October 22nd, 2015

Five myths about cyberattacks

Over the last few decades we've seen the trend of B2B and B2C applications becoming a standard way of doing business. Almost every company is now connected, in both directions, interacting with both customers and suppliers. Big companies rush to adhere to PCI compliance (payment card industry data security standards), whilst small and medium companies just deal with infrastructure and ongoing matters. Usually, they are not concerned with security ... Continue reading →
May 6th, 2015

Starting to think about security

The internet is a strange and wonderful place. You can find unicorns and videos of grumpy cats.  Unfortunately there are also bad guys on the internet. Today, we would like to talk about one way to deal with a specific type of event on the internet and how to respond to it. There is a type of disruptive event called a denial of service (DoS) attack.  (Some of you may ... Continue reading →
March 10th, 2014

Name and Shame (or, NTP saga part 2)

Members, On 17 Feb we wrote about the NTP DoS attacks and our response. Last week, we scanned our network and still found unpatched NTP servers. We sent the below (after the jump) note to members who had unpatched NTP servers. The note states that on Friday 7 Mar 2014 (today), we will run the scan again. Organisations who continue to have unpatched servers will be listed in a follow ... Continue reading →
February 17th, 2014

Things that we do in the background

Last week, you may have heard news reports about a denial of service attack. The attack was noticed by REANNZ, but we wanted to take a few steps behind the scenes to help people protect themselves before we made a public statement. This is fairly common practice when there is a security problem– give people a (short amount of) time to protect themselves and then publicly talk about the vulnerability ... Continue reading →