Articles by Stilgherrian

You are currently browsing Stilgherrian’s articles.

Weekly Wrap 102: Infosec and interference

21 May 2012 in Weekly Wrap by Stilgherrian | No comments

My week from Monday 14 to Sunday 20 May 2012 was mostly about the AusCERT information security conference and a blur of returning pain thanks to my dodgy shoulder.

As I finish compiling this post, I’ve still got lots of AusCERT material to produce and Monday looks like being intense. So let’s just list everything and see what happens.

Podcasts

Patch Monday episode 138, “Anonymous ‘crippled’: where to for hacktivism?”. Following last week’s conversation with Israeli information security researcher Tal Be’ery about hacktivists’ tactics, I spoke with former journalist and commentator Barrett Brown, who has worked with Anonymous for about a year and a half. He discusses Anonymous’ position in the wake of revelations that Sabu, a core member and informal leader of the offshoot hacking group LulzSec, had become an FBI informant.

Articles

These are just the first two articles from my AusCERT coverage. More will follow.

AusCERT 2012: Russian crims evade transaction profiling, ZDNet Australia, 17 May 2012.
AusCERT 2012: DNS poisoning the ‘thin end of a wedge’, ZDNet Australia, 17 May 2012.

Videos

5 Conference Tips for PR Professionals, an impromptu video message from Gold Coast airport.

Media Appearances

On Monday I spoke about Facebook charging for highlighted posts and the company’s stock market float on ABC 702 Sydney.
On Tuesday I spoke with journalism student Tom Davey about various attempts to regulate the internet. Should he choose to post the resulting radio report I’ll post a link here.
On Friday night I spoke about AusCERT, cybercrime, cyberwar and claims that Apple is behind the pace on ABC Local Radio.
On Sunday I spoke about the surveillance society at the Sydney Writers’ Festival. A link to the audio will appear here when it becomes available.
On Sunday night I spoke about using Twitter to generate ideas on ABC Local Radio. A link to the audio will appear here when it becomes available.

Corporate Largesse

AusCERT 2012 conference organisers and sponsors paid for various meals and drinks, but I didn’t keep track of that. While that means I can’t disclose who paid, it also means I can’t be influenced because I can’t remember who’s meant to be doing the influencing. Complete market failure, that.

The Week Ahead

There’s a couple of days of intense writing and production ahead. At the very least there’s two or three articles about AusCERT 2012 and the Patch Monday podcast. Then there’s a piece to do for CSO Online, and one for Technology Spectator.

I should be returning to Wentworth Falls this evening, but I plan to be back on Wednesday night to go to a paintball session with Eugene Kaspersky and other journalists. That could be weird. And I’ll probably be in Sydney again at the end of the week, but that hasn’t been planned out yet.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up) and via Instagram. The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Airbus A320-232 VH-VGY at Gold Coast airport, the aircraft I traveled in on Saturday. Check out the complete history of VH-VGY at FlightAware.]

Video: 5 Conference Tips for PR Professionals

19 May 2012 in Business, Internet, Marketing by Stilgherrian | 2 comments

On the way back from the AusCERT 2012 information security conference this afternoon I found myself stranded at Gold Coast airport for a couple hours, exhausted. What better, then, than an impromptu video explaining how public relations operatives can improve the way they interact with journalists at these events.

This video was shot with a Nikon Coolpix S8100 compact digital camera, using the in-camera stereo microphone for the audio. The only post-production was to top and tail it, and compress it to a YouTube-optimised MP4 using iSkysoft Video Converter. Otherwise it’s exactly as it came out of the camera.

Should I list the tips themselves, here, in text form? Perhaps later. I simply couldn’t be arsed right now.

Talking AusCERT 2012 and cyberwar on ABC Local Radio

19 May 2012 in Conversations, Internet, Politics by Stilgherrian | No comments

My full output from the AusCERT 2012 information security conference has yet to appear. Stand by. But last night I did a half-hour conference wrap with Dom Knight on ABC Local Radio.

We spoke about the conference atmosphere itself, cybercrime, cyberwar, the risk of Cybergeddon (yes, I know), and the claim by Eugene Kaspersky that Apple is ten years behind Microsoft when it comes to security.

Not that Mr Kaspersky would ever, like, troll the entire planet.

Podcast: Play in new window | Download (Duration: 32:41 — 15.5MB)

What we didn’t talk about, really, was the two stories that have been published so far:

Russian crims evade transaction profiling, which details a trans-national organised crime operation profiled by Mikko Hypponen.
DNS poisoning the thin end of a wedge’, in which domain name system pioneer Dr Paul Vixie supports my argument that fiddling with the internet’s fundamental navigation systems probably isn’t such a great idea.

AusCERT 2012: What’s changed since 2011?

15 May 2012 in Internet, Politics by Stilgherrian | 2 comments

I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.

Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:

AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?

The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?

And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.

I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?

[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]

Talking Facebook pay-for-highlighting on ABC 702 Sydney

14 May 2012 in Conversations, Internet, Media by Stilgherrian | No comments

While the Facebook IPO Roadshow rolls on, the company is trying a bunch of experiments — both to search for new revenue streams and to maintain the buzz. One of them is paying $2 to have your post highlighted.

The numbers in the story don’t surprise me. Typically a Facebook user’s posts are only seen by around 12% of their followers, depending on whether Facebook’s secret-sauce algorithm decides whether you’re a sufficiently close friend or the topic is of sufficient interest to the viewer.

Why not let people pay money to change that?

I could tell from the tone of his voice that ABC 702 Sydney host Richard Glover did not approve.

Podcast: Play in new window | Download (Duration: 6:04 — 4.7MB)

Weekly Wrap 101: Codeine and counter-surveillance

13 May 2012 in Weekly Wrap by Stilgherrian | No comments

My week from Monday 7 to Sunday 13 May 2012 was less productive than it might have been thanks to my shoulder being “out” for a few days, resulting in severe pain. No, I don’t mean I have a gay shoulder. I mean that a rib wasn’t seated properly.

The shoulder was repaired on Wednesday and is now slowly getting better, thank you. But despite the pain and the codeine haze, I did get a little work done.

Podcasts

Patch Monday episode 137, “Removing the anonymity from Anonymous”. A conversation about the tactics of Anonymous, LulzSec and other hacktivists with Israeli information security researcher Tal Be’ery, web security research team leader at Imperva’s Application Defense Center (ADC), where he leads efforts to capture and analyse hacking data.

Articles

IT: the opportunities, some lost, from a low-tech budget, Crikey, 9 May 2012.

Media Appearances

On Friday I spoke at the inaugural Saasu Cloud Conference, with a presentation entitled Security and the Cloud: Hype versus Reality.

Corporate Largesse

None.

The Week Ahead

The current plan? A day of writing at Wentworth Falls on Monday. A day of travelling on Tuesday, taking the train to Sydney and then flying to the Gold Coast. Once there I’ll be covering the AusCERT 2012 information security conference for ZDNet Australia, flying back to Sydney on Saturday afternoon.

On Sunday afternoon I’m speaking about the total surveillance society at the Sydney Writers Festival.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Fuckin' art, innit, taken at the Hotel InterContinental, Sydney, on Saturday 12 May 2012.]

Security and the Cloud: Hype versus Reality

11 May 2012 in Business, Internet by Stilgherrian | No comments

My presentation from the Saasu Cloud Conference 2012, which I told you about previously, is now online: Security and the Cloud: Hype versus Reality.

I’ll leave the article to explain itself once you click through, but to provide some Googlejuice here are the words hacking, infosec, cybercrime, cyberwar, information security, malware and cows.

Why tweeting my movements isn’t a safety risk

10 May 2012 in Internet, Politics by Stilgherrian | 5 comments

[Update 2.25pm: Comments on Twitter have persuaded me to emphasise that the question here is specifically about "personal safety" only, and my personal safety at that. As the second-last paragraph says, the risk profile might not be the same for everyone. These are the choices I've made with open eyes.]

“How do you think that tweeting your day plans affects your personal safety?” asked Ravneel Chand a short time ago. Overall, I reckon it actually increases my safety. Here’s why.

Background first. Here’s today’s “daily plan” tweet which, like those on pretty much every other day, is tweeted shortly before I settle down to work.

Thu plan: Bump out Waratah Cottage; 1032 train to Sydney; lunch (where?); errand Newtown/Enmore; write something; evening TBA.

Later in the morning I mentioned that I’d be catching a later train. And then, just as I left the house:

Mobile: Cab, shortly, to Wentworth Falls; 1132 train to Sydney Central; train to Town Hall station; 1335 walk to SEKRIT hotel and check in.

Clearly the fear being expressed is that by knowing my movements some bad person could more easily do me harm. But let’s do a proper risk assessment. You start one of those by enumerating the risks, and then you look at how this additional information might change those risks.

Read the rest of this entry »

Budget 2012: the key numbers

08 May 2012 in Internet, Media, Politics by Stilgherrian | 2 comments

$1.5 billion
up to $210
$33.3 billion
$5 billion
1.5 million Australians
one percent
$714 million
nearly $1 in $6
02 6277 7340
crackdown

So how should I cover Budget 2012?

08 May 2012 in Internet, Media, Politics by Stilgherrian | 2 comments

I’ve commented on the Budget for Crikey every May since Labor took power in 2007. This year will be no exception. But what will I say?

In 2008 I criticised Rudd’s slow digital revolution.

Dig into Budget Paper No. 2 and there’s a frustrating lack of detail and commitment.

Of $4.7b promised for the National Broadband Network [this was the original 12Mbps fibre to the node policy], only 0.16% has been committed: $2.1m this financial year and $5.2m next for “establishment and implementation”. The remaining 99.84% — you know, actually building the thing — is all “nfp”. Not for publication. We’ll get back to you…

The rest? All. Too. Slow. And. Vague.

In 2009 I complained that the machinery of Australian government is as outdated as the steam locomotive and the electric telegraph in The Budget? How quaint! They’re just made-up, you know.

Here we imagine that once a year we can produce a Big List of Numbers that’ll cover everything our “modern” nation-state will need to deal with for the next 365 days.

We proclaim it Good or Bad for this or that self-interested sector of the community on the basis of a quick glance, a gut reaction, and the need to create a narrative that’ll attract an audience or justify a pre-existing political zealotry.

We pretend to believe numbers like “$20 million over four years” when only a tiny part of that might be committed in the coming financial year and the rest, still to be confirmed in the next Budget, is therefore nothing but wishful thinking.

The reality, of course, is that the world moves faster than this. We experience a sudden global financial crisis, and must immediately tighten our belts by … um … giving away $900 cash to everyone.

In 2010 I complained of More NBN vagueness, border control and cyber-safety re-allocation. It’s not a bad read, but I’ll leave you to click through to that one.

And by 2011 I was clearly over the whole thing, writing Ritual shenanigans, but hey, this is government.

Riddle me this. What is the actual point of the federal budget process and all the lock-up shenanigans that go with it when the biggest bucket of money related to the technology sector by far, that National Broadband Network thing, isn’t even on the books?

What is the point when the way that NBN money is being spent – and is it $26 billion or $36 billion or $43 billion or that $50 billion scare-number that Malcolm Turnbull pulled out of some random orifice and keeps repeating unchallenged? – it is all SEKRIT thanks to those magic words “commercial confidentiality”…

What is the point of this annual ritual – built on the assumption that we can publish a set of numbers in May that will, in this complex and rapidly changing world, still be meaningful six months down the track – when the government has to respond to changing circumstances? Such as urgently building a fibre-to-the-premises network? Or responding to a global financial crisis? Or starting a land war in Asia? Or handing to every taxpayer $900 because, um, oh, shut up stop asking questions and buy a new TV.

I went on about “$20 million in suck-up-to-Tasmania funding” and “Labor’s half-arsed internet ‘filtering’ policy” and “loud-mouthed entrepreneur Ruslan Kogan” and noted:

Just be aware that all of this could be changed in an instant, budget process or not, if a minister gets on a plane with the Ranga-in-Chief with a few numbers scribbled on the back of an envelope.

So, what the fuck will I end up writing once the budget papers drop onto government websites tonight? Especially given that my shoulder is “out” and I won’t be able to get it fixed until tomorrow afternoon — my birthday! — and I’m scoffing codeine? Suggestions please!

« Older entries