May 2012 – Page 2 – Stilgherrian

19 May 2012

Video: 5 Conference Tips for PR Professionals

On the way back from the AusCERT 2012 information security conference this afternoon I found myself stranded at Gold Coast airport for a couple hours, exhausted. What better, then, than an impromptu video explaining how public relations operatives can improve the way they interact with journalists at these events.

This video was shot with a Nikon Coolpix S8100 compact digital camera, using the in-camera stereo microphone for the audio. The only post-production was to top and tail it, and compress it to a YouTube-optimised MP4 using iSkysoft Video Converter. Otherwise it’s exactly as it came out of the camera.

Should I list the tips themselves, here, in text form? Perhaps later. I simply couldn’t be arsed right now.

19 May 2012

Talking AusCERT 2012 and cyberwar on ABC Local Radio

My full output from the AusCERT 2012 information security conference has yet to appear. Stand by. But last night I did a half-hour conference wrap with Dom Knight on ABC Local Radio.

We spoke about the conference atmosphere itself, cybercrime, cyberwar, the risk of Cybergeddon (yes, I know), and the claim by Eugene Kaspersky that Apple is ten years behind Microsoft when it comes to security.

Not that Mr Kaspersky would ever, like, troll the entire planet.

Podcast: Play in new window | Download (15.5MB)

What we didn’t talk about, really, was the two stories that have been published so far:

Russian crims evade transaction profiling, which details a trans-national organised crime operation profiled by Mikko Hypponen.
DNS poisoning the thin end of a wedge’, in which domain name system pioneer Dr Paul Vixie supports my argument that fiddling with the internet’s fundamental navigation systems probably isn’t such a great idea.

15 May 201216 May 2012

AusCERT 2012: What’s changed since 2011?

I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.

Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:

AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?

The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?

And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.

I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?

[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]

14 May 2012

Talking Facebook pay-for-highlighting on ABC 702 Sydney

While the Facebook IPO Roadshow rolls on, the company is trying a bunch of experiments — both to search for new revenue streams and to maintain the buzz. One of them is paying $2 to have your post highlighted.

The numbers in the story don’t surprise me. Typically a Facebook user’s posts are only seen by around 12% of their followers, depending on whether Facebook’s secret-sauce algorithm decides whether you’re a sufficiently close friend or the topic is of sufficient interest to the viewer.

Why not let people pay money to change that?

I could tell from the tone of his voice that ABC 702 Sydney host Richard Glover did not approve.

Podcast: Play in new window | Download (4.7MB)

13 May 2012

Weekly Wrap 101: Codeine and counter-surveillance

My week from Monday 7 to Sunday 13 May 2012 was less productive than it might have been thanks to my shoulder being “out” for a few days, resulting in severe pain. No, I don’t mean I have a gay shoulder. I mean that a rib wasn’t seated properly.

The shoulder was repaired on Wednesday and is now slowly getting better, thank you. But despite the pain and the codeine haze, I did get a little work done.

Podcasts

Patch Monday episode 137, “Removing the anonymity from Anonymous”. A conversation about the tactics of Anonymous, LulzSec and other hacktivists with Israeli information security researcher Tal Be’ery, web security research team leader at Imperva’s Application Defense Center (ADC), where he leads efforts to capture and analyse hacking data.

Articles

IT: the opportunities, some lost, from a low-tech budget, Crikey, 9 May 2012.

Media Appearances

On Friday I spoke at the inaugural Saasu Cloud Conference, with a presentation entitled Security and the Cloud: Hype versus Reality.

Corporate Largesse

None.

The Week Ahead

The current plan? A day of writing at Wentworth Falls on Monday. A day of travelling on Tuesday, taking the train to Sydney and then flying to the Gold Coast. Once there I’ll be covering the AusCERT 2012 information security conference for ZDNet Australia, flying back to Sydney on Saturday afternoon.

On Sunday afternoon I’m speaking about the total surveillance society at the Sydney Writers Festival.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Fuckin' art, innit, taken at the Hotel InterContinental, Sydney, on Saturday 12 May 2012.]

11 May 2012

Security and the Cloud: Hype versus Reality

My presentation from the Saasu Cloud Conference 2012, which I told you about previously, is now online: Security and the Cloud: Hype versus Reality.

I’ll leave the article to explain itself once you click through, but to provide some Googlejuice here are the words hacking, infosec, cybercrime, cyberwar, information security, malware and cows.