A number of events in past months have forced me to reconsider my position on a number of issues.Foremost in my mind:The Vodafone scandal in Australia, the Australian Prime Minister’s Laptop being hacked, Office of National Assessment’s of Govt security (and SQL injection being described as “non-major”), RSA being owned, ... Read More

Warning: I work for Dimension Data and we're a known reseller of Web Application Firewalls. If you think that alters my opinion on this subject, then I suggest you stop reading.Lately I've seen some hatred thrown towards Web Application Firewalls. Some of it I think is misguided, some of it ... Read More

I have one friend who I swear, is trying to inflame me with my whole build vs break rhetoric. He knows who he is, so this post is for him.Recently events in the news, finishing economics, and some other personal events has fired me up enough to forego my original ... Read More

I recently read this blog post on Richard Bejtlich's blog (and I am a bit behind the times) but it really rubbed me the wrong way. I am probably misinterpreting the point of the post but the way I read it, Richard was just pointing out that there were some ... Read More

Hi guys,D-Link have firmware drivers on their website, specifically the DSL-502T and DSL-504T that are showing as malware when I upload them to Virus Total to confirm.Here is the 502T:http://www.dlink.com.au/tech/Download/download.aspx?product=DSL-502T&revision=REV_A&filetype=FirmwareHere is the 504T:http://www.dlink.com.au/tech/Download/download.aspx?product=DSL-504T&revision=REV_A&filetype=Firmware(Be sure to download the  EXE and extract it).I freely admit I have not tested these drivers out ... Read More

Now there seems to be a bit of twitter rage at the moment around pentesting and consulting and what it should be or even what it should represent. I made a bit of an off the cuff comment that pentesting is a conversation opener and Twitter only supporting a 140 ... Read More

Years ago, I was lucky enough to be invited to closed session at Deloitte where Adele Melek (Global Leader of Information & Technology Risk Service) talked about one of their annual global security reports.One of the points in the report was about Business Contuinity Planning and Disaster Recovery. What was ... Read More

Happy New Year to everyone.Interesting that I get to kick off my first post of 2011 on what could be considered the largest privacy breach in Australian history.In away, I think we need to be greatful that the Vodafone privacy scandal has drawn so much attention. We (Australia) never had ... Read More

I have had some discussions with people surrounding this topic lately and I want to highlight a few points on this very tender topic.Firstly, I am not in favor of offshoring security testing. It needs to be said. I acknowledge it is happening, I acknowledge there is an economic benefit ... Read More

My friend Serg over @ SecuritySoup.com recently made these two posts about pentesting and I must admit it gladdens me immensely to see posts like this. I won't divulge too much about Serg in the interests of maintaining his privacy but I will say he is an experienced penetration tester ... Read More