Whitepaper: Disaster Recovery and High Availability for Windows Azure Applications

  The team have recently released a new whitepaper Disaster Recovery and High Availability for Windows Azure Applications The whitepaper outlines the necessary architecture steps to be taken to disaster-proof a Windows Azure deployment so that the larger business continuity process can be implemented. A business continuity plan is a roadmap for continuing operations under…


Windows Azure in Australia! How does that change your security outlook?

We are bringing our world class Windows Azure data centres here to Australia. Microsoft has a long history of bringing industry leading technologies to the world. Windows Azure is no different. Today we announced that we will be adding more data centres around the globe. Australia will have two georedundant regions, New South Wales, and…


Regarding Cloud Security and Data Sovereignty

There are two primary concerns for governments and organisations in Australia when considering taking advantage of Cloud Computing. #1: Security, #2: Data Sovereignty.  While these are legitimate concerns, they are largely misunderstood and surrounded by Fear, Uncertainty and Doubt (FUD). We need to address this FUD, rather than sticking our collective heads in the sand…


Cloud As a Security Layer–#Winning

I’ve often been a proponent of thinking of Cloud based computing as a security layer between you and the bad guys. It seems the US Department of Defense agrees with me. http://techinsider.nextgov.com/2011/03/cyber_command_shifting_to_the_cloud.php Now, by far the most common area of attack where bad guys get information or do damage to systems other than lost/stolen equipment…


AU Gov blocking web based email, worth it? No.

In response to the Australian National Audit Office report ‘The Protection and Security of Electronic Information Held by Australian Government Agencies’ many government agencies are talking about blocking access to web based email.  Here’s the recommendation that has been lighting up the Twitterverse "emails using public Web-based email services should be blocked on agency ICT…


Security Intelligence Report Vol 9 available

The latest SIR is available now from Microsoft. You can find it here: http://www.microsoft.com/security/sir/default.aspx  Industry wide vulnerabilities continue their downward trend. However High Complexity vulnerabilities rose a bit ( http://www.microsoft.com/security/sir/keyfindings/default.aspx#section_4_1_3 ). Is this a good thing? Maybe. Low and medium vulnerabilities continued downward, this means that common easy to attack vulnerabilities such as XSS and…


Follow-up from previous SQL Injection post.

So first off, Thank you to Jim Manico for his comment on my previous post which lead me to create this post. I will includes quotes from Jim’s comment for reference here. JM: “I think you are terribly wrong, and its important we clear this up.” No worries I appreciate your candour. Everyone is entitled…


“there is no bigger attach vector than with a parameterized sp” NOT!!

I recently posted an article on our ACE Team blog (you can read it here if you are interested) There were a few comments about the use of Dynamic SQL that made me realise that not everyone “get’s it” yet. Here are the comments that started the discussion: Alastair Upton said: Shouldn’t Rule #4 read…


Rules to stop bad guys

I just posted an article to our team blog about simple development rules to stop the bad guys. Head over and have a read. You can find the post on the ACE Team blog. I know it’s a repost, but sometimes it beats re-writing. 😉


Bitlocker Broken/Cracked… NOT!

Ok, I’ve been trying to keep my cool on this whole thing but enough is enough. A few days ago ars technica ran a hype-story called “First commercial tool to crack BitLocker arrives” (no, I’m not going to link to it because they don’t deserve the traffic IMHO) The claim is that Passware has created…