Home Tags Sydney

Tag: sydney

Australia advocates weakening strong crypto at upcoming “Five Eyes” meeting

Oz AG to discuss "ongoing challenges posed by terrorists and criminals using encryption."

Spectralink and Wavelink mobilize Chatswood Private Hospital for better communication and...

May 31, 2017 – Chatswood Private Hospital, part of Presmed Australia, and the largest eye, ear, nose, throat and face specialist day surgery in Australia, has partnered with Spectralink and Wavelink to improve mobile communications between clinicians to ensure they offer pre-eminent patient care in its new facility.Chatswood Private Hospital is the only one of its kind in Sydney, so demand is high.
In January 2016, the hospital moved from its original two-theatre location to... Source: RealWire

LANSA Appoints Alison Henderson as EMEA VP Sales and Marketing to...

Alison Henderson has been appointed as VP, Sales and Marketing EMEA for LANSA (www.lansa.com).
In her new role, she will drive growth for the Low-Code, Rapid Application Development Tools business, building on the companyrsquo;s expanding software and consulting services operations in EMEA. Headquartered in Sydney, LANSA is a global provider of Low-Code Application development platforms for organisations building and modernizing enterprise applications for web, mobile, Windows and the cloud. LANSArsquo;s cross-platform development product suite is... Source: RealWire

Comvergence Leverages Calix AXOS G.fast Solutions to Rapidly Bring Gigabit Speed...

Calix Elite Partner OSA helps Comvergence become the first to deliver industry-leading G.fast technology to businesses in Sydney and Melbourne SYDNEY, AUSTRALIA – April 26, 2017 – Calix, Inc. (NYSE: CALX), the world leader in Subscriber Driven Intelligent Access, announced that fast-growing Australia service provider Comvergence is successfully rolling out Calix AXOS G.fast solutions to businesses throughout Australia’s two largest cities.

The first to deploy this groundbreaking technology in both Sydney and Melbourne, Comvergence is... Source: RealWire

​Silicon Valley veteran schools Sydney startups on success

Former SpaceX CIO Branden Spikes spoke with ZDNet about his 20-year career spanning some of Silicon Valley's high-profile exports, and shared some advice for startups in Australia.

Telstra: Some SMS messages ‘incorrectly delivered’ after exchange fire

A number of SMS messages on the Telstra network are being delivered to the wrong people as a result of infrastructure damage sustained during its exchange fire in Sydney.

eProseed announces expansion into Asia Pacific

1 February 2017 – eProseed CEO, Geoffroy de Lamalle, is pleased to announce the opening of a new office in Sydney.Continuing its global expansion, services provider and software publisher eProseed announces the opening of its first entity in Asia Pacific. From the Sydney office, eProseed will offer its full range of services and software products to customers throughout the region. The new entity comes as eProseed expands its products and services to a growing number... Source: RealWire

eProseed to support 11th MENA Regulatory Summit

eProseed will participate as a Supporting Partner in the 11th MENA Regulatory Summit on February 5th & 6th in Dubai, United Arab Emirates.

The summit will cover the main topical challenges faced by the regulatory authorities and the GRC community, a debate in which eProseed has a pivotal role to play as the publisher of FSIP, a comprehensive financial supervision solution dedicated to Central Banks, Financial Regulators and Supervisory Authorities.

The 11th MENA Regulatory Summit will take place in Dubai, UAE, in association with the Dubai Financial Services Authority (DFSA) and under the patronage of H.E.
Sultan bin Saeed Al Mansouri, the UAE Minister of Economy.

Formerly known as the GCC Regulators' Summit, the event has been renamed in an effort to ensure the utmost involvement of the governance, risk and compliance (GRC) community across the MENA (Middle East and North Africa) region, and to expand the dialogue to neighboring countries that share the same topical risk challenges and regulatory outlook.

eProseed logo

"With increasing demands from many international regulatory bodies, financial supervisory authorities are required to monitor the compliance of their financial institutions against numerous new national and international requirements.
In the MENA region, the recent macroeconomic developments have also triggered an unprecedented demand for collection of high precision data at high frequency from all financial institutions to support a better risk based supervision", comments Geoffroy de Lamalle, Chief Executive Officer of eProseed.

MENA: an increasing role in global compliance and combating financial crime
The 11th MENA Regulatory Summit will be attended and supported by regional and international regulators, financial services professionals, law practitioners, advisors and market players.

The participants will highlight the recent macroeconomic developments in the MENA region including the US election, Brexit aftermath, regional regulatory responses to the financial crisis, the digital revolution in financial services, block chain technology, and crowd funding.

The speakers will set the landscape for international anti-financial crime trends, FATF perspective on terrorist financing and emergent types of financial crimes, and the dangers of withdrawal of correspondent banking relationships. Panelists will also discuss trade-based money laundering and trade finance activities, compliance culture, business conduct, business ethics, and compliance conflicts.

eProseed, the Solution Provider for Financial Supervision
Leveraging the proven expertise in developing and implementing end-to-end business solutions based on Oracle's world-class software technology stack and a close collaboration with major Financial Institutions and Regulators, eProseed has developed eProseed Financial Supervision Insight Platform (FSIP), an end-to-end financial supervision solution dedicated to Central Banks, Financial Regulators and Supervisory Authorities.

"In essence, eProseed FSIP is a comprehensive, highly agile, and plug-and-play financial supervision solution, enabling efficient and pro-active collection of high precision data at high frequency from all financial institutions, as well as automating and integrating all regulatory and supervisory functions in one single software solution", says Geoffroy de Lamalle.

About eProseed
eProseed is an ICT services provider and a software publisher. Honored with 8 Oracle ACE Directors and 14 Oracle Excellence Awards in the last 7 years, eProseed is an Oracle Platinum Partner with in-depth expertise in Oracle Database, Oracle Fusion Middleware and Oracle Engineered Systems.

eProseed’s portfolio of business applications and business accelerators is built on state-of-the-art, reliable technologies and sound knowledge of today’s challenges, developed and maintained with the highest standards in mind.

Comprehensive training and support are provided by eProseed’s experts for both applications and underlying technologies.

Headquartered in Luxembourg, in the heart of Europe, eProseed has offices in Beirut (LB), Brussels (BE), Dubai (AE), London (UK), New York (USA), Porto (PT), Riyadh (SAU), Sydney (AU), and Utrecht (NL).


Alexandra Toma
Email: alexandra.toma@eproseed.com
Phone: +40 767 670 566

Trump’s cyber-guru Giuliani runs ancient ‘easily hackable website’

Stunned security experts tear strips off president-elect pick hours after announcementUS president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable. Former New York City mayor and Donald loyalist Giuliani was today unveiled by Trump's transition team as the future president's cybersecurity adviser – meaning Giuliani will play a crucial role in the defense of America's computer infrastructure. Giulianisecurity.com, the website for the ex-mayor's eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities.
Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server. This seemingly insecure system also has a surprising number of network ports open – from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. Security gurus are right now tearing strips off Trump's cyber-wizard pick.

Top hacker Dan Tentler was first to point out the severely out-of-date Joomla! install. "It speaks volumes," Tentler told The Register, referring to Giuliani's computer security credentials, or lack of, and fitness for the top post. "Seventy-year-old luddite autocrats who often brag about not using technology are somehow put in charge of technology: it's like setting our country on fire and giving every extranational hacker a roman candle – or, rather, not setting on fire, but dousing in gasoline." Content management system developer Michael Fienen also pulled no punches: It gets worse. "Giuliani is running a version of PHP that was released in 2013, and a version of Joomla that was released around 2012," said Ty Miller, a director at Sydney-based infosec biz Threat Intelligence. "Using the version information, within minutes we were able to identify a combined list of 41 publicly known vulnerabilities and 19 publicly available exploits.

Depending upon the configuration of the website, these exploits may or may not work, but is an indication that Giuliani's security needs to be taken up a level." Found on /r/sysadmin, presented without comment. pic.twitter.com/UmWe7tHURv — Ryan Castellucci (@ryancdotorg) January 12, 2017 The most surprising fact in all of this is that the Giuliani Security website hasn't ALREADY been hacked.

They might as well put out a sign. — Michael Fienen (@fienen) January 12, 2017 Another computer security expert, speaking to The Register on condition of anonymity, analyzed Giuliani's website for us. Our guru, based in Australia, said that while the pending cyber-tsar is likely to have outsourced management of his online base, the fact that the mayor-turned-cyber-expert didn't check for lax security on his own website is not going to instill any confidence. We have reproduced our contact's assessment in full on the next page. ® 'Someone should be taken to task for this' Well, talking nuts and bolts: that website is hosted with a hosting provider.
It looks like it has its own IP address based on having a single DNS PTR object (reverse address to the name giulianisecurity.com) which means its unlikely to be in use by other organisations (except maybe his own... who knows.) That IP address is allocated out of a block of addresses registered to Japanese giant NTT but these could also be provided to NTT’s customers such as web developers/hosting providers etc. Without actively poking at the site – which I’m terrified to do, frankly – it may be shared hosting, may be a VPS, or may be a physically separate dedicated hosting solution.
I’m betting it’s a cheap VPS-based ‘dedicated’ solution. My experience with this kind of hosting means that a nice attack vector is identifying the hosting provider and trying to get allocated a similar hosting solution in the adjacent IP address space, getting root on it (or having it if it’s a VPS) and then using ‘layer 2’ fun and games to redirect the victim site’s traffic to the attacker.

This still works amazingly well and is why smart people try to do things like statically publish layer-2 addresses for layer 3 IP gateways (although this is only so effective, really). For the giulianisecurity.com domain they seem to use Microsoft Office 365 for his email. Not a bad choice.

Email security sucks and, unless you know what you’re doing/are a glutton for punishment or are generally my kind of tinfoilhat wearer (hey, friends), it’s best to leave email security to someone reasonably credible. I also note they use a large trademark monitor company – MarkMonitor.com – for the DNS service provider for the domain name giulianisecurity.com. Which is hilarious.

Because, yeah, you’d want to intrude trademark-wise on this guy’s name because it’s such a valuable brand. Like Trump’s, you know? The reality is someone else makes these choices for him for his business.
It’s not like he’s there, updating his ancient and known vulnerable Joomla content management system himself (he’d get props from me if that were the case :) Anyone truly trying to protect your brand would avoid putting a giant red flag like an unpatched CMS in a commodity hosting environment out there. Whether it’s Giuliani’s company’s responsibility or an outsourced provider’s (very likely) the ‘having ancient Joomla’ in place is a pretty bad look.
Someone should be taken to task a bit for this.

And if you’re a security and safety company with an understanding of information security threats you’d have threat management programs in place to identify and improve your controls. For example, if you were undertaking actual security testing of your site I’d wager anyone in infosec – or in IT generally really – would’ve noticed the ancient CMS and its default install remnants using the crappiest, free-est tools out there.
So respectfully, Rudy, get someone to patch your shit and seek out some kind of specialist advice. Snarky comments aside – it really comes down to this greater concern: there’s literally millions of people in infosec who would be better cyber security advisors than Giuliani or whomever his technical advisors are that he’d call on for advice. So I’d ask – again respectfully – that the president elect cast a slightly wider net than he has to receive ‘cyber’ security advice.

As much as most people in infosec are a bunch of opinionated jerks (oh, and we are) we’re all here to help. Just ask a professional.

First sign in knowing one? It’s the person who doesn’t use the word ‘cyber’ to prefix everything they say.

Covata wins Internet of Security (IoT) Solution Award for its Delta...

Sydney, Australia – December 7, 2016 – Covata Limited (ASX: CVT), a global leader in data-centric security solutions for enterprise and government, has been awarded the IoT Security Solution Award at the 2016 Computing Security Excellence Awards in London for its Covata Delta product.The Computing Security Excellence Awards celebrate the achievements of the IT industry’s best security companies, solutions, products and personalities.

Covata joined other category winners including Splunk, Symantec, Sophos and Microsoft to take home a coveted award from the exclusive event. Covata Logo Developed to mitigate new cyber security risks created by IoT, the innovative Key-as-a-Service (KaaS) cloud solution recently branded as Covata Delta, will provide SDKs (Software Developer Kit) and APIs (Application Programming Interface) to developers, to enable them to seamlessly embed security into their applications, products and services.

Covata Delta ensures that real-time information shared between the growing eco-system of connected devices remains securely under the owners’ control, by linking policy and identity to encryption and decryption. Covata CEO, Trent Telford, said of the award: “It is a privilege to be recognised by Computing Magazine as a leader in the IoT Security space.

The IoT Solution Award entrants were judged on, among other things, functionality and competitive differentiation. We believe Delta’s unique capabilities, including its patented approach to data-centric security that ties end-to-end encryption to identity checks and policy controls, its key management and its unlimited scalability – are what set it apart from others. “The number of devices connecting to the Internet continues to proliferate, and as a result, security risks are exponentially increasing.

Every connected device represents a potential access point for hackers to exploit and attack, which is why Covata firmly believes that data being collected, stored and shared from these devices must be protected. “This year we saw the first major international IoT security breach.
If we don’t build security into these connected devices from the very beginning, we will see a lot more of these types of attacks.

There is not a single company or government department, that can afford for data security to be an afterthought.

This accolade highlights the importance of data-centric cyber security solutions. We are extremely proud to have Covata Delta pioneering the protection of our interconnected future.” - Ends - About CovataCovata Limited (ASX: CVT) enables true ownership and control over your data in the cloud and over mobile services. We deliver data-centric security solutions without compromising simple usability, providing true end-to-end security. Your data is always protected wherever it may travel – inside your network, beyond the domain, to mobile devices and to the cloud – with granular access controls that extend to external users, view-only restrictions, real-time revocation and complete visibility and auditability. Own Your Data, control your data and choose where it is stored – with complete assurance that it is protected and secure.

For further information, please visit Covata.com. Media and Investor Relations:Dana DanieliCovataVP Marketing, Communications & Investor Relationsdana.danieli@covata.com+61 400 993 305 Media contacts:Covata team at Finn PartnersAstor Sonnen or Lindsey ChallisCovatateam@finnpartners.com020 3217 7060

Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper

What would happen if someone sticks this USBBQ into an airplane seat socket? VIDS Hackers are destroying everything from the latest gaming systems, phones, and even cars with a dangerous circuit-frying USB device that could put critical systems at risk. The -220V USBKill device developed last year and since refined is an inconspicious USB stick that can ruin devices in seconds by delivering continous power surges through USB ports. [That link, and all others in this story, is to a youTube video of USBKill at work - Ed] Unlike malicious USB sticks which can be safely examined in virtualised or secure environments, USBKill will ruin anything that does not have isolated power protection on USB ports. So far hackers with more dollars than cents have murdered top of the line gaming consoles, the Xbox One S and PlayStation 4 Pro, and Microsoft Surface. One notable lunatic nuked a brand new MacBook Pro, Google Pixel, and a Samsung Galaxy S7 Edge as soon as the top end devices were unboxed.

The iPad Pro survived the USB barbeque as did a set of Beats headphones.

Apple's iPhone 7 Plus. The Samsung Galaxy Note 7 also - surprisingly - failed to go nova when the same unboxing YouTube psychopath connected it to USBKill. Youtube Video The opportunity for serious harm extends far beyond wasting high end consumer products. USBKill's Russian creator, a chap known as "Dark_Purple" says unnamed car manufacturers have purchased his product to evaluate the susceptibility of vehicle USB ports. The hardware hacker plugged USBKill into his own car of unspecified make and model, frying the dashboard head unit. Chris Gatford, director of Sydney-based penetration testing firm HackLabs, says the threat posed by the devices is unlimited. "USB ports are everywhere - in cars, in power sockets, in charging stations," Gatford says. "And in planes." There appear to have been no public tests against aircraft USB ports which could fry connected entertainment and charging systems, if not cause further faults. Gatford says the attacks are possible when vendors take engineering design shortcuts and do not optically isolate the data lines on USB ports. ® Sponsored: Customer Identity and Access Management

Antivirus tools are a useless box-ticking exercise says Google security chap

Advocates whitelists and other tools that 'genuinely help' security Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications. The incident responder from Google's Sydney office, who is charged with researching very advanced attacks including the 2009 Operation Aurora campaign, has decried many existing tools as ineffective "magic" that engineers are forced to install for the sake of compliance but at the expense of real security. "Please no more magic," Bilbly told the Kiwicon hacking conference in Wellington today. "We need to stop investing in those things we have shown do not work." "And sure you are going to have to spend some time on things like intrusion detection systems because that's what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help." Bilby wants security types to focus on tools like whitelisting, hardware security keys and dynamic access rights efforts like Google's Beyond Corp internal project. "Antivirus does some useful things, but in reality it is more like a canary in the coal mine.
It is worse than that.
It's like we are standing around the dead canary saying 'Thank god it inhaled all the poisonous gas'," Bilby said. The Google hacker also argued that networks are not a security defence because users are so easily able to use mobile networks to upload data to cloud services, bypassing all traditional defences. Advice on safe internet use is "horrible", he added.

Telling users not to click on phishing links and to download strange executables effectively shifts blame to them and away from those who manufactured hardware and software that is not secure enough to be used online. "We are giving people systems that are not safe for the internet and we are blaming the user," Bilby says. He illustrated his point by referring to the 314 remote code execution holes disclosed in Adobe Flash last year alone, saying the strategy to patch those holes is like a car yard which sells vehicles that catch on fire every other week. ® Sponsored: Customer Identity and Access Management