what. Many groups are very easy to whitelist like standard desktops domain controllers and web servers and database servers with a few exceptions and the exception shouldn't make the rule. Patching whitelisted apps though gets harder and patch management itself while easy is fraught with conflicting goals and timelines from app managers ops and sec-ops people. Still plenty of good sw to automate the Top 4 and make it achievable at a cost of course.

0
0
Jonbays

Re: Just who is surprised by this?

You really have worked in Government IT haven't you and for as long as me by the sound of your very healthy cynisim!

0
0

CERT Oz report: 76 orgs popped in targeted attacks

Jonbays

Whitelisting is the answer and NO it's not too hard just takes a disciplined approach and good whitelisting software with multiple ways of managing the exceptions that are allowing too many organisations to get away without implementing it.

0
0

Self-proclaimed LulzSec leader to be tried in July

Jonbays

AFP should be embarrassed about bothering to proceed with this. Even Content must be having a chuckle over how far this was blown out of proportion. No prime time telly interviews for the commissioner at the sentencing I will bet.

0
0

Gameover ZeuS adds nasty trick

Jonbays

With all these techniques becoming more common a more strict default deny policy with approved apps only being allowed through next gen firewalls like Palo Alto Networks may be the only way to cope with this as users WILL open zip attachments.

0
0

Defence Signals Directorate offers BYOD advice

Jonbays
Thumb Down

The private advice site is too well secured with a 1024 bit cert with errors!

1
0

Forums