Blog

Posted on

Weekly Wrap 102: Infosec and interference

My week from Monday 14 to Sunday 20 May 2012 was mostly about the AusCERT information security conference and a blur of returning pain thanks to my dodgy shoulder.

As I finish compiling this post, I’ve still got lots of AusCERT material to produce and Monday looks like being intense. So let’s just list everything and see what happens.

Podcasts

  • Patch Monday episode 138, “Anonymous ‘crippled’: where to for hacktivism?”. Following last week’s conversation with Israeli information security researcher Tal Be’ery about hacktivists’ tactics, I spoke with former journalist and commentator Barrett Brown, who has worked with Anonymous for about a year and a half. He discusses Anonymous’ position in the wake of revelations that Sabu, a core member and informal leader of the offshoot hacking group LulzSec, had become an FBI informant.

Articles

These are just the first two articles from my AusCERT coverage. More will follow.

Videos

Media Appearances

Corporate Largesse

  • AusCERT 2012 conference organisers and sponsors paid for various meals and drinks, but I didn’t keep track of that. While that means I can’t disclose who paid, it also means I can’t be influenced because I can’t remember who’s meant to be doing the influencing. Complete market failure, that.

The Week Ahead

There’s a couple of days of intense writing and production ahead. At the very least there’s two or three articles about AusCERT 2012 and the Patch Monday podcast. Then there’s a piece to do for CSO Online, and one for Technology Spectator.

I should be returning to Wentworth Falls this evening, but I plan to be back on Wednesday night to go to a paintball session with Eugene Kaspersky and other journalists. That could be weird. And I’ll probably be in Sydney again at the end of the week, but that hasn’t been planned out yet.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up) and via Instagram. The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Airbus A320-232 VH-VGY at Gold Coast airport, the aircraft I traveled in on Saturday. Check out the complete history of VH-VGY at FlightAware.]

[Update 26 May 2012: Links added to last weekend’s audio recordings, added earlier today as separate blog posts. Update 3 June 2012: Link added to Tom Davey’s radio report.]

Posted on

Video: 5 Conference Tips for PR Professionals

On the way back from the AusCERT 2012 information security conference this afternoon I found myself stranded at Gold Coast airport for a couple hours, exhausted. What better, then, than an impromptu video explaining how public relations operatives can improve the way they interact with journalists at these events.

This video was shot with a Nikon Coolpix S8100 compact digital camera, using the in-camera stereo microphone for the audio. The only post-production was to top and tail it, and compress it to a YouTube-optimised MP4 using iSkysoft Video Converter. Otherwise it’s exactly as it came out of the camera.

Should I list the tips themselves, here, in text form? Perhaps later. I simply couldn’t be arsed right now.

Posted on

AusCERT 2012: What’s changed since 2011?

I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.

Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:

The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?

And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.

I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?

[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]

Posted on

Weekly Wrap 101: Codeine and counter-surveillance

My week from Monday 7 to Sunday 13 May 2012 was less productive than it might have been thanks to my shoulder being “out” for a few days, resulting in severe pain. No, I don’t mean I have a gay shoulder. I mean that a rib wasn’t seated properly.

The shoulder was repaired on Wednesday and is now slowly getting better, thank you. But despite the pain and the codeine haze, I did get a little work done.

Podcasts

  • Patch Monday episode 137, “Removing the anonymity from Anonymous”. A conversation about the tactics of Anonymous, LulzSec and other hacktivists with Israeli information security researcher Tal Be’ery, web security research team leader at Imperva’s Application Defense Center (ADC), where he leads efforts to capture and analyse hacking data.

Articles

Media Appearances

Corporate Largesse

None.

The Week Ahead

The current plan? A day of writing at Wentworth Falls on Monday. A day of travelling on Tuesday, taking the train to Sydney and then flying to the Gold Coast. Once there I’ll be covering the AusCERT 2012 information security conference for ZDNet Australia, flying back to Sydney on Saturday afternoon.

On Sunday afternoon I’m speaking about the total surveillance society at the Sydney Writers Festival.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Fuckin' art, innit, taken at the Hotel InterContinental, Sydney, on Saturday 12 May 2012.]

Posted on

Why tweeting my movements isn’t a safety risk

[Update 2.25pm: Comments on Twitter have persuaded me to emphasise that the question here is specifically about “personal safety” only, not lame and replaceable possessions, and my personal safety at that. As the second-last paragraph says, the risk profile might not be the same for everyone. These are the choices I’ve made with open eyes.]

“How do you think that tweeting your day plans affects your personal safety?” asked Ravneel Chand a short time ago. Overall, I reckon it actually increases my safety. Here’s why.

Background first. Here’s today’s “daily plan” tweet which, like those on pretty much every other day, is tweeted shortly before I settle down to work.

Thu plan: Bump out Waratah Cottage; 1032 train to Sydney; lunch (where?); errand Newtown/Enmore; write something; evening TBA.

Later in the morning I mentioned that I’d be catching a later train. And then, just as I left the house:

Mobile: Cab, shortly, to Wentworth Falls; 1132 train to Sydney Central; train to Town Hall station; 1335 walk to SEKRIT hotel and check in.

Clearly the fear being expressed is that by knowing my movements some bad person could more easily do me harm. But let’s do a proper risk assessment. You start one of those by enumerating the risks, and then you look at how this additional information might change those risks.

Continue reading “Why tweeting my movements isn’t a safety risk”