Wednesday, 7 February 2018

Notifiable Data Breaches (NDB) scheme

An informative summary of the upcoming Notifiable
Data Breaches (NDB) scheme can be found here:

Thanks to James Walker from PortSwigger for this article.

Wednesday, 31 January 2018

CrikeyCon InfoSec Conference

We are proud to be sponsoring CrikeyCon this year!

"CrikeyCon is a community-led conference targeting those with an interest in information security around South East Queensland and beyond."

The conference is held on the 24th of February in Brisbane, tickets are still available. If you are at all interested in InfoSec we would love to see you there!

For further info and for tickets please see the CrikeyCon official website:

Wednesday, 10 January 2018

More on keeping SMEs safe online

Following up on Tim's SecTalks presentation aimed at SMEs.  The Australian Signals Directorate produces some excellent, concise information.  I particularly like "the Essential Eight".

Friday, 5 January 2018

Small Business InfoSec 101

I gave an overview of InfoSec considerations for small business at SecTalks Brisbane last October. If you'd like to have a look at my slides I've uploaded a copy here.

Feel free to use the content (with attribution). Feedback is also very welcome!

Thursday, 16 November 2017

Bank Transfers using ABA Payment files: A Warning

If you use an “ABA” or Australian Bankers Association (see file for payment runs, please read this.  

An ABA file is a text file that contains all the transactions for a payment “run”.  It is uploaded to a bank’s website and the payments listed in the file are executed.  We were told of this, very expensive, security breach (it did not happen to a WK-Consulting client).

Just as ransomware can change your files by encrypting them a criminal can change your ABA file, or trick you into doing this for them.  The image below is of a sample ABA from the Cemtex ABA website link.

In the breach described to us all of the account numbers in a payment run ABA file were changed to accounts that the criminal controlled.  The amounts were not changed, so as not to raise suspicion.  The entire run was transferred to the criminals and the payments had to be transferred correctly a second time - ie the unfortunate payee was very much out of pocket.

Please:  at least spot check transfers in your ABA file.  The payment transfer summary will also be displayed in your bank’s web payment portal before you hit confirm.  Check the account numbers there also.  Even if you have just generated the payment ABA file in your own accounts application.

Please do not:  automatically trust an ABA file you receive via e-mail or download from a website.

Monday, 29 May 2017

Slides from my AppLocker/SRP talk

I recently did a talk at SecTalks_BNE on various known AppLocker/SRP bypass methods, and some mitigation methods. You can read the slides online here.

Tuesday, 29 November 2016

Tuesday, 18 October 2016

Chrome not working after version 54 update?

We've come across an issue where Chrome will not work properly after updating itself to version 54. The process launches and stays running, but there's no visible window. It seems to affect machines running a Software Restriction Policy with certificate checking enabled:

Unfortunately the only workaround this stage is to roll back to version 53 until a fixed version is released.

Tuesday, 7 June 2016

Do you use the same password across sites?

In 2012, LinkedIn had a security breach resulting in user credentials being stolen. In the last few days the media has reported a high volume of Twitter and Facebook accounts being compromised. In addition to this services such as TeamViewer appear to be under attack.

You can search this online database to see if your email address is found in the leak. If you reuse your password across sites and your details have been leaked, you'll definitely want to change said password.

Tuesday, 29 March 2016

Friday, 11 March 2016

Cloud Computing - 50 Years Young?

With the passing or Ray Tomlinson - credited with inventing e-mail in its current form using the "@" symbol - there have been many articles published covering the history of e-mail.  I won't try a re-write when, using the power of hyperlinks, I can link to a good one:

Rather, I was reminded that my family had a very small part in the very early days.  In the mid 1960s it became apparent that either a "time-share" terminal (ie a terminal remotely connected to one computer) or a file transfer between two remote computers was really all that was needed for a viable messaging system the British Post Office decided to intervene.

It is hard to imagine today the importance of the Post Office in days before e-mail and mobile phone.  In those, pre-British Telecom times, the Post Office had a monopoly in both telephone and letter communications.  My father*, as a director of GE Information Services UK (part of General Electric), was summoned to a meeting with the Postmaster General, then a cabinet position, held by one Anthony Wedgwood Benn**.  During the meeting the issue of the Post Office's monopoly was raised, but no action was taken (I can't see, even looking back from today, what could have been done to stop messages being sent in this way).  GE were involved in a "time-share" joint venture with MIT and were, as I described above, using terminals to send "messages" across the Atlantic.

Where does the "Cloud" come in to this?  Well, what is "time-sharing" if not shared access to a centralised computer?  Cloud computing by another name.  What's new about it?

* It wasn't a case of following in father's footsteps working in ICT.  Dennis has done a lot of things in his life and was pretty much finished in time share by the time I came along.
** Tony Benn, who died in 2014, was for a long time one of the most well know politicians in the UK.  Apparently, after the meeting he invited the GE visitors to attend a Post Office children's prize giving where he sat on the edge of stage and spoke eloquently without notes, and seemingly without preparation, for 20 minutes to a group of children.

Monday, 1 February 2016

Zero Day Ransomware?

There was a major Ransomware incident at Lincolnshire County Council in the United Kingdom at the end of January.  Of interest because it is being reported as a “zero day exploit” - ie using a previously unknown security flaw.  The BBC report is here:

The website has a few more details:
quoting a council spokesperson as saying that 300 computers were hit by the ransomware.

The details are quite sketchy, but if this is a zero day ransomware exploit that has been able to impact 300 computers on the council’s network, then the implications are scary.  The CryptoLocker/CryptoWall ransomware variants do not (yet) try to exploit vulnerabilities to attempt to replicate themselves.  Lincolnshire County Council will be doing CIO’s the world over a favour by releasing details.