Blog

Posted on

Weekly Wrap 125: Intelligence and infection

It’s hard to believe that just two weeks ago I was dealing with snow because this week, Monday 22 to Sunday 28 October 2012, included a day of working at Manly beach.

As you’ll read in a moment, it also included a series of digs at Australia’s law enforcement and intelligence communities. And it wrapped up on Saturday with the discovery that I’ve been suffering from a rather nasty throat infection. Which explains why I was so tired and irritable.

Penicillin to the rescue!

Podcasts

Articles

Media Appearances

Corporate Largesse

None.

The Week Ahead

The week begins tonight with a midnight recording for this week’s Patch Monday podcast. Then I have to complete a story for Technology Spectator by 1000 AEDT before wrapping up Patch Monday. And then I catch the train to Sydney.

I’m then staying in Sydney overnight so I can be at Microsoft’s Tuesday morning breakfast briefing on Windows Phone 8, and after that the rest of the week is as yet unplanned. Chaos is my friend. Stand by.

[Photo: Freelancing, a picture of my working environment on Thursday. That’s the Steyne Hotel overlooking the beach at Manly in Sydney.]

Posted on

ASIO’s got it easy, says terrorism expert

“ASIO don’t seem to realise how privileged they are compared to intel orgs in other Western democracies,” tweeted terrorism researcher Andrew Zammit (pictured) yesterday.

Zammit is a researcher at the Global Terrorism Research Centre (Monash University) and Australian Policy Online (Swinburne University), and he was responding to my blog post from yesterday, “Insulted, ASIO? That’s not really the problem, surely?” and the attached podcast.

Here are his subsequent tweets, turned into continuous prose:

CIA for example has ongoing congressional oversight (of actual operations) as opposed to our occasional parl[iamentary] inquiries, people can FOI CIA docs only a few years old (ASIO has 20-30 year exemption) and some of the CIA’s analytical roles are transparent, as in analysts will have CIA business cards whereas even an ASIO kitchen hand’s identity will be kept secret. And CIA isn’t even a domestically-focused agency. So yes, ASIO needs to be less precious about being asked questions.

I agree. From the perspective of the United States I’m a foreign national, yet I’ve spoken with officers from the FBI, NSA and the Secret Service — all of whom had business cards with their full names. The closest I’ve gotten in Australia is chatting briefly with a DSD chap, one of two attending Linux.conf.au in January this year — given names only, and I suspect that those given names were really in scare quotes.

The excuse always given is “operational security”, but I do think the world has changed. The tools and methods are surely not so different from SEKRIT agencies to private-sector security companies and even analysis in non-security realms, given that so much technology is now available off the shelf to all comers.

Surely these days OPSEC is more about protecting sources and the specific operations that are or are not being conducted?

Of course I really don’t know this stuff. I’ve never worked in this field. I’ve never even held a security clearance. I’m just an interested bystander mouthing off. But I am intrigued.

Posted on

Visiting Coffs Harbour for FlexibilITy 2012

The travels continue. I’m heading to Coffs Harbour in northern New South Wales next month to speak at Flexibility 2012, the 15th Annual IT Conference for Local Government.

You’ll be surprised, I’m sure, to discover that I’m talking about information security.

The Hacker Threat: Let’s bust some myths

The headlines portray the internet as a scary, scary place. Anonymous hacktivists mock the powerful, defacing websites and stealing vast troves of confidential information. Criminals plunder bank accounts and destroy credit ratings. Shady “nation-state actors” infiltrate secure government and corporate networks, stealing every secret they can find.

Information security companies publish research “proving” the vast scale of global online crime. Defence experts point to the vast sums being spent on military-grade hacking and talk of looming cyberwar. Of course both groups have a vested interest in talking up the threat.

The hackers are certainly real, ranging from youthful vandals with unfocussed quasi-political motivations to highly-organised international crime gangs and well-funded national defence and intelligence agencies.

Sophisticated hacking tools are now developed by professional software development teams. They can be bought in the online underground for just a few hundred dollars, complete with technical support provided under a service level agreement.

So how should organisations respond?

The threat landscape is certainly changing, so new tools will certainly be required. But it’s important to understand the real threats and their relative significance, and respond as part of a coherent strategy, rather than reacting to the latest panic.

This session will present an overview of current internet security threats based on the latest research with the bovine excrement filtered out.

I’ll be in Coffs Harbour from the morning of Wednesday 14 November through to the afternoon of Saturday 17 November. Apart from the conference itself, I’m open to suggestions.

Posted on

Visiting Singapore for Verizon media briefing

Verizon has noticed that most Australians know them only for their US mobile phone business — if they know them at all. So as part of their process of fixing that, they’re sending me to Singapore.

The main focus of the trip is a media briefing day on Wednesday 7 November, where I’ll learn more about Verizon Enterprise Solutions and, of course, the information security work they do. So I daresay I’ll be writing about that sort of thing at some point.

I’m arriving in Singapore on the evening of Tuesday 6 November and, since it’s my first visit to Shopping Mall and Container Terminal Island, I’ll be staying through to Sunday night before returning to Sydney.

Verizon has also invited me to their hospitality tent at the Barclay Singapore Open. Golf. Yes, I know, I’m not the least bit interested in golf. But it’ll be a handy “networking opportunity”. Yes, I know.

So, what do I need to know about Singapore? Where must I go? And who must I meet?

Posted on

Weekly Wrap 124: Dirty dog, dirty martini

My week Monday 15 to Sunday 21 October 2012 was marred by the black dog, who decided to visit in strength with his friend back pain. Productivity was very low.

It’s a shame. I have the workings of several quite good articles in various stages of assembly on the computer, and invitations to take part in a variety of interesting unpaid projects. At least half of them will progress no further.

Podcasts

Articles

None.

Media Appearances

Corporate Largesse

  • On Monday I had lunch at a North Sydney cafe with Marc Brown, managing consultant of Trustwave SpiderLabs in Australia, along with members of their external PR team. They paid. I believe I had smoked salmon salad.

The Week Ahead

It’s a busy week of writing ahead, after the usual Monday scramble to complete the Patch Monday podcast. At this stage it looks like I’ll be in Sydney on Wednesday and overnight into Thursday. The weekend is currently unplanned, but that will be fixed later today.

[Photo: Manhattan at the Carrington, an essential part of yesterday’s return to normality. For some value of “normal”.]

Posted on

Weekly Wrap 123: Food, drink, virtualisation and snow

My week Monday 8 to Sunday 14 October 2012 was yet another exercise in chaos, but this time with added snow.

Virtually nothing in the schedule actually happened when it was originally planned. There was too much moving around, and then Friday’s snowfalls almost derailed the week’s close.

Still, it was my first-ever encounter with actual snow at close range, so there were a few childlike moment of joy. And then I decided to spend the weekend in a SEKRIT hideaway.

Podcasts

  • Patch Monday episode 158, “Partitioning porn from PowerPoint: VMware’s virtualisation vision”. VMware’s vision of a virtualised future extends far beyond their existing desktop and server virtualisation products, to include virtualised mobile devices, and even software-defined data centres (SDD).

Articles

Media Appearances

Corporate Largesse

  • On Tuesday I was a guest of NetSuite at Sydney’s Aria Restaurant, where of course they paid for the food and wine. We also received gift vouchers from some of NetSuite’s customers: Avago ($100); SkincareStore ($75); and WineMarket.com.au ($75).
  • On Wednesday I was a guest of Alcatel-Lucent at the Australian Internet Industry Association’s NSW branch forum Customer Centric Services, held at the Four Seasons Hotel, Sydney.
  • On Friday afternoon I was a guest at MooresCloud’s press event, held at the City Hotel, Sydney. There was food. And drink. And mysteriously flashing lights.

The Week Ahead

On Monday I’ll be producing the Patch Monday podcast and having lunch with someone from Trustwave SpiderLabs before returning to Wentworth Falls. I’ll spend the week up in the mountains catching up on many, many loose ends of both media work and general geekery.

[Photo: Waratah in the snow, not the same specimen of Telopea speciosissima as seen last week, but another one at Bunjaree Cottages.]