Talking Tasmanian goverment hack on ABC 936 Hobart

Yesterday the Tasmanian government was hit by a hacker.

Sp1d3r from the hacking crew S4t4n1c_s0uls got into a Debian Linux box and inserted his graphic into an email sent to state’s media.

I reported this for CSO Online.

S4t4n1c_s0uls has claimed responsibility for almost 100 website defacements this month, including sites in Brazil, Jamaica, China, India and the Philippines. Five Chinese government websites were hit, and one in the Philippines.

I spoke about the hack with Louise Saunders on ABC 936 Hobart, and here’s the audio.

The audio is ©2011 Australian Broadcasting Corporation, but it hasn’t been posted on their website so here it is. In return, I reckon you might choose to listen to Louise Saunders’ drive program some time soon.

Privacy rights for Australia, maybe, but where’s speech?

Early this morning, Australia’s Minister for Privacy Brendan O’Connor announced that the government will start a public consultation into whether Australia should have a statutory right to privacy.

The media release was emailed at 6.26am AEST, a clear sign that it was a calm, reasoned decision made as part of a long-term government strategy. Sorry? No? Read the release?

“The News of the World scandal and other recent mass breaches of privacy, both at home and abroad, have put the spotlight on whether there should be such a right.”

The Australian Law Reform Commission’s recommendation for such a law has been sitting on the table for three years now. But hey, something in the news cycle triggers a potential “announceable” and… disco!

Right then.

I’ve already written straight news stories today for CSO Online, Australia to consider right-to-privacy law and Watchdogs welcome Australia’s right-to-privacy move. I’ll be writing about the timing thing tomorrow for ABC’s The Drum.

Right now, though, I have one question. It’s a question I’ve asked before, but I was reminded by something Mark Newton said earlier this evening.

How come we don’t see such sudden action, ever, when is comes to giving Australians a statutory right to freedom of speech?

LulzSec vs Murdoch: the lessons, and what’s next?

LulzSec’s hack of The Sun and other UK websites belonging to Rupert Murdoch’s News International yesterday was one of the highest-profile infosec breaches in history. But will it mean anything beyond today’s news cycle? I suspect not.

(If you’re not up to speed on this, please read my initial summary for CSO Online or a shorter but fresher story for Crikey.)

As I thought about this overnight, and after chatting with Paul Ducklin from information security vendor Sophos, I came to the conclusion that despite all the media coverage yesterday nothing will change.

I wrote that up as an op-ed for CSO Online, Four lessons from LulzSec vs Murdoch.

We’ve seen hack after hack after hack, but civilisation has stubbornly refused to crumble. We’ve cried wolf a few hundred times too often. We’re experiencing what Paul Ducklin from Sophos calls “hack fatigue”.

We only hear about successful hacks, from LulzSec or anyone else, Ducklin told CSO Online. “They can crow about every time they have a success,” he said, “but you never hear about the sites they never broke into.”

And the idea that LulzSEc’s high-profile hacks will suddenly focus attention on organisation’s information security vulnerabilities? Bah. We’ve been flooded with media reports of high-profile hacks for the last few years, from NATO to Paris Hilton, Google to prime minister Gillard.

After all those stories we held urgent meetings, changed our ways, and put infosec at the top of the business agenda, right?

Yeah right.

So now what? I’ll put my money on LulzSec being forgotten until their next high-profile attack, or their arrest.

[Picture: Early this morning Australian time, LulzSec tweeted: “The Sun taken care of… now what about the moon…”, linking to that image (source unknown). Is it a hint? Or a meaningless distraction?]

Weekly Wrap 58

A weekly summary of what I’ve been doing elsewhere on the internets. Most of it seemed to be about Google+.

Podcasts

Articles

Media Appearances

Corporate Largesse

  • While attending the AWS Cloud Tour 2011 on Thursday, I received ample food and drink at Amazon’s expense.
  • On Friday I met with analyst Arun Chandrasekaran from Frost & Sullivan. He paid for the coffee and juice.
  • On Friday I had another extremely long lunch with those unnamed people about that unnamed media project, but this time I managed to find my way back to where I was meant to be spending the night.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Kent Street, Sydney, photographed on Friday 15 July 2011.]

[Update 7pm: I didn’t think that last article for CSO would be posted today, but it was, so I’ve added it to the “Articles” list.]

Weekly Wrap 56

A weekly summary of what I’ve been doing elsewhere on the internets. Last week was busy enough, but this week was even busier. Something’s gotta give.

Podcasts

  • Patch Monday episode 94, “ISP filtering goes ‘voluntary'”. Even though Australia’s controversial mandatory internet filtering program is at least two years away from being implemented, internet service providers will soon start filtering child exploitation material on a voluntary basis. My guests are Peter Black, who teaches internet and media law at the Queensland University of Technology; Network engineer Mark Newton; Lyle Shelton, chief of staff of the Australian Christian Lobby.

Articles

Media Appearances

Two radio spots this week, and a guest appearance on someone else’s podcast.

Corporate Largesse

None. I am reliably informed that the drought will be broken next week.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: A misty dawn at Bunjaree Cottages, 1 July 2011. This is the view from Roselle Cottage, not normally rented to the punters. The much-battered camera in my phone does not do this scene justice.]

CSO: Voluntary filtering removes the controversy

My first op-ed for CSO, “The Resource for Data Security Executives”, has just been posted. It’s voluntary ISP-level internet filtering, but a different angle from my Crikey piece earlier today.

After nearly four chaotic years, Australia’s internet filtering scheme is finally coming together in a way that makes sense technically and politically, if not necessarily for effective child protection.

The chaos wasn’t all communications minister Senator Stephen Conroy’s fault. The “clean feed” was announced as Labor policy back in March 2006 by then-leader Kim Beazley. ISPs would filter out the nasties hosted overseas, where they couldn’t be hit with a takedown notice from the Australian Communications and Media Authority (ACMA).

But Conroy’s name was on Labor’s Plan for Cyber-safety published just five days out from the federal election in late 2007, and once in government it was Conroy’s job to explain that plan and sell it to voters. Everyone presumably imagined it’d be a protect-the-kiddies no-brainer.

Problem was, neither the plan not Conroy’s explanations were clear…

As I say, it’s my first outing for CSO, but if all goes according to plan there’ll be more. And in case you’re wondering, CSO is a job title. Chief Security Officer.