paul ducklin

You are currently browsing articles tagged paul ducklin.

Suburban Nativity: click to embiggenMonday 17 to Sunday 23 December 2012 was a week filled with plenty of work, plenty of stress and a small amount of exhaustion.

The media outputs are listed below, as usual. Towards the end of the week the long series of 5am and earlier starts was beginning to catch up with me, and on Thursday I accidentally slept in until lunchtime — and that was truly wonderful.

I decided to continue that level of sloth on the weekend. Well, apart from today, obviously. As mentioned below, there’s still quite a bit left to do before I can finally break for Christmas.

Also this week I dropped and broke my Samsung Galaxy S III, necessitating an urgent replacement. While doing that I discovered some gotchas with migrating data to a new phone, and I’ll write about that after Christmas.

Podcasts

  • Patch Monday episode 168, “2012 infosec review: Focus on crime, not cyberwar”. The second of our two year-end conversations. The panelists are Paul Ducklin, Sophos’ head of technology for Asia Pacific; Chris Gatford, director of penetration testing firm HackLabs; Jon Callas, chief technology officer at Entrust, and now also of secure messaging provider Silent Circle; and Stephen Wilson, managing director of Lockstep Group, which provides advice and analysis on digital identity and privacy technologies.

Articles

Media Appearances

Corporate Largesse

  • On Wednesday I had a very pleasant lunch indeed at Bistrode at the Hotel CBD in Sydney with a couple of chaps from Trend Micro. Needless to say, it was on their tab.

The Week Ahead

There’s tonight and one working day left before Christmas. In that time I have to produce a Patch Monday podcast, my end-of-year story for Crikey, and a follow-up to Friday’s story for CSO Online. I’ll be busy for the next 24 hours, though for all those things I’ve already got a plan in mind so they should be straightforward.

But then Tuesday is Christmas Day, and from then through to the end of the week I have precisely nothing planned. Sure, there’s a few little work-related things that’ll need to be polished off, but there are no pressing commitments. This pleases me immensely.

[Photo: Suburban Nativity, photographed on Stony Creek Road in Beverly Hills, Sydney, on 15 December 2012. The householders must do this every year, because the same nativity scene is visible in Google Street View imagery from December 2009.]

A weekly summary of what I’ve been doing elsewhere on the internets — which wasn’t a lot because the sloth and the holiday season have started to take their toll. That’s also why this is being posted so late. Cope.

Podcasts

  • Patch Monday episode 118, “2011: the year in security”. A panel discussion with Chris Gatford, director of penetration testing firm HackLabs; Paul Ducklin, Sophos’ head of technology for Asia Pacific; Stephen Wilson, managing director of Lockstep Group, who provides advice and analysis on digital identity and privacy technologies; and Jon Callas, chief technology officer at Entrust.
  • The 9pm Edict episode 15, which includes my claim that Senator Stephen Conroy deliberately dropped the f-bomb earlier in the week.

Articles

  • Time to drop the ‘e’, Technology Spectator, 13 December 2011. Lovely headline, but the article is actually about the language we use to describe technology.

Media Appearances

None.

Corporate Largesse

  • On Tuesday, MobileIron paid for lunch at Silverbean on Enmore Road.
  • On Friday, Symantec paid for lunch at Sake Restaurant, The Rocks.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: A View from Hilton Hotel, Sydney, in particular the view onto George Street from the Executive Lounge. This photo was actually taken last night, 19 December, not in the "correct" week. But I know you won't mind.]

A weekly summary of what I’ve been doing elsewhere on the internets. Most of the week was spent in Kuala Lumpur, my first visit. I’ll write more about that anon.

Podcasts

  • Patch Monday episode 104, “Can security ever beat PEBKAC?”. A conversation with Paul Ducklin, head of technology for the Asia-Pacific region with Sophos, and Chris Gatford, proprietor of Hack Labs, a specialist in penetration testing.

Articles

Further material from the Kaspersky Lab event is appearing from today.

Media Appearances

None.

Corporate Largesse

  • On Tuesday I had lunch at Ocean Restaurant, Cockle Bay Wharf, thanks to Check Point. There’s some material from the conversations there that will appear in the next few days.
  • On Tuesday night I travelled to Kuala Lumpur thanks to Kasperky Lab. Their largesse included flights and airport transfers; meals and accommodation at Le Meridien; an evening sightseeing trip to Putrajaya including dinner on a cruise boat; a Kaspersky-branded leather document case, rather nice actually; Kaspersky-branded USB-powered speakers; and a t-shirt. I declined the offer of an all-day sightseeing tour on Friday because I had work to do.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Kuala Lumpur skyline, shrouded in haze, photographed with my battered HTC Desire from the 14th floor of Le Meridien, KL Sentral. It's like this pretty much all day, what with the Indonesians burning down the rainforests and all. The photo doesn't do the scene justice. I have since obtained a decent camera.]

LinkedIn has responded to criticism over their opting-in of everyone to their “social advertising” program with a self-serving blog post. I’m less than impressed.

I wrote two articles yesterday. For Crikey, Sorry too hard a word for LinkedIn over privacy faux pas, in which I describe LinkedIn’s response as bullshit. And for CSO Online, Five lessons from LinkedIn’s opt-out stupidity, which reminds people to keep an eye on social networking services for unannounced changes to the rules of engagement.

Paul Ducklin from security vendor Sophos gives them an easier time, praising them for a quick response. He’s nicer than I am.

In the cold, clear light of Saturday morning, what depresses me most about this whole episode is not that a supposedly-professional service would pull a trick like this and, when caught out, just smear PR bull over the top. It’s that they’ll probably get away with it, and imagine they handled it well.

Read the rest of this entry »

LulzSec’s hack of The Sun and other UK websites belonging to Rupert Murdoch’s News International yesterday was one of the highest-profile infosec breaches in history. But will it mean anything beyond today’s news cycle? I suspect not.

(If you’re not up to speed on this, please read my initial summary for CSO Online or a shorter but fresher story for Crikey.)

As I thought about this overnight, and after chatting with Paul Ducklin from information security vendor Sophos, I came to the conclusion that despite all the media coverage yesterday nothing will change.

I wrote that up as an op-ed for CSO Online, Four lessons from LulzSec vs Murdoch.

We’ve seen hack after hack after hack, but civilisation has stubbornly refused to crumble. We’ve cried wolf a few hundred times too often. We’re experiencing what Paul Ducklin from Sophos calls “hack fatigue”.

We only hear about successful hacks, from LulzSec or anyone else, Ducklin told CSO Online. “They can crow about every time they have a success,” he said, “but you never hear about the sites they never broke into.”

And the idea that LulzSEc’s high-profile hacks will suddenly focus attention on organisation’s information security vulnerabilities? Bah. We’ve been flooded with media reports of high-profile hacks for the last few years, from NATO to Paris Hilton, Google to prime minister Gillard.

After all those stories we held urgent meetings, changed our ways, and put infosec at the top of the business agenda, right?

Yeah right.

So now what? I’ll put my money on LulzSec being forgotten until their next high-profile attack, or their arrest.

[Picture: Early this morning Australian time, LulzSec tweeted: "The Sun taken care of... now what about the moon...", linking to that image (source unknown). Is it a hint? Or a meaningless distraction?]

A weekly summary of what I’ve been doing elsewhere on the internets. This week featured a trip to Canberra for the Microsoft Politics and Technology Forum.

Podcasts

Articles

Media Appearances

  • The Microsoft Politics & Technology Forum probably counts as one of these, but I’ll post links when there are links to link to.

Corporate Largesse

  • This doesn’t really count as largesse, because I was actually working on the discussion panel as the Microsoft Politics & Technology Forum, but Microsoft paid for my transport to Canberra, accommodation at the Hyatt Canberra Hotel, and a lovely dinner at Mezzalira Ristorante.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Bombardier Q400 aircraft at Sydney airport, the one I took to Canberra on Tuesday.]

A weekly summary of what I’ve been doing elsewhere on the internets — which actually covers two weeks because of various distractions.

Articles

Podcasts

  • Patch Monday episode 71, “Avoiding Vodafone’s Wikileaks moment”. Paul Ducklin, who is Sophos’ head of technology for the Asia-Pacific region, reckons Vodafone’s problem is much like the US government’s with WikiLeaks: too many people have logins which give them access to too much stuff. Our conversation covered what organisations should be doing to avoid a disaster like Vodafone’s happening to them.

Media Appearances

Corporate Largesse

  • Donations to the Artemis Medical Fund included $100 from online accounting software provider Saasu and $50 from an elected NSW politician from the Australian Labor Party.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Apparently Not, a no-stopping sign demolished by a vehicle that didn't stop. Stanmore Road, Petersham, on 6 January 2011.]

ZDNet Australia logo: click for Patch Monday episode 41

Has Facebook gone too far? Is it out of control? Another change to its privacy settings and a new 5800-word privacy policy have triggered concerns by US authorities and European privacy organisations. In Sydney the death of 18-year-old Nona Belomesoff has been dubbed another “Facebook murder”. Is regulation needed?

In this week’s Patch Monday podcast, I cover Facebook privacy from two angles.

First, security and the risk to you and your employer. Paul Ducklin is Sophos’ head of technology for Asia Pacific. His research shows that half the time people will befriend anyone who asks — exposing all their personal details to strangers. Criminals wanting to steal your identity or probe your business have it easy.

Second, the policy implications. David Vaile, who heads up the Cyberspace Law and Policy Centre at the University of New South Wales thinks Facebook’s privacy model is “dangerous”. He foresees a time when personal information is considered as valuable and vulnerable as financial information — and any IT systems that hold that information will need network security as strong as the banks.

You can listen below. But it’s probably better for my stats if you listen at ZDNet Australia or subscribe to the RSS feed or subscribe in iTunes.

Please let me know what you think. Comments below. We accept audio comments too. Either Skype to stilgherrian or phone Sydney +61 2 8011 3733.