All the highlights from AusCERT 2008, Australia's biggest security conference.
-
Taking security to the cloud
Security-as-a-service was the big theme at this year's RSA Conference in San Francisco. ZDNet.com editor in chief Larry Dignan talks with senior editor Sam Diaz, and security blogger Ryan Naraine about how companies are securing the cloud.
Watch the video»
-
Microsoft: Internet safer and more dangerous
In an interview, Microsoft security executive Scott Charney tells CNET News' Ina Fried about the latest threats as well as new ways that Microsoft is trying to thwart the hackers.
Watch the video»
-
Microsoft outlines Windows 7 security
Mobile-device security, two factor log-ins, and AppLocker, a code-signing feature for applications, are just a few of the security advancements Microsoft is rolling out with its Windows 7 operating system.
Watch the video»
-
Conficker's April Fools' infection
Conficker is a computer worm that has proven to be one of the most dangerous threats ever, infecting an estimated 10 million computers worldwide.
Watch the video»
-
Whitelists tackle Norton performace
Symantec has adopted whitelising techniques in an effort to dramatically improve the performance of its upcoming Norton 2009 security suite, according to the company's vice president of consumer engineering, Rowan Trollope.
Watch the video»
-
Macs still malware-free
Symantec hasn't seen an increase in Mac malware, but it expects to.
Watch the video»
-
Statistical analysis fights malware
If software is running on just 10 machines, it's likely bad, says Symantec's VP of consumer engineering, Rowan Trollope
Watch the video»
-
The top complaint about Norton is...
"Obviously it's still a problem," says Symantec's VP of consumer engineering, Rowan Trollope.
Watch the video»
-
Norton improvements won't happen over night
Software takes a long time to improve, says Symantec's VP of consumer engineering, Rowan Trollope.
Watch the video»
-
Microsoft slams Google on privacy
Google's approach to privacy is a decade behind Microsoft, the Redmond software giant's chief privacy strategist told ZDNet.com.au on Thursday in a video interview.
Watch the video»
-
Why you don't need a strong password for online banking
Strong passwords are not necessary for online banking, explains Bill Cheswick from AT&T Labs.
Watch the video»
-
Ex-NSA scientist explains how encryption can go bad
Without strict controls, even the strongest encryption can be compromised, explains Brian Snow, ex-chief scientist of America's code breaking agency, the NSA.
Watch the video»
-
Three passwords are enough
Strong passwords do not necessarily provide better security so why do we persist creating ones that are hard to guess -- and hard to remember -- when a computer can crack them in seconds, asks Bill Cheswick, distributing computing and communications researcher for AT&T Labs.
Watch the video»
-
Antivirus is not a 'first line of defence'
Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart.
Watch the video»
-
Security expert begins doubting Vista's security
Bill Cheswick from AT&T Labs used to be optimistic when it came to security and Windows Vista...
Watch the video»
-
AusCERT 2008: Behind the scenes
ZDNet.com.au's Matt Oxley takes you behind the scenes at Australia's largest security conference. Find out why Microsoft's head of product security was afraid of being arrested, watch delegates swing at sheep on the driving range and discover who thinks security is like being chased by a bear — or is it a dog?
Watch the video»
-
Ditch your firewall and skinny dip on the internet
Businesses should rethink perimeters, shed the firewall and allow people to "skinny dip" on the Internet, according to security and communications researcher, William Cheswick.
Watch the video»
-
Is whitelisting the new blacklisting?
The IT security industry has come to a frank realisation that the current approach to preventing malware is simply not working. Is whitelisting, which is the reverse of our current approach, the answer?
Watch the video»
-
Charney: Customers the biggest hole in Microsoft's security
Microsoft customers need to better authenticate applications they install on their PCs, so the next challenge for Microsoft is to figure out how to provide that information, according to Scott Charney, the VP of Microsoft's Trustworthy Computing Group.
Watch the video»
-
Patchlink turns into Lumension, touts whitelists
Lumension Security, formerly called Patchlink, now has a new focus to go with its new name: whitelisting.
Watch the video»
-
Charney: App vendors are the weakest security link
Microsoft now builds security into products such as Vista but attackers have shifted their focus to applications so software vendors are the weakest link, says the VP of Microsoft's Trustworthy Computing Group.
Watch the video»
-
Russian criminals prefer Australian banks
Russian criminals prefer targeting Australian banks over their American or European counterparts, according to an expert on cybercrime in the Former Soviet Union.
Watch the video»
-
Vista UAC prompts unexpected, not intuitive: Microsoft
Scott Charney, head of Microsoft's Trustworthy Computing division, admitted this week that Windows Vista's User Account Control (UAC) prompts are not intuitive and confuse users.
Watch the video»
-
Why Vista UAC can't stop malware: Microsoft
User Account Control (UAC), the 'annoying' security feature in Windows Vista, will not stop malware from infecting PCs, according Roger Grimes, a member of Microsoft's software security team.
Watch the video»
-
AusCERT gala dinner in 39 seconds
At this year's AusCERT conference, delegates enjoyed a gala dinner in the Royal Pines resort with entertainment from Tripod. Here is the whole evening in 39 seconds.
Watch the video»
-
Microsoft looks to hardware for protection
Scott Charney, VP of the Trustworthy Computing Group, talks about some "fundamental engineering changes" that have to happen to properly secure software -- including binding Windows and other apps with PC hardware.
Watch the video»
-
It's not lovely code, it's an ugly monkey
It is possible to develop secure code but only if vendors use a robust software development process and aren't afraid to call a monkey when they see a monkey, according to the retired chief scientist of the National Security Agency (NSA).
Watch the video»
-
Why security appliances can make you less secure
Security appliances can introduce vulnerabilities into an organisation's network because they often include older operating systems and vendors rarely inform customers how to properly update them, according to Microsoft's Roger Grimes, who was speaking at the AusCERT 2008 conference.
Watch the video»
-
NBN HQ may be spread between states
National Broadband Network Company executive chairman Mike Quigley has told staff from Queensland Public Works and ICT Minister Robert Schwarten's department that it may not select a single state to become the central headquarters of the company.
Read the story»
-
Video: Do Mac OS X users need antivirus?
Do Mac OS X users really need antivirus? ZDNet.com.au recently posed the question to security professionals at the AusCERT 2009 IT security conference on the Gold Coast.
Read the story»
-
Kaspersky impressed by botnet slickness
Cybercrime fighter Eugene Kaspersky can't help but be impressed by the slick operations behind the Conficker botnet, and says that it could have been worse had the botnet been after more than just money.
Read the story»
-
Customs security chief paints sober picture
Hackers have started to target specific government personnel, as opposed to simply using broad scattergun approaches, the Australian Customs and Border Protection Service warned this week.
Read the story»
-
AusCERT unfazed by new $8.8m rival
The director of Australia's existing Computer Emergency Response Team (AusCERT) this week said a rival government group that received funding in the budget was unlikely to impact its operations.
Read the story»
-
AusCERT 2009: Photo gallery
Australia's largest annual security conference, AusCERT, is underway for another year, and continues the tradition of bringing security gurus, vendors and members of government under one roof.
Read the story»
-
Govt to survey schools on e-security
The Department of Broadband Communications and the Digital Economy intends to survey school children, parents and teachers on e-security and cyber-safety threats from late July 2009.
Read the story»
-
ICT industry mobs Qld election debate
A large number of Queensland ICT industry luminaries donned red and yellow T-shirts to dominate the floor at an election debate in Brisbane between Premier Anna Bligh and opposition leader Lawrence Springborg.
Read the story»
-
Qld opposition rejects ICT Minister's attack
Queensland ICT opposition spokesperson Fiona Simpson has rejected comments by state ICT Minister Robert Schwarten yesterday that one of her party's election policies would have a "disastrous" effect on government.
Read the story»
-
How do you return stolen bank credentials?
Sceptical that Australians are targeted by cybercrime? Late last year the Australian Computer Emergency Response Team (AusCERT) was asked to repatriate hundreds of Commonwealth Bank customer credentials which had been stolen via the ZeuS trojan.
Read the story»
-
IE patch: Microsoft's eight days of hell
It's always funny watching an event force a company to break old habits and this IE zero day was enough for Microsoft to do it. As Microsoft Australia's strategic security advisor Stuart Strathdee said "we pulled all stops to get this patch out".
Read the story»
-
IE zero day: Money v tubes? Choose one
In light of the unpatched IE zero day, AusCERT has cautiously advised organisations to "consider" using an alternative browser; or even kill browsing altogether. For organisations with locked down computers, is it time to support two browsers?
Read the story»
-
Avoid using IE if possible: AusCERT
Australia's Computer Emergency Response Team (AusCERT) has recommended organisations "consider using a web browser other than Internet Explorer until a patch becomes available" — an option that many large firms cannot seriously consider.
Read the story»
-
Rudd hiring security CIO
Kevin Rudd's department has advertised for a top-level security-focused chief information officer to oversee the technology aspects of its national security strategy.
Read the story»
-
Naked Mac versus protected PC: What wins?
What's easier to manage — 200 Mac OS X systems without antivirus or 200 Windows systems running a leading antivirus package?
Read the story»
-
Real-life internet scammers dissected
Listen to audio recordings of conversations with real-life internet scammers in this guide to their history and recent activities.
Read the story»
-
Aussie banks: your new security vendor
It is quickly becoming the norm for Australia's largest banks to offer discounts on or completely free computer security software to boost internet banking security. The question is, why?
Read the story»
-
Vista security to be 'obliterated' at Black Hat
An IBM X-Force security researcher has promised to exploit massive holes in Windows Vista's defences at the upcoming Black Hat security conference in Las Vegas.
Read the story»
-
Beijing Olympics? Paranoia will protect your data
If you're heading to the Beijing Olympics to cut deals, schmooze and booze, don't leave your laptop and mobile with your hosts for a second and watch your gadgets very, very carefully. Of course, it might cost you a deal because you're acting weird, but your data will be safe.
Read the story»
-
McAfee CEO: Adware is killing AV blacklisting
Traditional security products — which employ signature-based blacklisting technology — are no longer effective because of a massive increase in malware, according to the CEO of McAfee, Dave De Walt.
Read the story»
-
Australia's most gullible: Top victims of cybercrime?
Australians experience one of the highest levels of cybercrime in the world, according to a new survey — but are Aussies really such easy targets?
Read the story»
-
Bill Cheswick: Silly passwords, soft perimeters and Vista
Strong passwords do not necessarily provide better security so why do we persist creating ones that are hard to guess -- and hard to remember -- when a computer can crack them in seconds, asks Bill Cheswick, distributing computing and communications researcher for AT&T Labs.
Read the story»
-
Cyberattack alert service helps Aussies Stay Smart
The Federal government has launched a new security alert service for small business and home users, aimed at helping Australians protect themselves from cyberattack.
Read the story»
-
Banks are confusing consumers on PC security
Banks obviously have an interest in making consumers feel safe. They are there to protect the customers' money. They want customers to use their online services, too, because the channel offers a lower cost per transaction than a branch. But giving away free security software to make customers feel safe is probably doing more harm than good.
Read the story»
-
Rootkit threatens Cisco routers
Cisco and the security community are debating the reality of rootkits attacking the Cisco's Internetwork Operating System (IOS) after a researcher presented a proof of concept attack, which threatens Cisco routers and voice over IP phones.
Read the story»
-
Is whitelisting the new blacklisting?
The IT security industry has come to a frank realisation that the current approach to preventing malware is simply not working. Is whitelisting, which is the reverse of our current approach, the answer?
Read the story»
-
Scott Charney: Microsoft's security chief reveals all
Shortly after the 9/11 bombings, Microsoft hired Scott Charney, a federal prosecutor for the US justice Department, to head up its Trustworthy Computing division. At AusCERT 2008, ZDNet.com.au caught up with Charney to hear his thoughts on how those events changed the security landscape and what he thinks about the current state of IT security.
Read the story»
-
Artist formerly known as Patchlink touts whitelists
Lumension Security, formerly called Patchlink, now has a new focus to go with its new name: whitelisting.
Read the story»
-
Should staff swim naked on the Internet?
Businesses should rethink perimeters, shed the firewall and allow people to "skinny dip" on the Internet, according to security and communications researcher, William Cheswick.
Read the story»
-
You're not on the (white)list, you can't come in
At this year's AusCERT conference, whitelists were a hot topic — but is anyone going to use them?
Read the story»
-
Microsoft admits Vista UAC prompts 'need work'
Scott Charney, head of Microsoft's Trustworthy Computing division, admitted this week that Windows Vista's User Account Control (UAC) prompts are not intuitive and confuse users.
Read the story»
-
Russian criminals prefer Australian banks
Russian criminals prefer targeting Australian banks over their American or European counterparts, according to an expert on cybercrime in the Former Soviet Union.
Read the story»
-
Web banking: It's time to write down your password
Banks should stop forcing customers to create long, alphanumeric passwords because they can't protect against today's threats, according to AT&T computing researcher William Cheswick
Read the story»
-
Hacked? Don't blame China, blame Denmark
Forget pointing the finger at China when government systems and defence contractors are compromised — it's the dirty work of Danish hackers, says Finnish security researcher, Mikko Hyppönen.
Read the story»
-
Russian bride scam turns romantics into money mules
Queensland police are warning of a rapidly growing type of fraud that uses Russian brides and dating Web sites to con victims into becoming money launderers and drug mules.
Read the story»
-
Australia crumbles under Cyber Storm attack
The 55 Australian organisations that took part in Australia's cyberwar games, Cyber Storm II suffered "death by a thousand cuts", according to the head of Australia's Cyber Storm II effort.
Read the story»
-
Antivirus is 'completely wasted money': Cisco CSO
Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart.
Read the story»
-
That isn't lovely code, it's an ugly monkey
It is possible to develop secure code but only if vendors use a robust software development process and aren't afraid to call a monkey when they see a monkey, according to the retired chief scientist of the National Security Agency (NSA).
Read the story»
-
Cisco customers making themselves vulnerable
Companies are refusing to update their router operating systems even though they contain known vulnerabilities, leaving their network full of security holes, according to Cisco's top security exec.
Read the story»
-
Photos: AusCERT 2008
The AusCERT 2008 security conference takes place in the Gold Coast this week. If you couldn't make it, here's what you're missing.
Read the story»
-
Has Windows Vista's UAC feature failed Microsoft?
Experts agree that Microsoft's Windows Vista is relatively well-protected but its security features — such as User Account Control (UAC) — have been highlighted by security experts as one reason why the operating system is far less popular than its predecessor, Windows XP.
Read the story»
-
Microsoft: Defence in depth is not enough
Defence in depth is simply not enough to create a secure computing environment, according to Microsoft's vice president of its Trustworthy Computing group, Scott Charney.
Read the story»
AusCERT 2007 coverage
-
The AusCERT 2007 Conference: It's a wrap!
If you didn't make it to AusCERT 2007, which is the largest security conference in Australia, then let ZDNet Australia's Matthew Oxley and Munir Kotadia give you a taste of what you missed.
Watch the video»
-
Do aliens and God affect your IT security budget?: Interview with Richard Thieme
Cyber-criminals, God, the universe, mafia, aliens, Nazis and IBM -- these are just some of the subjects touched upon in a video interview I conducted with Richard Thieme at the AusCERT security conference in Queensland last month.
Watch the video»
-
Is desktop security broken beyond repair?
At the AusCERT 2007 conference in Queensland last week, keynote speaker Ivan Krstić, who is the director of security architecture for the One Laptop Per Child (OLPC) project, told attendees that desktop security was fundamentally broken. We asked several security experts who attended the conference if they agreed and how the problem could be fixed.
Watch the video»
-
CyberForceField could be the key to desktop security
Traditional desktop security would improve beyond recognition if applications could be controlled to a point where they cannot access any part of the system that they do not need to, according to Alcy Infinity, co-founder of Timesavers International.
Read the story»
-
Is desktop security broken beyond repair?
At the AusCERT 2007 conference in Queensland last week, keynote speaker Ivan Krstić, who is the director of security architecture for the One Laptop Per Child (OLPC) project, told attendees that desktop security was fundamentally broken. We asked several security experts who attended the conference if they agreed and how the problem could be fixed.
Read the story»
-
Security industry losing malware battle: IronPort VP
The IT security industry is failing to keep up with the smarts of criminals developing malware, according to IronPort Systems vice president of technology, Pat Peterson.
Read the story»
-
One Laptop Per Child: Beta 2 test prototype
Ivan Krstic, director of security architecture for the One Laptop Per Child project, brought a beta 2 test prototype model of the AU$175 laptops to AusCERT 2007. ZDNet Australia's Munir Kotadia caught up with Ivan to find out more about the pre-release model's features.
Watch the video»
-
Software vendors still choosing 'flashy' features above security: IBRS analyst
IT vendors are still too interested in building flashy products instead of ensuring their software is bug free, which is an unsustainable situation, according to James Turner, industry analyst at IBRS.
Watch the video»
-
Vectra: Do you know when to walk away from a failed IT project?
Corporate Governance can help stop companies from throwing money at projects that should be abandoned, said Jo Stewart-Rattray, director of information security at Vectra.
Watch the video»
-
Microsoft: Australia remains a spam receiver, not a spam sender
Peter Watson, chief security advisor at Microsoft Australia, said that although legislation and general awareness have helped Australia avoid becoming a haven for spammers, we are under attack from overseas.
Watch the video»
-
Marshal: The perimeter is moving
The future is bright for companies that are able to secure the perimeter, wherever that perimeter may be, according to Bradley Anstis, director of product management at Marshal.
Watch the video»
-
Sourcefire: Enterprise Threat Management creates a pro-active defence
Davis Thomason, senior director of technical services at Sourcefire, describes Enterprise Threat Management (ETM), which combines IPS, vulnerability assessments, network behaviour analysis and network admission control, to create a pro-active defence system.
Watch the video»
-
Patchlink ponders new name after acquisitions
Patchlink's international senior vice president Andrew Clarke told ZDNet Australia that the company is taking a slightly new direction after acquiring a vulnerability management company earlier this year. Clarke also admitted that the company is likely to change its name within a few months.
Watch the video»
-
Software should defend itself: Oracle CSO
Applications will have to defend themselves from attack in the future, according to Oracle's chief security officer Mary Ann Davidson.
Read the story»
-
AusCERT urges delegates to report computer crimes
On the final day of AusCERT 2007 on Queensland's Gold Coast, the general manager of AusCERT, Graham Ingram, acknowledged that reporting computer crimes can be difficult but pleaded with delegates not to let these incidents go unreported.
Read the story»
-
SafeNet: The security market is finally growing up
Andy Solterbeck, the VP of product strategy and management at SafeNET, talks about why IT security is moving beyond things like anti-virus and firewalls.
Watch the video»
-
MessageLabs: Social networking sites are 'goldmine' for Phishers
Mark Sunner, chief security analyst at Messagelabs, said the company's latest research indicates that Australian spam levels are well below the global average. The bad news is that social networking sites, such as MySpace, are helping phishers create more targeted attacks.
Watch the video»
-
AusCERT: Microsoft's top security man avoids talk of XP SP3
George Stathakopoulos, general manager of product security at Microsoft, tells us how Windows XP SP2 came about and why the company is not yet ready to talk about XP SP3. He also explains that UAC in Windows Vista is designed to be part of a 'defence in depth' strategy and not a standalone security solution.
Watch the video»
-
AusCERT: Qld Police fight the Nigerian 419 fraudsters
Detective Inspector Brian Hay, who heads up the Queensland Police Corporate Crime Investigation Group, reveals that hundreds and possibly thousands of Australians have fallen victim to the infamous Nigerian 419 scam.
Watch the video»
-
Queensland's plan to end Nigerian scams
A national event aimed at stamping out so-called Nigerian scams will be held in Queensland, Detective Inspector Brian Hay, who heads up the Queensland Police Corporate Crime Investigation Group, said.
Read the story»
-
AusCERT: Desktop security slammed by security expert
AusCERT 2007 kicked off this morning with a keynote speaker who blasted desktop computer security -- including that of Windows, Linux and Mac -- because it is based on a 35-year-old premise where software can run with the same privilege as a user.
Watch the video»
-
AusCERT: IBM's security architect calls for open-source ID framework
IBM’s chief security architect Anthony Nadalin talks about building an open source platform for identity management, at the AusCERT 2007 conference in the Gold Coast.
Watch the video»
-
Microsoft's AusCERT security lottery gets a laugh
For the second year in a row, Microsoft's Q&A session at AusCERT has been well worth attending -- but for the wrong reasons.
Read the story»
-
IT industry has failed in desktop security
The director of security architecture for the One Laptop per Child project, and AusCERT 2007 keynote speaker, has blasted desktop computer security -- including that of Windows, Linux and Mac -- because it is based on a 35-year-old premise where software can run with the same privilege as a user.
Read the story»
-
AusCERT prepares for biggest ever conference
Australia's best-known security conference will open for business on Monday and organisers say this year's event should be the biggest ever.
Read the story»
-
AusCERT and GovCERT make lucrative peace
It looks like AusCERT and GovCERT have worked out their issues and are no longer stepping on each others' toes.
Read the story»
-
AusCERT ditches annual e-crimes survey
The Australian Computer Emergency Response Team (AusCERT) will not be publishing its annual e-crimes survey this year because the federal government has given funding to the Australian Institute of Criminology instead.
Read the story»

































































