AusCERT Web Log: The AusCERT web log is where our staff have the opportunity to informally discuss current activity and interesting developments in the area information security.
Member Newsletters: Complete archive of news letters distributed to AusCERT members
Presentations and Papers:
Phishing for browsers
- Browsers beware!
Skeleton DDoS Mitigation Procedure
- This is a skeleton procedure for mitigating a DDoS attack.
Choosing good passwords
- Choosing a good password is a trade off between something that is difficult
to guess versus something that is easy to remember. This article provides some simple rules of thumb on choosing good passwords (and good password policies).
Browser Bugs Galore!
- A busy week for security professionals everywhere as multiple vulnerabilities are identified in web browsers everywhere!
Google Chrome - How shiny is it?
- Google has today released the first public beta of their new web browser, known as Google Chrome, as an alternative to other popular browsers. Chrome introduces a number of new and innovative features, but with these new features come some potential security concerns.
Malicious Flash Sites Taking Over the Clipboard
- Through the use of a standard flash function attackers are attempting to lead viewers to malicious sites.
Submission to the e-security review
- An interesting insight into where the Bad Guys want to go.
AusCERT Home Users Computer Security Survey
- The AusCERT Home Computer Users Security Survey 2008 was prepared to assess the security posture of home Internet users, their level of security awareness and attitudes to Internet security. The survey aims to raise awareness of home Internet computer security issues.
A lower total cost of 0wn3rship
- What do you do when your website is infecting your customers and your hosting
provider won't take your calls?
All your patch are belong to Oracle.. and Clam.. and Mozilla oh wait and Microsoft..
- This week (yesterday specifically) saw two browsers issue critical security
All your $_SERVER variables are belong to php-syslog-ng-2.9.7.
- A newly added "feature" of php-syslog-ng leaks information back to the author. tsk tsk.
Protecting your computer from malicious code
- This paper provides practical advice for protecting the PC desk top environment from malicious code for home users, SMEs or organisations without dedicated IT staff.
Filtering AusCERT Bulletins
- Small guide on optimising the bulletins.
Practical Computer Security slides
- AusCERT has released a basic Microsoft Powerpoint presentation to assist organisations with providing introductory computer security awareness training to individuals.
Following the rabbit hole
- Ever wondered just how thoroughly compromised an administrator can get with one click?
Storm, Porn and Brawn
AusCERT DDoS Paper
- This paper has been developed by AusCERT to share some of the experiences, and lessons learned from a Distributed Denial of Service attack on the AusCERT web server.
AusCERT submission to the ALRC's Review of the Privacy Act
Drive-by malware on the increase
- We have been predicting an increase in drive-by malware attacks for some time and it seems that in the UK, a noticeable change in this direction has occurred.
A newly registered Australian political party trials online voting in Australia
- A newly registered Australian political party, Senator Online (SOL), is developing a web-based voting system to help inform how elected SOL senators cast their votes in the Senate. If SOL candidates are elected to the Senate, AusCERT assesses that the online voting mechanisms being used are vulnerable to manipulation by attackers within Australia or around the world and hence could be used to manipulate the Australian democratic process.
AusCERT UNIX and Linux Security Checklist
- This document is designed to assist system administrators in organisations of all sizes by providing a concise guide to running UNIX and Linux systems securely.
Review of the .au domain name policy framework - submission to auDA
- How the domain name space is administered affects the ability of attackers to launch attacks against Internet users. AusCERT recommends policies and procedures be adopted by registrars to minimise the misue of the domain name registration and deregistration process to facilitate various forms of cybercrime.
Electronic Funds Transfer (EFT) Code of Conduct Review
- ASIC is reviewing the terms of the EFT Code of Conduct. AusCERT has made a submission about some aspects of the code and proposals raised in ASIC's discussion paper on the EFT Code of Conduct Review.
Haxdoor - Anatomy of an ID Theft Attack Using Malware
- This paper presents a case study about a series of related online ID theft trojan attacks that used Haxdoor variants and which targeted Australian and other Internet users. The paper describes the attack methodology and provides insight into the impact this type of attack can have on individuals, organisations and economies.
AusCERT submission to the Review of the structure and operation of the .au Internet domain 2006
- How the domain name space is administered affects the ability of attackers to launch attacks against Internet users. Therefore, AusCERT recommends that policies and procedures be adopted to minimise the misue of the domain name registration and deregistration process to facilitate various forms of cybercrime.
Tor anonymisation: a network defender's primer
- Tor (The Onion Router) is an Internet privacy application that is in its infancy, but is already changing the playing field on which network defenders must compete. This guide looks at what Tor is, how it works, and what it means for you as a network defender.
AusCERT Submission to the e-Security National Agenda Review
- As noted in the Review of the E-Security National Agenda Discussion Paper, the Internet threat landscape has changed fundamentally since 2001 when the e-Security National Agenda framework was first released.
Based on this fundamental change, this review provides an opportunity for the Australian government to consider implementing a range of practical strategies that will help reduce the level of Internet based attacks emanating from or targeting Australian networks, particularly those motivated by illicit financial gain.
2006 Australian Computer Crime and Security Survey
- The survey provides the most up to date and authoritative analysis of computer network attack and computer misuse trends in Australia for 2006. The survey aims to raise awareness of the complex nature of computer security issues, identify areas of concern and, where appropriate, to motivate organisations to take a more active role in protecting their systems.
AusCERT Submission to the Review of the Spam Act 2003
- The Australian Communication and Media Authority invited submissions from the public concerning the Spam Act 2003. AusCERT's submission to this review is here.
Case study: Anatomy of a web defacement
- The case study contains an in-depth analysis of a corporate web site defacement, with details on how the attack was performed and what system administrators can do to avoid similar incidents.
Case study: personalised phishing site
- A phishing attack has been seen recently in the wild where the attacker strengthened the credibility of their fraudulent site by including legitimate, previously obtained user details, such as home addresses and card numbers.
E-government phishing attack was aided by poor coding on legitimate government web site
Managing Risk Associated with Online ID Theft for Government and Providers of e-Government Services
Trends and Developments in Online ID Theft - Update, No. 2
Previous 1, 2, 3, 4 Next
denotes AusCERT member only content.