Rss

    Archives for : Shiraz

    The Great Ed Shiraz Challenge 2011

    Kerry and I survived another day with 698 other passionate Shiraz drinkers and 150 winemakers at the 2011 Great Edinburgh Shiraz Challenge.

    As usual, we attempted to try lots of different Shiraz styles and break the day up with our old favourites to reset the palette.

    This amounted to us tasting about 41 wines over 4 hours.

    Many of Kerry and my favourites hit the best of show this year.

    http://www.edinburgh.com.au/cellars/shiraz-day-info

    It was also great to catchup with Karel again from Lengs & Cooter who made it to 35 on the list this year.

    It took a day to re-hydrate, but it was well worth it.

    Shiraz Challenge

    The EDinburgh Great Shiraz Challenge 2010

    Well Kerry and I had been looking forward to going to the ‘Great Shiraz Challenge‘ all year. It’s one of those events that is a must if you like reds and live in Adelaide. You just can’t drive home from it   😎

    It’s also one of those events where you bump into people who you haven’t see since last year. An example of this was catching up with Karel from Lengs and Cooter Wines, although Barb wasn’t around this year Kerry and I both promised that we would catchup with them before next year… mmmh that’s what we said last year.

    Kerry and I had a great day (as usual) and enjoyed sooooo many great wines. The main reason we go is to make sure we sample the wines we have never seen or have never tried. This year was no exception.

    Our top pic this year was Scarpantoni Block 3 which didn’t make the official list… but we liked it. The Kalleske which won was very good, just didn’t stand out enough for us this year.

    It was a draw this year:
    2008 Kalleske Eduard Barossa Valley Shiraz and
    2006 O’Leary Walker The Claire Clare Valley Shiraz

    With the Best wine under $30 being Torbreck’s Woodcutters Shiraz.

    The Top 40 Shiraz results were
    1 08 Kalleske Eduard Shiraz
    1 06 O’Leary Walker The Claire Shiraz
    2 08 Torbreck Woodcutter’s Shiraz
    3 06 Clarendon Hills Hickinbotham Syrah
    4 07 Hentley Farm The Beast Shiraz
    5 08 Hart of The Barossa Organic Shiraz
    6 07 Torbreck The Factor Shiraz
    7 05 DogRidge MVP Shiraz 05
    8 08 Pirathon by Kalleske Shiraz
    9 08 Whistler Barossa Shiraz
    10 08 Langmeil Valley Floor Shiraz
    11 08 DogRidge The Pup Shiraz
    12 07 Yangarra Ironheart Shiraz
    13 08 Heathvale William Heath Shiraz
    13 08 Whistler Reserve Shiraz
    14 06 Coriole Lloyd Reserve Shiraz
    14 08 Dandelion Lionheart of the Barossa Shiraz
    15 08 Torbreck The Gask Shiraz
    16 05 Trevor Jones Wild Witch Shiraz
    17 07 Tomfoolery The Artful Dodger Shiraz
    18 08 Arete Greenock Single Vineyard Shiraz
    18 07 Eldredge Blue Chip Shiraz
    18 05 Majella Sparkling Shiraz
    18 07 Mitchell Peppertree Shiraz
    19 08 Morgan Simpson Basket Press Shiraz
    20 07 Dutschke Gods Hill Road Shiraz
    20 05 Lengs & Cooter Old Vine Shiraz
    21 07 Hewitson Mad Hatter Shiraz
    21 08 The Islander Shiraz
    22 08 Tonic Estate Fountain of Youth Shiraz
    22 08 Vinteloper Shiraz
    23 08 Majella Shiraz
    23 09 Teusner Riebke Shiraz
    24 08 Bird in Hand Shiraz
    24 08 Eagle & The Fool Shiraz
    24 09 Mike Press Adelaide Hills Shiraz
    25 08 Cardinham Estate Shiraz
    26 09 Arete The Chatterbox Barossa Shiraz
    26 08 Bleasdale Powder Monkey Shiraz
    26 06 Murray Street Vineyards Sophia Shiraz

     

    Now all we need to do is detox ready for next year.

    The EDinburgh Great Shiraz Challenge

    Kerry and I went along to the EDinburgh Cellars Great Shiraz Challenge.

    Between Kerry and I we tasted more than 25 great wines over a harrowing 2.5 hours of hustle and bustle in a huge tent in the ED’s carpark. It was great, we both thought that it was well worth the $30/head entry fee.

    One of the great things was the amount of large and small wine companies presenting their spoils. Refreshingly many of the tasting areas were manned by the wine maker, winery owner or someone of similar stature. This made for great conversations and allowed us to find other great non-mainstream wineries on the day.

    As Kerry (Wine group – 9yrs) and I (Corporate) both worked for SouthCorp (Prior to Fosters), we agreed that we would be looking for the special wines of the day. Well we did grab an RWT on the way out as the last tasting for the day – we are not stupid.

    We had a great day overall and purchased and ordered some great wins at the Cellars after the event.

    It was great catching up with Barb and Karel from Lengs and Cooter Wines and taste some of their great wines. Barb used to work at SouthCorp for many years and Karl worked at Telstra, but Kerry and I agree that they make great wines.

    Of the wines in the winning list below our favourites are:

    2006 Woodstock “The Stocks” Shiraz

    2004 Bullers Caliope Shiraz

    2006 Hentley Farm “The Beast” Shiraz

    2005 d’Arenberg Dead Arm Shiraz

    2006 Glaetzer ‘Bishop’ Shiraz

    Other top votes from us for the day are:

    2008 Mike Press Adelaide Hills Shiraz (It’s been a long time since we’ve tasted such a good cheap wine)

    2007 Honey MoonVineyard Adelaide Hills Shiraz

    2004 Lengs & Cooter Old Vines Shiraz

    2004 Lengs & Cooter Reserve Shiraz

    2005 Artful Dodger Barossa Shiraz

    2007 Veronique Regions Shiraz

    2006 Cape Jaffa La Lune Biodynamic Shiraz

    2006 Ceravolo Sparkling Shiraz

    2007 Yelland & Papps Greenock Shiraz

    Results – Shiraz Challenge

    Shiraz Day 2008 was a massive hit, with a record crowd of over 900 slurping through a field of just over 300 Shiraz. As always, we ask attendees to vote for their favourite wine of the day, and congratulations goes to Clarendon Hills for their superbly compelling 2006 Liandra Shiraz. Here’s the full list of the Top 20:

    2006 Clarendon Hills Liandra Syrah

    2005 Torbreck Factor Shiraz

    2005 Langmeil Freedom 1843 Shiraz

    2006 Hentley Farm ‘The Beast’ Shiraz

    2005 Whistler Reserve Shiraz

    2006 Penfolds RWT Shiraz

    2005 Wild Witch Shiraz

    2005 d’Arenberg Dead Arm Shiraz

    2005 Dutschke St Jakobi Shiraz

    2006 Woodstock ‘The Stocks’ Shiraz

    2006 Brick Kiln Shiraz

    2004 Bullers Caliope Shiraz

    2006 Hentley Farm ‘The Beauty’

    2005 Pikes ‘The E.W.P’ Shiraz

    2004 Paracombe Somerville Shiraz

    2006 Kalleske Greenock Shiraz

    2005 Bendbrook Goat Track Shiraz

    2004 Penfolds St Henri Shiraz

    2004 Bethany Wines GR9 Reserve

    2005 Paxton EJ Shiraz

    TOP 20 UNDER $30:

    2005 Tin Shed Melting Pot Shiraz

    2004 Carlei Estate ‘Green Vineyard’

    2004 Majella Shiraz

    2007 Torbreck Woodcutters Shiraz

    2005 Hugo Shiraz

    2006 Tar & Roses Shiraz

    2004 Whistler Shiraz

    2005 2 Mates Shiraz McLaren Vale

    2005 d’Arenberg Footbolt Shiraz

    2006 Mitolo Jester Shiraz

    2006 Guichen Bay Vineyards Reserve

    2006 Pirathon Shiraz by Kalleske

    2006 Scarpantoni Block 3 Shiraz

    2006 Naked Run Barossa Shiraz

    2006 Bird in Hand Shiraz

    2006 O’Leary Walker Shiraz

    2006 Glaetzer ‘Bishop’ Shiraz

    2007 Paxton Quandong Shiraz

    2006 Trevor Jones ‘Boots’ Shiraz

    2005 Dutschke Gods Hill Road Shiraz

    d’Arenberg

    Trojan software has been found in ATMs located in Eastern Europe

    This is Great, I want one of these cards and a list of ATM’s.

    http://www.sophos.com/blogs/gc/g/2009/03/18/details-diebold-atm-trojan-horse-case/

    http://www.theregister.co.uk/2009/03/17/trojan_targets_diebold_atms/

    From the Security Now Podcast http://www.grc.com/sn/sn-200.htm

    Steve: It’s like, oh, goodness, yeah. It’s quite something. So the big news, though, I just sort of had to kind of smile because I told all of our listeners this was going to happen. I said just wait, this is a bad idea, we’re going to see how bad it is. Trojans have – Trojan software has been found in ATMs located in Eastern Europe.
    Leo: Oh. Oh.
    Steve: From many different vendors.
    Leo: Oh, dear.
    Steve: But what one thing do all of the trojan-infected ATMs have in common, Leo?
    Leo: Let me guess.
    Steve: Mm-hmm.
    Leo: Windows?
    Steve: Windows XP.
    Leo: Ai yi yi.
    Steve: The LSASS service is the manager of protected content in the system. It’s not quite the right acronym. I can’t think of what it is right now. But it’s like the main security service. And fake ones have been found in the Windows directory. The LSASS EXE normally lives in the Windows System32 directory. They were written in Borland’s Delphi.
    Leo: You’re kidding.
    Steve: No.
    Leo: Well, that’s kind of sophisticated for a hacker. Wow.
    Steve: And it’s considered, I mean, it’s commercial-grade code. It’s good code.
    Leo: Oh, boy.
    Steve: These are not remote installation Trojans. It’s believed that somebody had to have access to the machines.
    Leo: Oh, even worse.
    Steve: But they have special credit cards. When they swipe the special credit card in the infected machine, it accesses the trojan software, which among other things allows them to dump out all the cash from the machine. But in the meantime it’s logging all of the users’ information and PINs, which it’s able to dump out encrypted with DES encryption from the printer, from the ATM printer in the front of the machine.
    Leo: Wow.
    Steve: So the – and anyway, so it’s interesting to me. Again, it’s, you know, people defended the idea of implementing these things that I contend should never have been written in Windows. They say, well, but it’s easier to write them. And it’s like, yes.

    DUKPT Overview and Transaction notes

    Hi,

    I was asked on another post relating to DUKPT to provide some backgound. Given I have lots of material on the subject, I thought I would create this thread. Link

     

    I will come back at some stage and expand on this when I get time.

    Transaction Process narrative:

    The diagram describes a mobile terminal/ATM is described using the a AS2805 (‘2805’) message type and 3DES DUKPT and dual direction auth SSL from the terminal to the aquirer (transaction switch).

    A good explanation of DUKPT can also be found at Wikipedia.

     

    Diagram of the flow

     

    DUKPT transaction flow - terminal to bank

    DUKPT transaction flow - terminal to bank

     

    Background notes:

    • The terminal or ATM firstly encrypts the user entered pin (may be a unique DUKPT key or static, depending on the design and banks involved) prior to incorporating it into the AS 2805 transaction message.
    • the message is then encrypted again using the DUKPT key which has been established through the merchant logon process within the aquirer Host Security Module (HSM) i.e. the user entered pin is encrypted separately and encapsulated within the DUKPT encrypted 2805 message to provide full message encryption.
    • In the diagram a separate dual authenticating SSL session is also used between the terminal/ATM and the aquirers infrastructure. This allowing the transaction including the pin to traverse the external Wired/GPRS/LAN within 2 primary independent layers of encryption, with a 3rd protecting the PIN.
    • When the transaction enters the aquirer environment the message encapsulation layer provided by SSL is removed.  This leaving the DUKPT’ed 2805 message which also encapsulates the separately encrypted PIN.
    • This encrypted message is passed to the aquirer switch engine through to the aquirer’s HSM for decryption of the 2805 message excluding the user entered pin.
    • This is when transactional information necessary for aquirer’s merchant reporting (truncated card number, transaction amount, transaction type, etc.) and fraud management data is collected.
    • The aquirer switch then passes the encrypted PIN to the aquirer HSM requesting that the PIN be decrypted using the aquirer’s PIN encryption and translated to the next banks (Bank 1)  PIN Encryption Key (Pin translation only occurs within the aquirer HSM) This is then sent back to the aquirer Switch engine as the Bank 1 encrypted PIN.
    • The aquirer switch engine then send the decrypted 2805 message with the newly encrypted PIN back to aquirer HSM to be encrypted with the Bank 1 MAC key.
    • The resultant Bank 1 key encrypted message is then sent to Bank 1 for processing and/or passing to the card issuer (using a similar process as described above).
    • When the result is received back from the issuing bank it is encrypted with the Bank 1 MAC key (the pin will not be present in the result message).
    • This is then decrypted by the aquirer HSM, the transaction fate result stored into the aquirer merchant reporting system and the transaction fate re-encrypted with the original aquirer DUKPT key (should be different per terminal/merchant instance) and the result sent back to the terminal through the original established SSL encrypted terminal connection.

    The aquirer may terminate the the SSL connection on a hardware device such as a CISCO Content Service Switch (CSS), or equivalent instead of the design described in the diagram which terminates onto a SSL session server/gateway (Possibly including a Certificate Authority) or on the aquirer transaction switch.

    When PIN blocks are received by the aquirer processing centre, the PIN encryption is translated from the terminal key to the Local Master Key (LMK) by the Host Security Modules (HSM).

    When the message is sent on the upstream bank interchange link to the issuer or gateway , the aquirer HSM translates the encrypted PIN block from the LMK to the Zone Master Key (ZMK) of the aquirer interchange link. The PIN block is always encrypted using DEA3 (3DES) whenever outside of the Terminal or ATM.

    HSM-8000-User Guide V2.2

    My First Twitter Post

    SQL Injection Cheat Sheets

    From Pentestmonkey.net, this is a great list of SQL Injection cheat sheets.

    Some more Links:

    SQL Injection Attacks by Example

    Pangolin – Automatic SQL Injection Tool

    SQL Injection Attacks Exploiting Unverified User Data Input

    SQL Injection Cheat Sheet

    Corporate Phone Lockdown Links

    Hi,

    I’m looking at some of the techniques used to lockdown the Iphone, Samsung, Sony and HDC mobile phones. I hope others find the links useful.

    Iphone

    Lock down the information on your iPhone and iPod touch
    http://www.touchtip.com/iphone-and-ipod-touch/lock-down-the-information-on-your-iphone-and-ipod-touch/

    iPhone’s PIM lockdown
    http://forum.brighthand.com/showthread.php?t=264166&page=2

    Apple ‘wise’ to lock down iPhone software
    http://www.itnews.com.au/News/44505,apple-wise-to-lock-down-iphone-software.aspx

    iPhone lockdown to boost on-demand services
    http://www.pcmag.co.uk/vnunet/news/2194973/iphone-lockdown-benefits-firms

    Wired’s Easy-Peasy iPhone Lockdown Checklist
    http://www.tuaw.com/2007/09/28/wireds-easy-peasy-iphone-lockdown-checklist/

    Gartner: iPhone 2.0 cuts business mustard
    http://news.cnet.com/8301-1001_3-10016270-92.html

    3G iPhone: The business perspective
    http://news.cnet.com/3G-iPhone-The-business-perspective/2100-1041_3-6243471.html

    What IT staff can do if the CEO gets an iPhone
    http://www.infoworld.com/article/07/07/24/What-to-do-if-the-CEO-gets-an-iPhone_1.html

    Iphone Hacking
    http://www.9to5mac.com/hacked-iphoneOS-beats-Apple%27s-Updated-OS-hands-down-23459856

    Iphone Enterprise
    http://www.apple.com/iphone/enterprise/
    http://www.apple.com/iphone/enterprise/integration.html

    New Specification to Lock Down Mobile Phones
    http://www.cio.com/article/24369/New_Specification_to_Lock_Down_Mobile_Phones

    Samsung

    Sony

    HDC

    ———– Advertisement ———-
    RapidRepair.com RapidRepair.com is dedicated to the service, repair, and modification of ALL iPod, iPhone, Zune, and other small electronic devices.

    VoIP and SIP links

    I’m looking at the Microsoft OCS server and other SIP integration environments. So I thought I would put the links here for others who were interested. I am also considering the issues associated with Mitel VoIP and OCS integration.

    It would be interesting if the Microsoft OCS could seamlessly allow the use of soft phones and the Mitel VoIP system. I assume a trunk needs to be setup between the two… Anyway something to look at.

    http://communicationsserverteam.com/archive/2008/05/23/196.aspx

    Office Communications Server 2007 VoIP Test Set

    OCS Testing Tool

    Connect Mitel and OCS2007

    Mitel 3300 & OCS – Ring on deskphone and softphone

    Connecting Mitel 3300cx and OCS

    VOIP – MITEL 3300 SIP TRUNK TO OCS 2007

    OCS 2007 Best Practices Analyzer

    Amateur Radio and Radhaz

    Something I have been very wary about for some year had begun to be better understood over the last few years.

    I remember a doctor from an Adelaide hospital who presented at an IEEE meeting saying “on the record there hasn’t been enough research performed to prove that electromagnetic radiation causes cancer, but off the record I have seen enough cases where I am convinces it does”.

    This simple statement and other examples provided during the presentation really drove home that we must be wary and respectful when using an existing near electromagnetic emitting devices.

    This article came from the local South Australia Amature Radio Experimentes Group Website – Thanks for allthe great work. See link http://www.areg.org.au/info/radhaz/radhaz.html

    General Background Information

    The question of Radhaz has to be considered when you are constructing an Amateur Radio station that will operate near members of the general public as well as your self.

    The responsibility for ensuring that the operation of an Amateur Radio transmitting station is operating with in the ARPANSA and ACMA guidelines is souly the responsibility of the amateur radio operator in control of the radio transmitter.

    As the standard for Radiation Protection Standard for Maximum Exposure Levels to Radiofrequency Fields – 3 kHz to 300 GHz changes from time to time. The information on this web site will become out of date. AREG accepts no responsibility for the information presented on this page, the relative orginsations should be consolted for the latest up to date information.

    For complete appraisal of your situation, you should consult one of the many orginsations that are NATA certified.

    As of March 1st 2003, the Australian Communications & Media Authority (ACMA) introduced new limits for human exposure to electromagnetic radiation (EMR) covering all mobile transmitters such as remote controlled toys, walkie-talkies and hand held two-way radios as well as radio communications installations such as broadcast towers and amateur radio stations.

    Under the new regulations, mandatory limits are set by the Australian Radiation Protection and Nuclear Safety Agency (ARPANSA) and people who hold a licence for a radiocommunications facility will have to comply, and in certain cases, hold records demonstrating compliance with the limits.

    For a complete details on the ARPANSA standard, please refer to the link below and the ARPANSA web site.

    http://www.arpansa.gov.au

    maximum-exposure-levels-to-radiofrequency-fields

    The RPS No:3 Standard is known as, Radiation Protection Standard for Maximum Exposure Levels to Radiofrequency Fields — 3 kHz to 300 GHz (2002).

    This Standard specifies limits of human exposure to radiofrequency (RF) fields in the frequency range 3 kHz to 300 GHz, to prevent adverse health effects. These limits are defined in terms of basic restrictions for exposure of all or a part of the human body. Relevant derived reference levels are also provided as a practical means of showing compliance with the basic restrictions. In particular, this Standard specifies the following:

    (a) Basic restrictions for occupational exposure with corresponding derived reference levels as a function of frequency.


    (b) Basic restrictions for general public exposure, with corresponding derived reference levels as a function of frequency.


    (c) Equipment and usage parameters in order to assist in the determination of compliance with this Standard.
    The limits specified in this Standard are intended to be used as a basis for planning work procedures, designing protective facilities, the assessment of the efficacy of protective measures and practices, and guidance on health surveillance

    IDEAS page is all about putting up design and other general ideas. These may include part circuits or drawings of things that we have thought other people may be interested in. In general don’t expect a complete package, as this page is only meant to give you some ideas on what we have done. So you can further your own experimentation.