We spoke about the conference atmosphere itself, cybercrime, cyberwar, the risk of Cybergeddon (yes, I know), and the claim by Eugene Kaspersky that Apple is ten years behind Microsoft when it comes to security.

Not that Mr Kaspersky would ever, like, troll the entire planet.

What we didn’t talk about, really, was the two stories that have been published so far:

• Russian crims evade transaction profiling, which details a trans-national organised crime operation profiled by Mikko Hypponen.
• DNS poisoning the thin end of a wedge’, in which domain name system pioneer Dr Paul Vixie supports my argument that fiddling with the internet’s fundamental navigation systems probably isn’t such a great idea.

The audio is of course ©2012 Australian Broadcasting Corporation, but as usual I’m posting it here as an archive.

I’ll leave the article to explain itself once you click through, but to provide some Googlejuice here are the words hacking, infosec, cybercrime, cyberwar, information security, malware and cows.

T’was a short week in terms of writing and media production because it was the 4-day work week prior to Easter, I spend about 10 hours judging entries in the Lizzies, the Australian IT journalism awards — the finalists have now been announced, and the awards night is on 20 April — three and a half hours troubleshooting the ADSL connection at Bunjaree Cottages, and two hours restoring a website that a new developer had accidentally taken offline.

There was also a mysterious pump.

Podcasts

• Patch Monday episode 132, “Cyberwar: don’t believe the hype”. Thomas Rid, reader in war studies at King’s College London, destroys some myths. I found this to be one of the more fascinating podcasts I’ve ever done.

Articles

• Are we winning the war on spam?, CSO Online, 28 March 2012.

Media Appearances

• On Thursday I was quoted in Harrison Polites’ story at Technology Spectator, A storm in a postbox, on the Australia Post’s new Digital Mail service and a similar product from Computershare. “I already have a ‘digital mailbox’. It’s called email,” was one of the things I said. “Why on earth would I want yet another information silo to check for so-called ‘important’ mail — by which they seem to mean bills and bank statements?” Plus some stuff about encrypted email.

Corporate Largesse

None.

The Week Ahead

I’m in Sydney all this week, and the main blocks of work are a Patch Monday podcast to be posted on Tuesday and a 2000-word feature for ZDNet Australia. I daresay other stuff will turn up as well, but let’s focus on one stressor at a time.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: New Holland Honeyeater (Phylidonyris novaehollandiae), a daily visitor to Rosella Cottage but a bugger to photograph because they move so fast.]

Podcasts

• Patch Monday episode 120, “Anonymous vs. Stratfor: the real issues”, being a nice long interview with Richard Stiennon, chief research analyst with IT-Harvest, a privately-held IT security research firm based in Detroit, Michigan. He also edits and publishes the newsletter Cyber Defence Weekly, and is author of the book Surviving Cyberwar.

Articles

• The snake oil that is domain registries’ big fat new revenue stream, Crikey, 11 January 2012.

Media Appearances

• On Monday I was on ABC NewsRadio talking about generic cyberthreats as sold by the Australian Federal Police, or something.
• On Thursday morning ABC Radio National Breakfast had an expert panel on cybersecurity, and I was one of the experts. I suggest you read the daft troll’s comment on this post. It’s a hoot.
• On Saturday afternoon I was talking about various online scams on Sydney radio 2UE. They were so happy with this week’s post that I’m now booked in for this Saturday 28 January at 1530 AEDT to talk about trolling.

Corporate Largesse

None. I thought things might start picking up this week, but apparently not.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Rosellas neat Wentworth Falls, photographed near Railway Parade on 17 January 2012.]

Also taking part were Richard Stiennon, chief research analyst at IT-Harvest in Detroit (I spoke with him about Anonymous and Stratfor on this week’s Patch Monday podcast), and Sean Kopelke, director of security and compliance solutions at Symantec Australia. The host was Jonathan Green, who is usually editor of ABC The Drum.

Over at the ABC’s website you can find the program audio and (perhaps, eventually) transcript. But I’m also including the audio below, just in case their systems fail.

This audio is ©2012 Australian Broadcasting Corporation, of course. Even though we don’t get paid.

A weekly summary of what I’ve been doing elsewhere on the internets — and a remarkably unproductive week it was. I’m even posting this summary late!

In part that’s because the Tooth and Shoulder Situation lingered, but also because I reacted poorly to some negative comments on some of my writing. I’ll write more about that soon.

Podcasts

• Patch Monday episode 107, “Cyberwar: back to basics”. A conversation with Nigel Phair, a director of the Centre for Internet Safety at the University of Canberra.

Articles

• Google+: What’s in a name?, ABC Drum Opinion, 27 September 2011.

Media Appearances

• On Monday I spoke with ABC Mid North Coast NSW about Facebook and Twitter and spending “too much” time connected. As far as I know there is no recording.
• Also on Monday, I spoke with ABC Gold Coast about Facebook changes.
• On Tuesday I spoke with ABC 105.7 Darwin about Facebook changes.
• On Friday I spoke with ABC Gold Coast about smartphones and daylight saving.

Corporate Largesse

• On Tuesday I had lunch at Wildfire Restaurant, Circular Quay, courtesy of Bass PR. The event was a security roundtable presented by some of their clients, including Websense, WatchGuard and VMinformer, and analysts Frost & Sullivan. I’ll write something about this in due course.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: My first beer after nearly three weeks of illness and heavy-duty antibiotics. Much deserved. It's a Coopers Pale Ale at The Grand View Hotel, Wentworth Falls. This event actually happened the previous week, but I'm slow.]

That said, we did manage to get a recording of the over-dinner speech by David Irvine, the director-general of Australian Security Intelligence Organisation, which Liam Tung turned into the story “Insidious” cyber chaos too fast for ASIO. It also served as part of the inspiration for my story Yet another free pass for Aussie spooks.

Who wants to go to Canberra anyway?

However SC Magazine did send Darren Pauli and John Hilvert, and their stories were:

• Cyber warfare lays ground for non-state actors
• Defence contractor warns of false cyber security beliefs
• Cyberwar bad for business
• Aussie war alliance extends to cyberspace

I’m covering it for CSO Online, and for the moment I’m assuming that’ll be in the form of written material. I’d also like to cover it for the Patch Monday podcast, but I don’t think that’ll be possible due to the contractual arrangements.

The event itself runs for a day and a half. An afternoon of presentations followed by a day of roundtable discussions. I’m looking forward to it.

If there’s anything else happening in Canberra either side of this event, please let me know so I can plan to attend,

Last week I had the very great pleasure of interviewing Dr Paul Nielsen, director and chief executive officer of the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) in Pittsburg. This week’s Patch Monday podcast is that entire interview.

SEI is the parent organisation of CERT, the original computer emergency response team set up with US Department of Defense funding after the Morris Worm scared the bejesus out of everyone.

Before joining SEI, Dr Nielsen had a 32-year career in the military, reaching the rank of Major General. For a time he commanded the US Air Force Research Laboratory at Wright-Patterson Air Force Base, where he managed an annual research and development budget of more than US$3 billion. We got on rather well.

For Patch Monday we talked about everything from worms and hacking to password management, the problems that local police face when prosecuting online crime, why Apple has so far had a better security experience than Android and dealing with security issues when the internet is populated with so many different kinds of devices.

We even talked about the evolution of hacking, and I’ve pulled out that part of the conversation for a story at CSO Online, LulzSec, WikiLeaks, Murdoch: hacking’s fourth wave.

You can listen below. But it’s probably better for my stats if you listen at ZDNet Australia or subscribe to the RSS feed or subscribe in iTunes.

Please let me know what you think. Comments below. We accept audio comments too. Either Skype to stilgherrian or phone Sydney +61 2 8011 3733.

Information security has an image problem, I reckon. No-one apart from the infosec geeks themselves know what’s really involved in hacking or fighting hackers. So the public thinks it’s all like the bullshit in movies.

Like Hugh Jackman creating a virus in Swordfish, pictured.

Does anyone remember the episode of Spooks where the office lights went out when the hacker breached the firewall?

Let’s fix that.

Let’s hear more about the real war stories. OK, everything has always gotta be so goddam SEKRIT! No-one wants to admit to an embarrassing problem. But I reckon we can tell some of these stories while leaving out the identifying details.

We don’t need to reveal which bank nearly had its data centre pwned by a 14-year-old Ukrainian, nor which vendor’s product provided the bloody great hole he came through. But we can certainly talk about the processes, the time pressures and the paranoia.

This week I’ve started writing for a certain as-yet-undisclosed masthead. I reckon we could do regular stories from the front line of cybersecurity. I’ve been told to go for it. And I reckon it’d be fun to write in a stronger narrative style for a change.

If you are, or know of, someone that I should meet for a few drinks in a quiet place while I take notes, please contact me.

Podcasts

• Patch Monday episode 77, “Cyberwar: we’re in it together”. This is my wrap-up of the RSA Conference on information security.

Articles

• AFACT versus iiNet appeal decision resolves nothing, for Crikey. In summary, while the Australian Federation Against Copyright Theft’s appeal against the Federal Court’s decision in favour of iiNet was lost, this’ll probably all end up being appealed again to the High Court.

Corporate Largesse

• On Wednesday I attended the NICTA Techfest and was provided with free food and drink.
• Starting on Sunday I was attending the Kickstart Forum on the Gold Coast. My airfares and accommodation were paid for by the organisers, Media Connect. On Sunday evening security firm AVG bought me a drink. Sunday night’s dinner was sponsored by MyNetPhone.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

All of the keynote sessions from the RSA Conference on information security are now online as video and audio. Here’s my personal suggestions for the ones to watch.

I didn’t see all of these keynotes. Sometimes there were 17 or 18 sessions running in parallel. I also skipped most of those that were obviously a vendor telling their story. Once I saw a couple of them, I was reminded that for so many IT folks the word “keynote” doesn’t mean something that provides insight any more, but is merely a synonym for “infomercial”.

It’s a shame that RSA hasn’t provided the media in an embeddable form. Or provided an obvious way to link to each keynote directly. Or given the keynote titles. Or told you which ones are panel discussions rather than single-person presentations.

But here’s what I reckon you should watch.

• Wednesday’s panel led by James Lewis, “Cyberwar, Cybersecurity, and the Challenges Ahead”, with former NSA head Mike McConnell, former US Secretary of Homeland Secretary Michael Chertoff and security guru Bruce Schneier.
• The Cryptographers Panel with Dickie George, Whitfield Diffie, Adi Shamir, Martin Hellman and Ronald Rivest. I didn’t see this one myself, but from the comments on Twitter it was a must-see tour through the history of cryptography and an informed look into the future.
• The presentations by US Deputy Secretary of Defence William Lynn and the head of US Cyber Command General Keith Alexander. Lynn’s presentation was a little dry but set out US political views. Alexander was witty and expanded on Lynn’s comments into the practical realm.
• Microsoft’s Scott Charney’s presentation of their “Collaborative Defence” strategy, important because this is the worldview that Microsoft is encouraging us to adopt.
• Michio Kaku, physicist and best-selling author, on “The Next 20 Years: Interacting with Computers, Telecommunication and AI in the Future”. I didn’t see this one, but I’ve seen Kaku on The Colbert Report and he’s a damn good presenter.
• Michael Capuzzo, author of The Murder Room, on forensic pathology. Again, I didn’t catch this one, but was told it was fascinating.
• Bill Clinton’s “Embracing our Common Humanity”. My understanding — although I haven’t checked yet — is that this is essentially the same speech that he gave at Dreamforce in December. That said, he’s a persuasive speaker and it’s worth a listen.

That’s my personal selection, based on what I saw or what I heard about? What are your selections?

[Photo: James Lewis' keynote panel, "Cyberwar, Cybersecurity, and the Challenges Ahead". From left to right: former NSA head Mike McConnell; former US Secretary of Homeland Secretary Michael Chertoff; and security guru Bruce Schneier. Disclosure: I travelled to San Francisco to attend the RSA Conference as a guest of Microsoft.]

A weekly summary of what I’ve been doing elsewhere on the internets. This time I’m making up for the recent slow weeks with a whole bunch of material from the RSA Conference on information security.

Podcasts

• Patch Monday episode 76, “The end of the open internet?” “I think the age of the deeply competitive internet is over,” says author and telecommunications lawyer, Tim Wu. “The next five years is going to be a story of the big four or big five.” This podcast contains the complete interview with the author of The Master Switch: The rise and fall of information empires, sections of which were quoted in the stories below.
• The next episode of Patch Monday is all about the RSA Conference, cyberwar, and Microsoft’s call for what referring to as “collective defence”. I’ve already completed that episode, and you’ll be able to grab it late Monday morning Sydney time over at the Patch Monday podcast stream.

Articles

• NBN is ‘visionary’, congratulations: Wu, for ZDNet Australia. Tim Wu reckons the National Broadband Network will be a Good Thing, if it works out as intended.
• Egypt and the NBN: the internet, it’s made of people, for Crikey.
• Oz kicks US’s butt on net security: Gartner, for ZDNet Australia. Security analyst John Pescatore reckons Australia and New Zealand are ahead of the US when it comes to certain key internet security initiatives.
• Digital apocalypse: the road to destruction, for ZDNet Australia. One of the big themes at the RSA Conference was cyberwar.
• WikiLeaks isn’t cyber war, but maybe it’s piracy, for Crikey. Infosec specialist Bruce Schneier had an interesting view of WikiLeaks.

Corporate Largesse

• My trip to San Francisco for the RSA Conference was paid for by Microsoft.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Cincinnati nerdcore act Dual Core performing at the Electronic Frontiers Foundation’s 21st birthday party in San Francisco on 16 February 2011.]

Be afraid. Be very afraid. I have taken over ZDNet Australia‘s podcast Patch Monday.

In this week’s episode, Cyberwar. What is Australia’s place in the world of digital warfare? What are the implications for the NBN? Tom Worthington, a computer scientist who’s been watching how Australia’s defence forces use IT, helps separate the myth from reality.

We also look at the Australia Council’s innovative “Geek in Residence” program, helping bring arts organisations into the 21st Century. Applications close 9 December.

You can listen to my first episode, which is Patch Monday episode 20, below. But it’s even better for my stats if you listen at ZDNet Australia or subscribe to the RSS feed or subscribe in iTunes.

Please, let me know what you think. Feedback very, very welcome. And do let me know if there’s any topics I should cover, or guests we should interview.

And yes, I know it’s Friday, not Monday. Shoosh. Normal service will be resumed shortly.

• The Poll Cruncher | Pollytics: How trustworthy is the result of an opinion poll? This handy little tool allows you to enter the sample size and the result, and it gives you the margin of error. Assuming, of course, that the poll was conducted randomly and ethically in the first place.
• What’s Your Professional Reputation? | Pollytics: Possum interprets the latest results from the Roy Morgan poll of public perceptions of ethics and honesty for various professions. As usual, newspaper journalists and car salesmen are down the bottom. Possum creates a nice little interactive graph showing how the result have changed each year since 1979.
• Nineteen Eighty-Four turns sixty | Inside Story: Brian McFarlane’s take on the 60th anniversary of the publication of Orwell’s classic. Somehow, while talking about film adaptations and connections to Phillip K Dick, he completely fails to mention Terry Gilliam’s Brazil.
• Dear Global Service Direct, where is my Snuggie? | Crikey: Crikey‘s coverage of their interactions with the Snuggie has the potential to become quite obsessive. In a good way. However this silly exchange of emails with Snuggie’s sellers contain one of the best customer service responses ever: “I wish I could do more but I am just a pawn.” Also, a graph.
• From little things… | RN Future Tense: This episode of ABC Radio National’s Future Tense included an interview with ActionAid Australia’s Archie Law about Project TOTO, as well as some great stuff about innovative uses of telecommunications technology in Kenya and India. Internet via bus, anyone?
• William Langewiesche on Somali pirates | vanityfair.com: Feature article on the incident where French luxury cruise ship Le Ponant was targeted by Somali pirates.
• louder than swahili: The blog of Pernille, a 37yo Scandinavian woman who’s been living in Tanzania since 2007, and most recently before that spent 26 months among Sudanese refugees along and across the Ugandan border to Southern Sudan.
• A Never Ending Race | absolutelybangkok.com: Bangkok in 2015 is a paranoid short yarn from Yan Monchatre, a French cartoonist and illustrator who’s resident in Bangkok.
• The First Few Milliseconds of an HTTPS Connection | Moserware: A deep, deep explanation of what happens when your web browser creates an encrypted connection to a website.
• mHITs: An Australian company providing the technology to pay by mobile phone. Currently seems to be limited to food and drink, and to a handful of venues in Canberra and Sydney.
• The United Republic Consulate of Tanzania Consulate: This is, I hope, the official website of the Consulate for Tanzania in Melbourne. It’s not particularly reassuring when the home page’s title bar reads: “::Welcom to Company Name::”.
• Rise of online mercenaries | Australian IT: Steven Bellovin, professor of computing science at Columbia University, predicts the rise of online mercenaries using techniques going back 200 years to letters of marque and reprisal, where governments commission somebody to attack another government’s assets with perfect immunity under law. The story’s a couple weeks old but still relevant.