cso – Page 6 – Stilgherrian

22 July 2011

Talking Tasmanian goverment hack on ABC 936 Hobart

Yesterday the Tasmanian government was hit by a hacker.

Sp1d3r from the hacking crew S4t4n1c_s0uls got into a Debian Linux box and inserted his graphic into an email sent to state’s media.

I reported this for CSO Online.

S4t4n1c_s0uls has claimed responsibility for almost 100 website defacements this month, including sites in Brazil, Jamaica, China, India and the Philippines. Five Chinese government websites were hit, and one in the Philippines.

I spoke about the hack with Louise Saunders on ABC 936 Hobart, and here’s the audio.

Podcast: Play in new window | Download (1.9MB)

The audio is Â©2011 Australian Broadcasting Corporation, but it hasn’t been posted on their website so here it is. In return, I reckon you might choose to listen to Louise Saunders’ drive program some time soon.

21 July 201121 July 2011

Privacy rights for Australia, maybe, but where’s speech?

Early this morning, Australia’s Minister for Privacy Brendan O’Connor announced that the government will start a public consultation into whether Australia should have a statutory right to privacy.

The media release was emailed at 6.26am AEST, a clear sign that it was a calm, reasoned decision made as part of a long-term government strategy. Sorry? No? Read the release?

“The News of the World scandal and other recent mass breaches of privacy, both at home and abroad, have put the spotlight on whether there should be such a right.”

The Australian Law Reform Commission’s recommendation for such a law has been sitting on the table for three years now. But hey, something in the news cycle triggers a potential “announceable” and… disco!

Right then.

I’ve already written straight news stories today for CSO Online, Australia to consider right-to-privacy law and Watchdogs welcome Australia’s right-to-privacy move. I’ll be writing about the timing thing tomorrow for ABC’s The Drum.

Right now, though, I have one question. It’s a question I’ve asked before, but I was reminded by something Mark Newton said earlier this evening.

How come we don’t see such sudden action, ever, when is comes to giving Australians a statutory right to freedom of speech?

20 July 2011

LulzSec vs Murdoch: the lessons, and what’s next?

LulzSec’s hack of The Sun and other UK websites belonging to Rupert Murdoch’s News International yesterday was one of the highest-profile infosec breaches in history. But will it mean anything beyond today’s news cycle? I suspect not.

(If you’re not up to speed on this, please read my initial summary for CSO Online or a shorter but fresher story for Crikey.)

As I thought about this overnight, and after chatting with Paul Ducklin from information security vendor Sophos, I came to the conclusion that despite all the media coverage yesterday nothing will change.

I wrote that up as an op-ed for CSO Online, Four lessons from LulzSec vs Murdoch.

We’ve seen hack after hack after hack, but civilisation has stubbornly refused to crumble. We’ve cried wolf a few hundred times too often. We’re experiencing what Paul Ducklin from Sophos calls “hack fatigue”.

We only hear about successful hacks, from LulzSec or anyone else, Ducklin told CSO Online. “They can crow about every time they have a success,” he said, “but you never hear about the sites they never broke into.”

And the idea that LulzSEc’s high-profile hacks will suddenly focus attention on organisation’s information security vulnerabilities? Bah. We’ve been flooded with media reports of high-profile hacks for the last few years, from NATO to Paris Hilton, Google to prime minister Gillard.

After all those stories we held urgent meetings, changed our ways, and put infosec at the top of the business agenda, right?

Yeah right.

So now what? I’ll put my money on LulzSec being forgotten until their next high-profile attack, or their arrest.

[Picture: Early this morning Australian time, LulzSec tweeted: “The Sun taken care of… now what about the moon…”, linking to that image (source unknown). Is it a hint? Or a meaningless distraction?]

17 July 201117 July 2011

Weekly Wrap 58

A weekly summary of what I’ve been doing elsewhere on the internets. Most of it seemed to be about Google+.

Podcasts

Patch Monday episode 96, “Can Google+ kill Facebook? Twitter?” My guests were social computing and business futures consultant Kate Carruthers, Digital Citizens founder James Fridley, and freelance journalist and blogger Neerav Bhatt.

Articles

There’s no way I’m handing over data to Google+, for Crikey.
Online crime under-reported, under-researched, for CSO.
Amazon AWS algorithms watch for cloud-based hacks, for CSO, which includes material from my interview with Amazon’s chief technology officer Dr Werner Vogels.
Why rush? Let others find the Google+ privacy landmines, for ABC Drum Opinion.
Quintet nations agree on cybercrime action plan, for CSO. It seems the same five Anglosphere nations that have been sharing intelligence since WWII still consider themselves a unit.

Media Appearances

On Tuesday I was interviewed by ABC TV’s 7.30 for their story on voicemail hacking at News of the World. I wrote about that already.
On Friday I was interviewed on the same topic by Adelaide radio 1395 FIVEaa.

Corporate Largesse

While attending the AWS Cloud Tour 2011 on Thursday, I received ample food and drink at Amazon’s expense.
On Friday I met with analyst Arun Chandrasekaran from Frost & Sullivan. He paid for the coffee and juice.
On Friday I had another extremely long lunch with those unnamed people about that unnamed media project, but this time I managed to find my way back to where I was meant to be spending the night.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Kent Street, Sydney, photographed on Friday 15 July 2011.]

[Update 7pm: I didn’t think that last article for CSO would be posted today, but it was, so I’ve added it to the “Articles” list.]

03 July 201103 July 2011

Weekly Wrap 56

A weekly summary of what I’ve been doing elsewhere on the internets. Last week was busy enough, but this week was even busier. Something’s gotta give.

Podcasts

Patch Monday episode 94, “ISP filtering goes ‘voluntary'”. Even though Australia’s controversial mandatory internet filtering program is at least two years away from being implemented, internet service providers will soon start filtering child exploitation material on a voluntary basis. My guests are Peter Black, who teaches internet and media law at the Queensland University of Technology; Network engineer Mark Newton; Lyle Shelton, chief of staff of the Australian Christian Lobby.

Articles

The only NBN monopoly seems to be on ignorance, for ABC Drum Opinion. My response to opponents of the National Broadband Network claiming that it’ll destroy competition in the telecommunications industry.
Internet filtering isnâ€™t compulsory, but everyone will volunteer, for Crikey, covering the recent news the “voluntary” of filtering of the internet will soon begin in Australia, covering child exploitation material only.
Voluntary filtering removes the controversy, for CSO. In this op-ed I explain how the voluntary filtering makes sense technically and politically, if not necessarily for effective child protection.
Drug spam rules, thanks to WikiPharmacy: Symantec, for CSO. It’s a shame I didn’t notice that my headline is a crash blossom.
If Facebook killed Myspace will Google+ kill THE social network? Crikey. At rather short notice, when I’d already been up very early to wrote two other articles, I was asked to write a piece covering the news of both Google launching Google+ and Myspace being sold for UD 35 million and how that’d affect Facebook. This is what resulted.
Interpol blacklist goes live in Canberra, for ZDNet Australia. “Voluntary” internet filtering started on Friday.

Media Appearances

Two radio spots this week, and a guest appearance on someone else’s podcast.

On Wednesday I spoke with ABC Gold Coast about Google+ and how it’ll affect Facebook. There’s audio at the link.
On Thursday I was talking about information security for business on Phil Dobbie’s BTalk podcast.
On Friday I was talking about Myspace, Google+ and Facebook on ABC 774 Melbourne. Again, there’s audio at the link.

Corporate Largesse

None. I am reliably informed that the drought will be broken next week.

Elsewhere

[Photo: A misty dawn at Bunjaree Cottages, 1 July 2011. This is the view from Roselle Cottage, not normally rented to the punters. The much-battered camera in my phone does not do this scene justice.]

30 June 201101 July 2011

CSO: Voluntary filtering removes the controversy

My first op-ed for CSO, “The Resource for Data Security Executives”, has just been posted. It’s voluntary ISP-level internet filtering, but a different angle from my Crikey piece earlier today.

After nearly four chaotic years, Australia’s internet filtering scheme is finally coming together in a way that makes sense technically and politically, if not necessarily for effective child protection.

The chaos wasn’t all communications minister Senator Stephen Conroy’s fault. The “clean feed” was announced as Labor policy back in March 2006 by then-leader Kim Beazley. ISPs would filter out the nasties hosted overseas, where they couldn’t be hit with a takedown notice from the Australian Communications and Media Authority (ACMA).

But Conroy’s name was on Labor’s Plan for Cyber-safety published just five days out from the federal election in late 2007, and once in government it was Conroy’s job to explain that plan and sell it to voters. Everyone presumably imagined it’d be a protect-the-kiddies no-brainer.

Problem was, neither the plan not Conroy’s explanations were clear…

As I say, it’s my first outing for CSO, but if all goes according to plan there’ll be more. And in case you’re wondering, CSO is a job title. Chief Security Officer.