Enabling Digital Society

Using the Cloud and Mobility to enable citizens to take part in their world!

Browse by Tags

Tagged Content List
  • Blog Post: Whitepaper: Disaster Recovery and High Availability for Windows Azure Applications

    The team have recently released a new whitepaper Disaster Recovery and High Availability for Windows Azure Applications The whitepaper outlines the necessary architecture steps to be taken to disaster-proof a Windows Azure deployment so that the larger business continuity process can be implemented....
  • Blog Post: Windows Azure in Australia! How does that change your security outlook?

    We are bringing our world class Windows Azure data centres here to Australia. Microsoft has a long history of bringing industry leading technologies to the world. Windows Azure is no different. Today we announced that we will be adding more data centres around the globe. Australia will have two georedundant...
  • Blog Post: Regarding Cloud Security and Data Sovereignty

    There are two primary concerns for governments and organisations in Australia when considering taking advantage of Cloud Computing. #1: Security, #2: Data Sovereignty.  While these are legitimate concerns, they are largely misunderstood and surrounded by Fear, Uncertainty and Doubt (FUD). We need...
  • Blog Post: Cloud As a Security Layer–#Winning

    I’ve often been a proponent of thinking of Cloud based computing as a security layer between you and the bad guys. It seems the US Department of Defense agrees with me. http://techinsider.nextgov.com/2011/03/cyber_command_shifting_to_the_cloud.php Now, by far the most common area of attack where bad...
  • Blog Post: AU Gov blocking web based email, worth it? No.

    In response to the Australian National Audit Office report ' The Protection and Security of Electronic Information Held by Australian Government Agencies ' many government agencies are talking about blocking access to web based email.  Here’s the recommendation that has been lighting up the Twitterverse...
  • Blog Post: Security Intelligence Report Vol 9 available

    The latest SIR is available now from Microsoft. You can find it here: http://www.microsoft.com/security/sir/default.aspx   Industry wide vulnerabilities continue their downward trend . However High Complexity vulnerabilities rose a bit ( http://www.microsoft.com/security/sir/keyfindings/default...
  • Blog Post: Follow-up from previous SQL Injection post.

    So first off, Thank you to Jim Manico for his comment on my previous post which lead me to create this post. I will includes quotes from Jim’s comment for reference here. JM : “ I think you are terribly wrong, and its important we clear this up .” No worries I appreciate your candour. Everyone...
  • Blog Post: “there is no bigger attach vector than with a parameterized sp” NOT!!

    I recently posted an article on our ACE Team blog (you can read it here if you are interested) There were a few comments about the use of Dynamic SQL that made me realise that not everyone “get’s it” yet. Here are the comments that started the discussion: Alastair Upton said: Shouldn't Rule #4 read ...
  • Blog Post: Rules to stop bad guys

    I just posted an article to our team blog about simple development rules to stop the bad guys. Head over and have a read. You can find the post on the ACE Team blog . I know it’s a repost, but sometimes it beats re-writing. ;-)
  • Blog Post: Bitlocker Broken/Cracked… NOT!

    Ok, I’ve been trying to keep my cool on this whole thing but enough is enough. A few days ago ars technica ran a hype-story called “First commercial tool to crack BitLocker arrives” (no, I’m not going to link to it because they don’t deserve the traffic IMHO) The claim is that Passware has created a...
  • Blog Post: Trusting Web 2.0 – NOT!

    Yesterday, I did a presentation at a customer site for their lunch time security talks. It was about Web 2.0 and protecting yourself online. One of the things I mentioned in my talk was how much people are trusting, blindly, what they see on the social internet. For example, most of you reading this...
  • Blog Post: You can’t hide from Shodan

    I was looking for cool security stuff on the Internet as I do, and I came across this story The Futility of Security By Obscurity on Dark Reading that pointed me to this online search engine called Shodan created by John Matherly . Shodan is an online search engine for computers. Not news, tweets, blogs...
  • Blog Post: Security Features vs Security Bugs

    Several times when I've been talking with customers about implementing an SDL, or what they should be doing to secure their in-house developed applications, I get asked a similar branch of questions. · Why do we need to review the design if we review the code? · Why do we need to scan the code, if we...
  • Blog Post: Finally, answers on the Web – Bing

    Bing and the world Bing’s with you, Search and you Google alone… I must admit I wasn’t a real huge fan of the search results that I got with Live. But I think someone was listening. We introduced Bing to the world and I have to tell ya, it’s all it’s cracked up to be and more.  I love the instant...
  • Blog Post: The Storm is Rising

    Catchy title huh? But what do I mean by that. Hackers take advantage of this kind of chaos, are you ready? You know when your grandma told you to save your pennies for a rainy day, well the rain is here…a lot of it. In case you hadn’t noticed, a large portion of the civilised world is in the deepest...
  • Blog Post: The Vicious cycle

    In the IT Security area there seems to be this lack of belief in the old adage, It Can Happen To Anyone . Normally, before a company will get off their collective butts and do anything about their software security, they have to experience an incident. There are all sorts of cliche's we can put here...
  • Blog Post: MS Anti-Cross Site Scripting Library 1.5 Available

    Many applications today have several common security problems. SQL Injection, poor authentication and authorization, and Cross Site Scripting (XSS) vulnerabilities. The faster and more conssitently we can address these problems the better the security of our application is. Microsoft has released...
  • Blog Post: ACE Threat Modeling Links

    I've been asked several times where to get the new ACE Threat Analysis and Modeling tool. You can find this and more information about ACE Services here: http://msdn2.microsoft.com/en-us/security/aa570413.aspx Have a look. We're working on getting V2.1 of the tool released. It will be posted there...
  • Blog Post: Can we get something for nothing?

    A lot of the time when I'm presenting or discussing implementing a Secure Development Lifecycle (SDL) with clients the same question pops up. 'How much is this going to slow us down?' Well to be honest, you can't insert anything into a Software Development Life Cycle (SDLC) without adding some time or...
Page 1 of 1 (19 items)