AusCERT 2008: Complete coverage

All the highlights from AusCERT 2008, Australia's biggest security conference.

• Why you don't need a strong password for online banking

  

  Strong passwords are not necessary for online banking, explains Bill Cheswick from AT&T Labs.
  Watch the video»
  

• Ex-NSA scientist explains how encryption can go bad

  

  Without strict controls, even the strongest encryption can be compromised, explains Brian Snow, ex-chief scientist of America's code breaking agency, the NSA.
  Watch the video»
  

• Three passwords are enough

  

  Strong passwords do not necessarily provide better security so why do we persist creating ones that are hard to guess -- and hard to remember -- when a computer can crack them in seconds, asks Bill Cheswick, distributing computing and communications researcher for AT&T Labs.
  Watch the video»
  

• Antivirus is not a 'first line of defence'

  

  Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart.
  Watch the video»
  

• Security expert begins doubting Vista's security

  

  Bill Cheswick from AT&T Labs used to be optimistic when it came to security and Windows Vista...
  Watch the video»
  

• AusCERT 2008: Behind the scenes

  

  ZDNet.com.au's Matt Oxley takes you behind the scenes at Australia's largest security conference. Find out why Microsoft's head of product security was afraid of being arrested, watch delegates swing at sheep on the driving range and discover who thinks security is like being chased by a bear — or is it a dog?
  Watch the video»
  

• Ditch your firewall and skinny dip on the internet

  

  Businesses should rethink perimeters, shed the firewall and allow people to "skinny dip" on the Internet, according to security and communications researcher, William Cheswick.
  Watch the video»
  

• Is whitelisting the new blacklisting?

  

  The IT security industry has come to a frank realisation that the current approach to preventing malware is simply not working. Is whitelisting, which is the reverse of our current approach, the answer?
  Watch the video»
  

• Charney: Measuring ROI should include culture

  

  Measuring investments in security should factor in costs and benefits affecting privacy, economics and culture, says the VP of Microsoft's Trustworthy Computing Group
  Watch the video»
  

• Patchlink turns into Lumension, touts whitelists

  

  Lumension Security, formerly called Patchlink, now has a new focus to go with its new name: whitelisting.
  Watch the video»
  

• Charney: App vendors are the weakest security link

  

  Microsoft now builds security into products such as Vista but attackers have shifted their focus to applications so software vendors are the weakest link, says the VP of Microsoft's Trustworthy Computing Group.
  Watch the video»
  

• Russian criminals prefer Australian banks

  

  Russian criminals prefer targeting Australian banks over their American or European counterparts, according to an expert on cybercrime in the Former Soviet Union.
  Watch the video»
  

• Vista UAC prompts unexpected, not intuitive: Microsoft

  

  Scott Charney, head of Microsoft's Trustworthy Computing division, admitted this week that Windows Vista's User Account Control (UAC) prompts are not intuitive and confuse users.
  Watch the video»
  

• Why Vista UAC can't stop malware: Microsoft

  

  User Account Control (UAC), the 'annoying' security feature in Windows Vista, will not stop malware from infecting PCs, according Roger Grimes, a member of Microsoft's software security team.
  Watch the video»
  

• AusCERT gala dinner in 39 seconds

  

  At this year's AusCERT conference, delegates enjoyed a gala dinner in the Royal Pines resort with entertainment from Tripod. Here is the whole evening in 39 seconds.
  Watch the video»
  

• Microsoft looks to hardware for protection

  

  Scott Charney, VP of the Trustworthy Computing Group, talks about some "fundamental engineering changes" that have to happen to properly secure software -- including binding Windows and other apps with PC hardware.
  Watch the video»
  

• It's not lovely code, it's an ugly monkey

  

  It is possible to develop secure code but only if vendors use a robust software development process and aren't afraid to call a monkey when they see a monkey, according to the retired chief scientist of the National Security Agency (NSA).
  Watch the video»
  

• Why security appliances can make you less secure

  

  Security appliances can introduce vulnerabilities into an organisation's network because they often include older operating systems and vendors rarely inform customers how to properly update them, according to Microsoft's Roger Grimes, who was speaking at the AusCERT 2008 conference.
  Watch the video»
  

• Beijing Olympics? Paranoia will protect your data

  If you're heading to the Beijing Olympics to cut deals, schmooze and booze, don't leave your laptop and mobile with your hosts for a second and watch your gadgets very, very carefully. Of course, it might cost you a deal because you're acting weird, but your data will be safe.
  Read the story»
  

• McAfee CEO: Adware is killing AV blacklisting

  

  Traditional security products — which employ signature-based blacklisting technology — are no longer effective because of a massive increase in malware, according to the CEO of McAfee, Dave De Walt.
  Read the story»
  

• Australia's most gullible: Top victims of cybercrime?

  

  Australians experience one of the highest levels of cybercrime in the world, according to a new survey — but are Aussies really such easy targets?
  Read the story»
  

• Bill Cheswick: Silly passwords, soft perimeters and Vista

  Strong passwords do not necessarily provide better security so why do we persist creating ones that are hard to guess -- and hard to remember -- when a computer can crack them in seconds, asks Bill Cheswick, distributing computing and communications researcher for AT&T Labs.
  Read the story»
  

• Cyberattack alert service helps Aussies Stay Smart

  The Federal government has launched a new security alert service for small business and home users, aimed at helping Australians protect themselves from cyberattack.
  Read the story»
  

• Banks are confusing consumers on PC security

  Banks obviously have an interest in making consumers feel safe. They are there to protect the customers' money. They want customers to use their online services, too, because the channel offers a lower cost per transaction than a branch. But giving away free security software to make customers feel safe is probably doing more harm than good.
  Read the story»
  

• Rootkit threatens Cisco routers

  

  Cisco and the security community are debating the reality of rootkits attacking the Cisco's Internetwork Operating System (IOS) after a researcher presented a proof of concept attack, which threatens Cisco routers and voice over IP phones.
  Read the story»
  

• Is whitelisting the new blacklisting?

  

  The IT security industry has come to a frank realisation that the current approach to preventing malware is simply not working. Is whitelisting, which is the reverse of our current approach, the answer?
  Read the story»
  

• Scott Charney: Microsoft's security chief reveals all

  

  Shortly after the 9/11 bombings, Microsoft hired Scott Charney, a federal prosecutor for the US justice Department, to head up its Trustworthy Computing division. At AusCERT 2008, ZDNet.com.au caught up with Charney to hear his thoughts on how those events changed the security landscape and what he thinks about the current state of IT security.
  Read the story»
  

• Artist formerly known as Patchlink touts whitelists

  Lumension Security, formerly called Patchlink, now has a new focus to go with its new name: whitelisting.
  Read the story»
  

• Should staff swim naked on the Internet?

  Businesses should rethink perimeters, shed the firewall and allow people to "skinny dip" on the Internet, according to security and communications researcher, William Cheswick.
  Read the story»
  

• You're not on the (white)list, you can't come in

  At this year's AusCERT conference, whitelists were a hot topic — but is anyone going to use them?
  Read the story»
  

• Microsoft admits Vista UAC prompts 'need work'

  Scott Charney, head of Microsoft's Trustworthy Computing division, admitted this week that Windows Vista's User Account Control (UAC) prompts are not intuitive and confuse users.
  Read the story»
  

• Russian criminals prefer Australian banks

  Russian criminals prefer targeting Australian banks over their American or European counterparts, according to an expert on cybercrime in the Former Soviet Union.
  Read the story»
  

• Web banking: It's time to write down your password

  

  Banks should stop forcing customers to create long, alphanumeric passwords because they can't protect against today's threats, according to AT&T computing researcher William Cheswick
  Read the story»
  

• Russian bride scam turns romantics into money mules

  

  Queensland police are warning of a rapidly growing type of fraud that uses Russian brides and dating Web sites to con victims into becoming money launderers and drug mules.
  Read the story»
  

• Australia crumbles under Cyber Storm attack

  

  The 55 Australian organisations that took part in Australia's cyberwar games, Cyber Storm II suffered "death by a thousand cuts", according to the head of Australia's Cyber Storm II effort.
  Read the story»
  

• Antivirus is 'completely wasted money': Cisco CSO

  

  Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart.
  Read the story»
  

• That isn't lovely code, it's an ugly monkey

  

  It is possible to develop secure code but only if vendors use a robust software development process and aren't afraid to call a monkey when they see a monkey, according to the retired chief scientist of the National Security Agency (NSA).
  Read the story»
  

• Cisco customers making themselves vulnerable

  

  Companies are refusing to update their router operating systems even though they contain known vulnerabilities, leaving their network full of security holes, according to Cisco's top security exec.
  Read the story»
  

• Photos: AusCERT 2008

  

  The AusCERT 2008 security conference takes place in the Gold Coast this week. If you couldn't make it, here's what you're missing.
  Read the story»
  

• Has Windows Vista's UAC feature failed Microsoft?

  

  Experts agree that Microsoft's Windows Vista is relatively well-protected but its security features — such as User Account Control (UAC) — have been highlighted by security experts as one reason why the operating system is far less popular than its predecessor, Windows XP.
  Read the story»
  

• Microsoft: Defence in depth is not enough

  

  Defence in depth is simply not enough to create a secure computing environment, according to Microsoft's vice president of its Trustworthy Computing group, Scott Charney.
  Read the story»
  

AusCERT 2007 coverage

• The AusCERT 2007 Conference: It's a wrap!

  

  If you didn't make it to AusCERT 2007, which is the largest security conference in Australia, then let ZDNet Australia's Matthew Oxley and Munir Kotadia give you a taste of what you missed.
  Watch the video»
  

• Do aliens and God affect your IT security budget?: Interview with Richard Thieme

  

  Cyber-criminals, God, the universe, mafia, aliens, Nazis and IBM -- these are just some of the subjects touched upon in a video interview I conducted with Richard Thieme at the AusCERT security conference in Queensland last month.
  Watch the video»
  

• Is desktop security broken beyond repair?

  

  At the AusCERT 2007 conference in Queensland last week, keynote speaker Ivan Krstić, who is the director of security architecture for the One Laptop Per Child (OLPC) project, told attendees that desktop security was fundamentally broken. We asked several security experts who attended the conference if they agreed and how the problem could be fixed.
  Watch the video»
  

• CyberForceField could be the key to desktop security

  

  Traditional desktop security would improve beyond recognition if applications could be controlled to a point where they cannot access any part of the system that they do not need to, according to Alcy Infinity, co-founder of Timesavers International.
  Read the story»
  

• Is desktop security broken beyond repair?

  

  At the AusCERT 2007 conference in Queensland last week, keynote speaker Ivan Krstić, who is the director of security architecture for the One Laptop Per Child (OLPC) project, told attendees that desktop security was fundamentally broken. We asked several security experts who attended the conference if they agreed and how the problem could be fixed.
  Read the story»
  

• OLPC achieves 2km range in 802.11s tests

  

  A tester for the One Laptop Per Child (OLPC) project has tested wireless technology using the 802.11s 'mesh networking' pre-draft in Australia's outback and achieved distances of 2km
  Read the story»
  

• Security industry losing malware battle: IronPort VP

  

  The IT security industry is failing to keep up with the smarts of criminals developing malware, according to IronPort Systems vice president of technology, Pat Peterson.
  Read the story»
  

• One Laptop Per Child: Beta 2 test prototype

  

  Ivan Krstic, director of security architecture for the One Laptop Per Child project, brought a beta 2 test prototype model of the AU$175 laptops to AusCERT 2007. ZDNet Australia's Munir Kotadia caught up with Ivan to find out more about the pre-release model's features.
  Watch the video»
  

• Software vendors still choosing 'flashy' features above security: IBRS analyst

  

  IT vendors are still too interested in building flashy products instead of ensuring their software is bug free, which is an unsustainable situation, according to James Turner, industry analyst at IBRS.
  Watch the video»
  

• Vectra: Do you know when to walk away from a failed IT project?

  

  Corporate Governance can help stop companies from throwing money at projects that should be abandoned, said Jo Stewart-Rattray, director of information security at Vectra.
  Watch the video»
  

• Microsoft: Australia remains a spam receiver, not a spam sender

  

  Peter Watson, chief security advisor at Microsoft Australia, said that although legislation and general awareness have helped Australia avoid becoming a haven for spammers, we are under attack from overseas.
  Watch the video»
  

• Marshal: The perimeter is moving

  

  The future is bright for companies that are able to secure the perimeter, wherever that perimeter may be, according to Bradley Anstis, director of product management at Marshal.
  Watch the video»
  

• Sourcefire: Enterprise Threat Management creates a pro-active defence

  

  Davis Thomason, senior director of technical services at Sourcefire, describes Enterprise Threat Management (ETM), which combines IPS, vulnerability assessments, network behaviour analysis and network admission control, to create a pro-active defence system.
  Watch the video»
  

• Patchlink ponders new name after acquisitions

  

  Patchlink's international senior vice president Andrew Clarke told ZDNet Australia that the company is taking a slightly new direction after acquiring a vulnerability management company earlier this year. Clarke also admitted that the company is likely to change its name within a few months.
  Watch the video»
  

• Software should defend itself: Oracle CSO

  

  Applications will have to defend themselves from attack in the future, according to Oracle's chief security officer Mary Ann Davidson.
  Read the story»
  

• AusCERT urges delegates to report computer crimes

  

  On the final day of AusCERT 2007 on Queensland's Gold Coast, the general manager of AusCERT, Graham Ingram, acknowledged that reporting computer crimes can be difficult but pleaded with delegates not to let these incidents go unreported.
  Read the story»
  

• SafeNet: The security market is finally growing up

  

  Andy Solterbeck, the VP of product strategy and management at SafeNET, talks about why IT security is moving beyond things like anti-virus and firewalls.
  Watch the video»
  

• MessageLabs: Social networking sites are 'goldmine' for Phishers

  

  Mark Sunner, chief security analyst at Messagelabs, said the company's latest research indicates that Australian spam levels are well below the global average. The bad news is that social networking sites, such as MySpace, are helping phishers create more targeted attacks.
  Watch the video»
  

• AusCERT: Microsoft's top security man avoids talk of XP SP3

  

  George Stathakopoulos, general manager of product security at Microsoft, tells us how Windows XP SP2 came about and why the company is not yet ready to talk about XP SP3. He also explains that UAC in Windows Vista is designed to be part of a 'defence in depth' strategy and not a standalone security solution.
  Watch the video»
  

• AusCERT: Qld Police fight the Nigerian 419 fraudsters

  

  Detective Inspector Brian Hay, who heads up the Queensland Police Corporate Crime Investigation Group, reveals that hundreds and possibly thousands of Australians have fallen victim to the infamous Nigerian 419 scam.
  Watch the video»
  

• Queensland's plan to end Nigerian scams

  

  A national event aimed at stamping out so-called Nigerian scams will be held in Queensland, Detective Inspector Brian Hay, who heads up the Queensland Police Corporate Crime Investigation Group, said.
  Read the story»
  

• AusCERT: Desktop security slammed by security expert

  

  AusCERT 2007 kicked off this morning with a keynote speaker who blasted desktop computer security -- including that of Windows, Linux and Mac -- because it is based on a 35-year-old premise where software can run with the same privilege as a user.
  Watch the video»
  

• AusCERT: IBM's security architect calls for open-source ID framework

  

  IBM’s chief security architect Anthony Nadalin talks about building an open source platform for identity management, at the AusCERT 2007 conference in the Gold Coast.
  Watch the video»
  

• Microsoft's AusCERT security lottery gets a laugh

  

  For the second year in a row, Microsoft's Q&A session at AusCERT has been well worth attending -- but for the wrong reasons.
  Read the story»
  

• IT industry has failed in desktop security

  

  The director of security architecture for the One Laptop per Child project, and AusCERT 2007 keynote speaker, has blasted desktop computer security -- including that of Windows, Linux and Mac -- because it is based on a 35-year-old premise where software can run with the same privilege as a user.
  Read the story»
  

• AusCERT prepares for biggest ever conference

  

  Australia's best-known security conference will open for business on Monday and organisers say this year's event should be the biggest ever.
  Read the story»
  

• AusCERT and GovCERT make lucrative peace

  

  It looks like AusCERT and GovCERT have worked out their issues and are no longer stepping on each others' toes.
  Read the story»
  

• AusCERT ditches annual e-crimes survey

  

  The Australian Computer Emergency Response Team (AusCERT) will not be publishing its annual e-crimes survey this year because the federal government has given funding to the Australian Institute of Criminology instead.
  Read the story»
  

• Related stories

• Alerts

Be the first to comment on this article!

Reader Services

Popular Topics

Essentials