chris gatford – Stilgherrian

01 March 2014

Talking RATs and webcams on The Project

Screenshot from The Project, 28 February 2014 It’s been a while since I got to talk directly to The Project presenters, but I did so last night. And I was captioned as a “Cyber Security Commentator”, which is obviously a bit special.

The story was about the security risks of webcams. Presenter Gorgi Coglan introduced it thusly:

What if I told you that the webcam in your computer could be under the control of someone on the other side of the planet, and watching everything you do right now?

I was pleased that The Project introduced the Channel TEN audience to RATs, or remote administration (or access) tools, and managed — as they nearly always do — to strike the right balance between scary and funny.

Over the fold you’ll find the video of the entire four-minute segment — starting off with a “package”, as they’re called, featuring Hacklabs director Chris Gatford, followed by the panel interviewing me.

It was the Friday team, so that panel consisted of presenter Gorgi Coglan, comedian Lehmo, the inimitable Waleed Aly and, just to be different, Richie Sambora, guitarist of Bon Jovi fame.

Continue reading “Talking RATs and webcams on The Project”

23 December 2012

Weekly Wrap 133: Instagram, infosec and random nativity

Monday 17 to Sunday 23 December 2012 was a week filled with plenty of work, plenty of stress and a small amount of exhaustion.

The media outputs are listed below, as usual. Towards the end of the week the long series of 5am and earlier starts was beginning to catch up with me, and on Thursday I accidentally slept in until lunchtime — and that was truly wonderful.

I decided to continue that level of sloth on the weekend. Well, apart from today, obviously. As mentioned below, there’s still quite a bit left to do before I can finally break for Christmas.

Also this week I dropped and broke my Samsung Galaxy S III, necessitating an urgent replacement. While doing that I discovered some gotchas with migrating data to a new phone, and I’ll write about that after Christmas.

Podcasts

Patch Monday episode 168, “2012 infosec review: Focus on crime, not cyberwar”. The second of our two year-end conversations. The panelists are Paul Ducklin, Sophos’ head of technology for Asia Pacific; Chris Gatford, director of penetration testing firm HackLabs; Jon Callas, chief technology officer at Entrust, and now also of secure messaging provider Silent Circle; and Stephen Wilson, managing director of Lockstep Group, which provides advice and analysis on digital identity and privacy technologies.

Articles

Users snap over Instagram, but should have seen it coming, Crikey, 19 December 2012.
2012: the Year of Cyberwar that wasn’t, CSO Online, 21 December 2012.

Media Appearances

On Wednesday I spoke about the Instagram terms-of-use furore with ABC Radio National Breakfast, ABC Radio’s PM and ABC 666 Canberra. Click through for all the audio.

Corporate Largesse

On Wednesday I had a very pleasant lunch indeed at Bistrode at the Hotel CBD in Sydney with a couple of chaps from Trend Micro. Needless to say, it was on their tab.

The Week Ahead

There’s tonight and one working day left before Christmas. In that time I have to produce a Patch Monday podcast, my end-of-year story for Crikey, and a follow-up to Friday’s story for CSO Online. I’ll be busy for the next 24 hours, though for all those things I’ve already got a plan in mind so they should be straightforward.

But then Tuesday is Christmas Day, and from then through to the end of the week I have precisely nothing planned. Sure, there’s a few little work-related things that’ll need to be polished off, but there are no pressing commitments. This pleases me immensely.

[Photo: Suburban Nativity, photographed on Stony Creek Road in Beverly Hills, Sydney, on 15 December 2012. The householders must do this every year, because the same nativity scene is visible in Google Street View imagery from December 2009.]

02 December 2012

Weekly Wrap 130: Storms, sunburn and a two-hour cruise

The week of Monday 26 November to Sunday 2 December 2012 was strange. It started with stormy weather, and the misty conditions continued until Wednesday. But by Thursday I was sunburnt and dehydrated in sweltering heat.

I should not have walked through the heat from Potts Point to the Sydney CBD, even though I could take a photograph of the city along the way.

It was also a stressful week. To the usual month-end cashflow blockage was added a series of strange problems with a client’s marketing email template.

The client had chosen to use an old template, and the line spacing fell apart in modern versions of Microsoft Outlook. Then some of the links to PDF files on their website didn’t work, with the links being somehow scrambled so they delivered a “404 File not found” error instead of the PDF file. Sometimes.

Eventually we discovered that the links broke — sometimes — when URLs containing white-space characters (such as “%20” for a space) were passed from Outlook to an out-of-date version of Adobe Reader.

Thankfully the week ended with some semblance of normality, and the weekend was restful.

Podcasts

Patch Monday episode 165, “Why Click Frenzies shouldn’t cause web scale fail”. The website for the Click Frenzy 24-hour sale shouldn’t have fallen over. Application architect Benno Rice explains why, and Chris Gatford of HackLabs explains the security glitch that left Click Frenzy’s database password exposed to the world.

Articles

Hacking democracy’: a tool to streamline our Right To Know, Crikey, 28 November 2012. Right To Know makes it easier for people to file Freedom of Information (FOI) requests. It’ll be interesting to see how this unfolds.

Media Appearances

On Sunday morning I was asked, at the last minute, to be the bespoke Twitterer for ABC Radio National’s Sunday Extra. That just means that I had to listen to the program — which I was doing anyway — and tweet about it.

Corporate Largesse

On Wednesday I attended the Retail Tech Forum at Wildfire Restaurant, Circular Quay, which was organised by Bass PR for various clients: Dassault SystÃ¨mes, who do many things but in this case provide 3D modelling and visualisation tools for retail environments; retail software systems vendor Island Pacific Australia; 3Q Holdings, who also do retail tech; Meridian Systems, who make “technology solutions” for the project management of “capital buildings” and the maintenance thereof; and analysts Frost & Sullivan. I daresay an article will come out of this at some point. Meanwhile, here’s the lunch menu and pictures of the beef short rib starter and the corn-fed chicken main course.
On Thursday I had lunch at Establishment with the people behind Uber Sydney, a smartphone-based service that provides on-demand ordering of a black town car. An article will come out of this eventually.
On Thursday afternoon I went on a two-hour cruise of Sydney Harbour aboard Matilda III, which was the Internet Industry Associationâ€™s Harbour Policy Party. The photographs start here.
On Thursday evening I dropped into The Indies’ Christmas party at the Burdekin Hotel on Oxford Street, The Indies being the four PR firms Bass PR, Shuna Boyd PR (which doesn’t seem to have a website?), Einsteinz Communications and Espresso Communications. I had just one glass of wine, my only alcohol for the entire day, before exhaustion set in.

The Week Ahead

Starting this week I’ll be based in Hurstville, a southern suburb of Sydney, thanks to a housesitting arrangement with someone who shall remain anonymous. I’ll be there until the end of the first week of January. Unless plans change.

This week is another busy week. I daresay I won’t get around to producing the Patch Monday podcast until Monday morning. I’ve got some writing to do too. Then on Tuesday, Optus is showcasing their 4G smartphones at a lunch in Surry Hills. On Wednesday I’m attending VMware’s Cloud Panel, a lunchtime event at The Star casino.

I’ll try to record next week’s Patch Monday podcast on Thursday, because on Thursday night I’m going to Fuel Communications‘ Christmas party and then on Friday I’m covering a one-day conference Privacy in the 21st Century (PDF), organised by the Communications Law Centre at the University of Technology Sydney (UTS). Since I’m covering that conference for both Crikey and ZDNet, it’ll be sensible to get that podcast out of the way.

[Photo: The Nepean was crossed. It has been my habit to take a photograph each time I cross the Nepean River en route from Wentworth Falls to Sydney or vice versa, which I then tweet with the caption Crossing the Nepean. Yesterday I missed, and the outbound train was already at Emu Plains before I could take a snapshot.]

17 April 2012

Weekly Wrap 97: Facebook, Instagram and emergency duck

My usual weekly summary of what I’ve been doing elsewhere on the internets. This post covers the week from Monday 9 to Sunday 15 April 2012 — another short week in terms of writing and media production, thanks to the 4-day work week after Easter.

There’s no photo this week because I lost my camera — though it has since been found in the Blue Mountains taxi where I dropped it. I’ll be collecting it on Sunday, probably.

There was also quite a bit of disruption thanks to the need to perform some emergency geekery. I may or may not write about that another time.

Podcasts

Patch Monday episode 133, “OS X botnet: disaster or speed bump?”. A chat about the Flashback botnet with Chris Gatford, director of penetration testing firm Hacklabs, and applications architect Benno Rice.

Articles

Facebook buys Instagram’s buzz in lead-up to share float, Crikey, 10 April 2012.

Media Appearances

On Friday I talked about Instagram and Facebook on ABC Radio National’s Media Report.

Corporate Largesse

None.

The Week Ahead

I’m in Sydney all this week too, before returning to Wentworth Falls on Sunday afternoon. My main task is to complete a feature story for ZDNet Australia and an opinion piece for CSO Online. I’m also attending two launch events for new “smart TVs”, one for Samsung and one for LG. And apart from that I’ll be attempting to avoid the seasonal affective disorder that usually strikes at this time of the year.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags.

25 March 2012

Weekly Wrap 94: Identity, privacy, fog and a lyrebird

My usual weekly summary of what I’ve been doing elsewhere on the internets. This post covers the week from Monday 19 to Sunday 25 March 2012.

Podcasts

Patch Monday episode 130, “Yellow alert! Windows RDP flaw explained”. Casey Ellis from Tall Poppy Group and HackLabs proprietor Chris Gatford explain all the things.
The 9pm Edict episode 20, which covers Tony Abbott’s tribute to Margaret Whitlam, comedian Bill Bailey’s thoughts on classical music, Harmony Day and more.

Articles

Remote Desktop Protocol security hole: 5 unanswered questions, CSO Online, 19 March 2012.
The Facebook experiment, ZDNet Australia, 23 March 2012.

Media Appearances

On Tuesday I spoke about the death of passwords on ABC 105.7 Darwin.

Corporate Largesse

On Thursday I attended the iappANZ workshop on Identity and Privacy as the guest of the Lockstep Group.
Also on Thursday, I met with Oliver Friedrichs from Sourcefire, and they bought me a beer.

The Week Ahead

Nothing of specific note has been locked in yet.

Elsewhere

[Photo: Bunjaree Track with Fog, photographed at Bunjaree Cottages on the morning I finally saw the lyrebird.]

11 March 2012

Weekly Wrap 92: Rosella invasion!

My usual weekly summary of what I’ve been doing elsewhere on the internets. This post covers the week from Monday 5 to Sunday 11 March 2012.

Podcasts

Patch Monday episode 128, “Cybercrime and the Russian mob”. Stephen McCombie, lecturer at the Centre for Policing, Intelligence and Counter Terrorism at Macquarie University, explains why Eastern Europe is the perfect breeding-ground for online crime. And Chris Gatford, proprietor of Hacklabs, says that organisations’ networks are showing the same vulnerabilities as a decade ago. We’re not learning. And the payment card industry data security standard (PCI DSS) has failed us too.

Articles

Hacking up the facts, Technology Spectator, 7 March 2012, written following lunch with RSA’s Art Coviello.
Zero damage from last year’s RSA breach, CSO Online, 7 March 2012. A more accurate headline would be “Zero damage from last year’s hack, says RSA”, but that’s my fault for doing things in a rush.
Oz ethical hackers to be set professional standards, CSO Online, 9 March 2012. We now have an Australian branch of the Council of Registered Ethical Security Testers (CREST), with Alastair MacGibbon as its first CEO.

Media Appearances

On Saturday I was quoted in a Sydney Morning Herald article about the Finkelstein media review, Rising anger over plans to regulate blogosphere. Whoever was angry, it wasn’t me.

Corporate Largesse

On Monday, RSA paid for lunch at The Summit Restaurant. From the rather lovely menu I selected the campechana of ocean trout, school prawns, Pacific oyster and crab in a wet tomato lime ceviche, followed by the dry aged Angus beef cheek and loin noisettes with Jerusalem artichoke, grapes and majoram — along with some of the double cream and butter mashed potato, and the crisp garden leaves and cress salad with chardonnay dressing. I forgot to write down what the wines were, sorry, but I can show you the view in directions one, two and three.
Also on Monday, I had coffee with Brad Arkin from Adobe, and they paid. I didn’t see the need to take a photograph.

Elsewhere

[Photo: Rosella in da House. Technically this is being posted in the wrong week because it’s from 4 March, but it accurately summarises the mood of this week I think. Some of the local avian wildlife at Bunjaree Cottages has started to get a little more friendly.]