Over the December holidays, one of our researchers discovered proof of a much-theorized but we believe never before seen in the wild security breach.

Specifically, as the this researcher was analyzing email-borne threats (something they do on an ongoing basis), they observed that in a recent attack campaign, more than 25 percent of the malicious email (over 750,000 messages) came from things that were not conventional laptop or desktop computers, but rather members of the Internet of Things (IoT); a “Thingbot”-net*, as it were.

Read More →

Joshua Rogers contacted PTV about the vulnerability on December 26.

Joshua Rogers contacted PTV about the vulnerability on December 26. Photo: Simon Schluter

A Melbourne schoolboy who exposed serious cybersecurity weaknesses within Public Transport Victoria’s systems by hacking its website to unearth a large store of personal data could be charged under the cybercrime act.

Joshua Rogers, 16, discovered an extensive database containing the personal details of public transport users in Victoria, using what cybersecurity experts described as a common hacking technique.

A self-described ‘‘security researcher’’, he contacted PTV on Boxing Day to alert them to the site’s vulnerability, but got no response until Monday, following inquiries by Fairfax Media.

The database contained a large amount of personal data including full names, addresses, home and mobile phone numbers, email addresses, dates of birth, seniors card ID numbers, and partial credit card numbers of customers of the Metlink public transport online store. The store was closed down in 2012 when PTV began.

Read More →

“Safe upon solid rock the ugly house stands: Come and see my shining palace built upon the sand!

— Edna St. Vincent Millay


The name Pottersville comes from the popular film “It’s a Wonderful Life.” In the film, there are two alternative realities presented. In one reality, the city is controlled by a miserly banker who refuses to give people control over their own lives and property. This results in a culture of violence, hatred, and envy between citizens.

General Form

A software project adopts a product technology and becomes completely dependent upon the vendor’s implementation. When upgrades occur, software changes and interoperability problems occur. Continuous maintenance, based upon product upgrades, is required to keep the system running. Expected new product features are often delayed; causing schedule slips and inability to complete desired application software features.

Symptoms and Consequences

Commercial product upgrades drive the application software maintenance cycle.
Promised product features are delayed or never delivered, causing missed application feature deliveries.
The product varies significantly from the advertised open systems standard.
If a product upgrade is missed entirely, then a product repurchase and re-integration is often necessary.

Read More →


Microsoft is killing off its controversial stack-ranking system today. While it could be viewed as an internal change that won’t affect consumers directly, it will have a broad effect on current and future Microsoft employees that may just shape the future of the company. For years Microsoft has used a technique, stack ranking, that effectively encourages workers to compete against each other rather than a collaborative Microsoftthat CEO Steve Ballmer is trying to push ahead of his retirement.

Read More →

7634d2b176abab65aeb0e6a5ef4656d1Do you know that your public cloud provider used standard hyperviseor from xen (Linode), hyper-v(Azure), or vmware solutions.

Can you tell how secure is their setup? No. Because you have no control of the internal infrastructure of these cloud service providers.

CVE-2012-1666 – allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory.

Look at Google Reader or more recent iGoogle. Service provider decided to serve you or not. If you based on one particular technology or feature – then you are in risk. That service or feature might be shut down at any time because provider is not interested in such service anymore. As well as the API. Interface to cloud services might vary and you need to control these changes to keep your business running.

So. Please combine all risks and benefits and decide if you really need public cloud. If so – please backup.

I use to work for alarm monitoring company in electronic security industry. Started as aprentice installer and finished as lead programmer and tech manager. It takes me years to understand the nature of the business and why people spend money on security but doesnt really receive service but still think that they are protected. Until something really happen with them.
It looks like the same idea as insurance business plus some funsy-shmansy electronic gadgets.
Now after 15 years in IT I found something similar here. Some customers paying for support and even receive some until something really happen. In my past work for one large enterprise we use to subscribed to Dell Red Hat Australia. I had never speak to real engineer all 3 years except one day when my manager took a high pressure on them. They connected me to one good man from states and he helped. The most of the other cases was on level of “please reboot your computer”. Lets see if the cloud will solve this scam. All you need is to migrate to cloud properly to avoid vendor lock. If something goes wrong you just switch service provider. Good luck.

Posted from WordPress for Android

Who does that server really serve?

The IT industry discourages users from considering these distinctions. That’s what the buzzword “cloud computing” is for. This term is so nebulous that it could refer to almost any use of the Internet. It includes SaaS and it includes nearly everything else. The term only lends itself to uselessly broad statements.

The real meaning of “cloud computing” is to suggest a devil-may-care approach towards your computing. It says, “Don’t ask questions, just trust every business without hesitation. Don’t worry about who controls your computing or who holds your data. Don’t check for a hook hidden inside our service before you swallow it.” In other words, “Think like a sucker.” I prefer to avoid the term.

Richard Stallman


Virtual desktop infrastructure (VDI) Users have they own application spaces. Thin clients where applications might run ether locally or on server, shared filesystem, own graphics and audio, ability to connect local devices such as USB stick etc.

Remote desktop Service (RDS) is pretty much like having screen of the “big brother” server somewhere. All users logged into one server. It is usually more complicated to setup, limited connections and low performance however it might save you some dollars on software licenses.

There is even more modern way in desktop virtualisation. Bring Your Own Device (BYOD).

One more interesting option is to share running applications. For example you can run Photoshop on virtul machine and export an aplication window to the network. Then authorised users will login and use it one after another.

We are working to develop a strategy to combine all options as above in one cost effective DaaS solution.