I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.
Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:
- AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
- AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
- AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
- AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
- AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?
The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?
And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.
I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?
[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]
A weekly summary of what I’ve been doing elsewhere on the internets. This week was mostly about the AusCERT information security conference on the Gold Coast, although a few things relating to the previous week dribbled through.
- Patch Monday episode 88, “Social business + cloud != revolution”, based on material recorded at NetSuite’s SuiteWorld conference the previous week.
What a lot of articles we have this week! I was covering AusCERT as part of the ZDNet Australia team, and the Technology Spectator article was actually written the week before. There’ll be more AusCERT articles next week.
- AusCERT 2011: Firms ignore ID theft risk, for ZDNet Australia, which is based on some of Bennett Arron’s comments during the conference’s opening keynote.
- AusCERT 2011: Son of Stuxnet within a year: expert, ZDNet Australia. The source code for Stuxnet is out there. Security analyst Eric Byres reckons that’ll show everyone how to make sophisticated malware, and the “Russian business network” will be first off the rank.
- Privacy is a commodity, for Technology Spectator, in which I bite the hand that feeds me by criticising the comment they use.
- AusCERT 2011: Black hats and whitegoods, for ZDNet Australia. We’re creating the Internet of Things by turning everything into a network device. But when was the last time you heard an appliance manufacturer talking about network security? CBS Interactive’s Brian Haverty came up with the OARSUM headline.
- AusCERT 2011: Bank theft goes truly mobile, for ZDNet Australia.
- AusCERT 2011: Silent victims thwart cybercops: Qld Police, for ZDNet Australia.
- Qld cops denounce ‘ethical hacking’, for ZDNet Australia. This headline is a bit of a misdirection. Ethical hacking is generally when the target has given permission, such as when someone is hired to do penetration testing. The kind of hacking games at black hat conferences, which is what Detective Superintendent Brian Hay was talking about, probably don’t fit into this category.
- I was asked to do a bit of trickery before Bennett Arron’s keynote at AusCERT. It didn’t go quite as planned. When Munir Kotadia produced the Day 1 Highlights video, he made sure that no-one forgot.
- I travelled to the Gold Coast for the AusCERT Conference on information security. My air fares, accommodation and breakfast were covered by CBS Interactive, ZDNet Australia’s parent company, as is normal for freelancers so that doesn’t count as largesse. AusCERT provided free conference entry, as is normal for any media attending, and that included meals and drinks at the social events. In the goodie bag was: webroot Personal Security and Mobile Security for Android from, erm, webroot; notebooks from webroot and Juniper Networks; PostIt-style thingies from Symantec; pens from RSM Bird Cameron, Citrix, Netgear and M86 Security; a Rubik’s Cube from WatchGuard; 3D glasses from SecurityLab; a yoyo from McAfee; and, via a voucher, an AusCERT conference t-shirt. I’ll have more to say about this later. I was also given a t-shirt by Sophos and a stubbie holder from Splunk.
Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.
[Photo: Sunrise over the Pacific, Surfer’s Paradise, taken from my room at the Crowne Plaza Hotel in 17 May. I didn’t really bother trying to take a good photo, it’s just a snapshot from my phone. Sometimes I wonder why I bother.]
[Update 3 May 2013: Edited to fix broken link to Patch Monday podcast.]