All your Eggs in One Giant Humungous Basket
Tuesday, 01 September 2009 00:00
This article explains the increasing risk to organisations of losing masses of data in a single blow due to ever-increasing storage capacity.
Selling Security
Sunday, 04 October 2009 13:30
It has been said that the security market, is largely recession-proof. The theory suggests that economies which are suffering, witness crime going up, consequently resulting in maintenance of, or even an increase in spending on security and countermeasures. We do not believe this argument, and feel security spending deserves as much scrutiny as any other cost-centre.
Daylight Savings - Don't Forget Security!
Whenever clocks are adjusted for daylight savings, you should remember to check your various security systems to ensure they have been adjusted correctly. We would suggest you check for the following:
Is it Time to Fire the IT-Guy?
Tuesday, 17 February 2009 12:50
This article explores why managing your company's IT Security in-house can cost more and achieve less than outsourcing to a specialist provider.
The Curse of CC
Friday, 07 November 2008 14:16
This article discusses the hazards of poorly thought out (or non-existent) email policies within organisations which can embarrass companies and expose them for privacy breaches
Thinking Like the Enemy
Thursday, 25 September 2008 14:02
When Calamity are engaged to critically review or assess security, we frequently take on the role of an attacker/adversary/thief/criminal to help our client identify issues before a genuine attacker/adversary/thief/criminal does.
Security expert Bruce Schneier, who has also learned to 'think like the enemy' made a cute observation in this article on Wired:
Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.
I replied: "What's really interesting is that these people will send a tube of live ants to anyone you tell them to."
Security Advisory - Mechanical Combination Locks
Friday, 22 August 2008 09:33
Combination locks have long been utilised, to secure items without the need for keys and the associated issues they present (key management, loss, difficulty of change).
Several vendors of door furniture and locking hardware have developed and sold mechanical push-button combination locks which can be used to unlock doors and gates, deadbolts and spring latches. These are sold by numerous manufacturers and vendors under a variety of names including "digital" "cypherlock/cipherlock" "combolock" "keyless entry" and so forth.
Calamity have reviewed and tested a number of similar products on the market which all exhibit a potential weakness that would allow anyone to defeat them.
Poor Training Helps Terrorists
Monday, 22 September 2008 13:31
Hotel Management in Pakistan have (tragically) learned a valuable lesson in preparing for terrorist activity.
Protecting Firewalls with Brick Walls
This article was published in the Sep/Oct 2008 issue of Security Solutions Magazine. It describes how Information Security, IT Security and Physical Security threats are similar and why the common mistake of addressing only one set of threats, is a losing proposition.
Myths About Alarms - How to verify you are getting what you deserve, and what you have paid for
This article explains some of the things you should look for when upgrading or installing a new alarm and security system. We have written this article to help you avoid 'snake-oil' and be confident you are getting what you expect and deserve.
Making Money with Email Disclaimers
This Article, originally published in Security Solutions Magazine July/August 2008, explores poorly thought out email disclaimers and gives useful advice for protecting your company with genuinely effective controls over email communications.
Protect your systems – Fire all of your Staff
No-nonsense techniques to reduce the likelihood of your staff being a weak-link in your organisation's security. Including a case study of a major success story for Calamity's consultants. Originally published in Security Solutions Magazine, June 2008.
Hello iPod, Goodbye Assets
How portable devices can let your information assets walk out the door, and how to manage this risk. Originally Published in Security Solutions Magazine, April 2008.
Security Configuration Insecurity
How legacy computer systems and software are creating insecurities in physical protection of assets. Originally published in Security Solutions Magazine, Australia, February 2008.
The system which controls your doors’ electronic access control is so insecure, you might as well leave the doors ajar. But more on that later. First, a story...
Integration Disintegration
How the increasing practice of integrating voice, data and CCTV systems onto the same network can have potentially devastating effects on organisations. Originally published in Security Solutions Magazine, December 2007.
CyberSnooping
Twelve hours before his announcement to the world, the CEO sits hunched over his keyboard putting the finishing touches to his company’s plans. If any competitors discover these plans the company will be finished. In the street below, an innocent looking delivery van sits with its engine idling quietly. Inside the rear of the van, two men sit in front of a wall filled with monitors watching every word appear as it is typed on the keyboard in the office six floors above. “We’ve got them” mutters one of the van’s occupants as he smiles, amused that the company will never know how secrets which were kept on computers not even connected to a network, inside locked cabinets in a secure building ever fell into their opponent’s possession.
Keeping the Evil In
From a security perspective, educational environments (schools and universities in particular) represent a unique challenge. A primary security goal for most organisations is keeping malicious traffic out of their networks. In many cases, educational institutions represent the source of such traffic, so the goal in those environments is often the opposite - keeping it in, or otherwise preventing it.
Who’s Watching You?
The average Internet user gives away more private information in one day than most people divulge in a month – quite often without even realising they are doing it. Who collects this information, how are they using it and how can you stop them?
Ethical Hacking – Paying someone to break into your organisation
This article was originally published in Security Oz Magazine, August 2003. Although somewhat dated, many of the underlying principles and the advice given within the article remain current.
Ethical hacking refers to the performance of intrusions on information systems by authorised parties. It is an attempt to identify vulnerabilities and exposures of a system or application in a controlled manner such that these may be remedied before they are exploited by a malicious (unauthorised) party. Put simply, ethical hacking seeks to proactively find certain holes in your organisation’s security, or the security of a specific component such as an application you have written, which can then be treated, rather than learning about them the ‘hard way’ – after the organisation suffers a costly and embarrassing breach.
Read more: Ethical Hacking – Paying someone to break into your organisation