Stilgherrian · cybersecurity

Weekly Wrap 386: The tides are always with us

22 October 2017 in Weekly Wrap by Stilgherrian | No comments

After every up, there is a down. That’s how waves work. That’s how tides work. That’s how rollercoasters work. My week of Monday 16 to Sunday 22 October 2017 was less hectic than last week.

Some important background tasks were accomplished, but this is all that was visible to the world.

Media Appearances

Following news that the KRACK Attack breaks the WPA2 encryption used by wi-fi networks, on Tuesday I was the guest on the ABC News podcast Tell Me Straight, KRACK: Should you throw out your WiFi and go live in the woods?, and I did a spot on ABC Adelaide. I didn’t write about this formally, but I did tweet out some opinions.
On Wednesday, one of my tweets was quoted in a story at The Mandarin, Link between Govpass and Medicare numbers stirs identity fraud anxiety.

Articles, Podcasts, Corporate Largesse

None, but coming up…

The Week Ahead

Monday will be a jumbled day of geekery, editorial planning, story pitches, administrivia, and maybe even errands.

The next episode of The 9pm Edict podcast will be recorded on Tuesday 24 October at 2100 AEST. As has become traditional, it will be streamed live via stilgherrian.com/edict/live/. You still have time to support this podcast with a one-off contribution.

I’ll also be announcing a new crowdfunding campaign on Pozible. It’s been more than a year since my last concentrated ask-for-money burst, and the gods know my budget needs it. Stay tuned for details.

On Wednesday, I’ll be recording an interview for the next episode of the Covert Contact podcast. If you haven’t done so, you can listen to my first appearance, the episode about Australian Cyber Policy.

As is so often the case, the rest of the week is unplanned, including the weekend.

Further Ahead

At this stage, I haven’t locked in anything specific for the rest of the calendar year. Please feel free to make some suggestions.

[Photo: Ulex europaeus. A pretty but invasive gorse species (Ulex europaeus) phototographed at Bunjaree Cottages in the Blue Mountains. It’s looking a little the worse for wear after the recent rains. Photographed on 22 October 2017.]

Weekly Wrap 385: Fog, a hack, and a mystery happy fun time

15 October 2017 in Weekly Wrap by Stilgherrian | No comments

The week of Monday 9 to Sunday 15 October 2017 was quite productive, as you’ll see. Read on!

Articles

The first of these articles is the final one related to the launch by foreign minister Julie Bishop of Australia’s first International Cyber Engagement Strategy. See last week’s wrap for the first two.

Cyber attribution isn’t so important, even for nation states, ZDNet Australia, 9 October 2017.

On Tuesday, the Australian Cyber Security Centre (ACSC) released its 2017 Threat Report. The next day, at the national conference of the Australian Information Security Association (AISA), an Australian Defence Signals (ASD) officer told us more about an incident in that ACSC report.

ACSC Threat Report highlights deplorable ignorance, ZDNet Australia, 10 October 2017. The ignorance of the media and politicians, that is.
Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack, ZDNet Australia, 11 October 2017. This is the story that exploded, introducing the world to APT ALF, and Alf’s Mystery Happy Fun Time.
Blaming government for defence contractor’s lax cybersecurity ‘a stretch’: Pyne, ZDNet Australia, 12 October 2017. If you read this column, you’ll see that I disagree with Minister Pyne’ view.

Podcasts

None by me, but…

Media Appearances

I was the guest on this week’s Covert Contact podcast, the episode titled Australian Cyber Policy.

Sydney Morning Herald front page, 12 Oct 2017 Then the world decided to follow up my story on that Australian defence industry data breach.

It began in Australia and expanded from there, with stories in the Sydney Morning Herald (in the front page!); The Australian; ABC News; the Guardian; News.com.au; BuzzFeed; The Express in the UK; Voice of America; RT; Arab Times in Kuwait; via AAP to outlets including Sky News Australia; and via Reuters to others. If I tried to find them all, and link to them all, I’d be here all night.

I saw versions of the story in Chinese, Vietnamese, Greek, Indonesian. There were doubtless others. They’re just the ones I happened to see.

To quote ZDNet security editor Zack Whittaker in New York, it ran everywhere — and to be honest, that surprised me. I’ve covered cybersecurity, as we call it now, for a few years. This is a pretty ordinary event. It just happened to combine “mystery hacker”, with the controversial F-35 Joint Strike Fighter, with the authority of an ASD officer.

On Thursday, I did media appearances on ABC News24; ABC Radio’s The World Today; ABC TV’s 7.30; and Channel Ten’s The Project. On Friday, I appeared on BBC World’s Newsday.

I can’t possible list all of the follow-ups, but here’s a few that I’d like to mention:

Oz military megahack: When crappy defence contractor cybersecurity ‘isn’t uncommon’, surely alarm bells ring?, by Richard Chirgwin at The Register.
Australian defense firm was hacked and F-35 data stolen, DOD confirms, by Sean Gallagher at Ars Technica, confirming the breach from the American end of the supply chain.
ASD disclosure is a good thing, by James Riley at InnovationAus.com. It’s a point I agree with.

The story also morphed as it was re-reported, sometimes drastically changing the meaning of the event. One publication, which I won’t name, even reported that the ASD had been hacked, at least until I contacted them. I hope to find the time to write up that evolution, but for now here’s a few tweets.

Corporate Largesse

On Wednesday, there was food and drink at the AISA National Conference, which was held at the Hyatt Regency Sydney. Hivint offered a beer. I accepted. It was nice. Telstra gave me a t-shirt.

The Week Ahead, and Further Ahead

I’ll play it by ear. At this stage, there’s nothing special through to the end of the year, so now is your chance to fix that.

[Photo: Mountain Life, with Fog, The entry road to the Carrington Hotel, Katoomba, photographed through the evening fog on 10 October 2017.]

Weekly Wrap 384: International diplomacy, and a skink

08 October 2017 in Weekly Wrap by Stilgherrian | No comments

The week of Monday 2 to Sunday 8 October 2017 was short and full of pain, a bit like Woody Allen. Monday was a public holiday, and the rest of the week was packed with media tasks.

Articles

Both articles relate to the launch by foreign minister Julie Bishop of Australia’s first International Cyber Engagement Strategy on Wednesday. There might be a third story next week.

Australia goes hawk with new diplomatic cyber strategy, ZDNet Australia, 4 October 2017.
Australia’s diplomatic challenge is to avoid a cyber arms race, ZDNet Australia, 5 October 2017.

Podcasts

None by me, but I’m the guest on the next episode of the Covert Contact podcast. It was recorded on Friday, and will appear on Monday — which may be Tuesday Australian time.

Media Appearances

This week Australia’s federal and state governments agreed to merge the state-held facial biometric databases for things like drivers licenses into the federal system. I spoke about that on ABC Adelaide on Wednesday afternoon, and ABC South East NSW on Thursday morning. I probably won’t have time to post the audio though.

Corporate Largesse

On Wednesday, there were nibbles to be eaten at that cyber policy launch.

The Week Ahead

Monday and Tuesday will be a confused mix of planning, administrivia, story pitches, geekery, shopping, and other errands up here in the Blue Mountains.

Wednesday and Thursday will be spent in Sydney. Mostly it’s to cover the national conference of the Australian Information Security Association (AISA), but that’s up against the grandly named Everything IoT Global Leadership Summit, so I might pop over to that for a while too.

Friday 13 October is clearly going to be a day of writing. The weekend is unplanned.

Further Ahead

I think I’ll have to drop my plan to cover Ruxcon in Melbourne on 21–22 October, because it’s only two weeks away and there isn’t actually a plan. If I do get the energy for crowdfunding, it should probably go towards other things.

At this stage, there’s nothing special through to the end of the year. Now is your chance to fix that.

[Photo: Skink, being a 25cm-long skink of unknown species photographed at Bunjaree Cottages on 6 October 2017.]

Weekly Wrap 383: Pain in, but not because of, Melbourne

02 October 2017 in Weekly Wrap by Stilgherrian | No comments

The week of Monday 25 September to Sunday 1 October 2017 was made of Melbourne and back pain. One was good, the other less so.

Articles

Cuts could threaten Australia’s cyberscience future, ZDNet Australia, 25 September 2017.
Supporting digital trade a key element of Australia’s cyber diplomacy: Feakin, ZDNet Australia, 26 September 2017.
Technology innovation is about knowledge not gadgets, ZDNet Australia, 29 September 2017.

Podcasts

None.

Corporate Largesse, Media Appearances

On Monday, in the wake of political SMS messages having been sent as part of Australia’s ludicrous same-sex marriage survey, I spoke about the law relating to these matters on ABC Adelaide and ABC Canberra. I probably won’t post these.
On Wednesday night, I spoke about the Digital Manipulation of Democracy for the Victorian Fabians in Melbourne. Video recordings of this event will be posted soon. Stay tuned.

Corporate Largesse

On Tuesday, there was of course food and drink at SINET61, held at the Four Seasons Sydney.
On Wednesday night, Victorian Fabians bought me dinner at the Captain Meville Hotel. They had of course covered my flights to and from Melbourne, and accommodation at the Jasper Hotel, but I was not paid for the gig.

The Week Ahead

Monday is a public holiday, and here I am writing for you. On Tuesday, I’m skipping the iappANZ Summit 2017 because I need to rest my back. I’ll be reading instead.

Wednesday sees a day trip to Sydney, where foreign minister Julie Bishop is launching Australia’s first International Cyber Engagement Strategy. I previewed the strategy last week, but will be writing further for ZDNet I’m sure.

Thursday onwards is unplanned, but I know I have some geekery to perform.

Further Ahead

Events I’m covering or speaking at include:

The Australian Information Security Association (AISA), Sydney, 10–12 October.
Ruxcon, Melbourne, 21–22 October.

If there’s anything I should add in there, please let me know.

[Photo: Sydney Harbour, after David Moore. Sydney Harbour photographed from Virgin Australia flight VA859, a Boeing 737-800 registration VH-VUQ, on 30 September 2017. The style is similar to David Moore’s famous “Sydney Harbour from 16,000 feet” (1966) and related photos, but nowhere near as wonderful.]

Weekly Wrap 379: Six weeks at winter’s end

03 September 2017 in Weekly Wrap by Stilgherrian | Permalink

This Weekly Wrap covers six weeks, Monday 24 July to Sunday 3 September 2017, because it was a Bad Time. Quite a bad time, clearly. But let’s focus on the good bits.

Articles

Australia’s inside-out digital health strategy, ZDNet Australia, 7 August 2017.
Cybercrime in China is the same, but different, ZDNet Australia, 10 August 2017.
Australia to try taming unruly cyber words, ZDNet Australia, 14 August 2017.
Australian businesses targeted in Cisco switch and router attacks: ACSC, ZDNet Australia, 17 August 2017.
Gartner sets fire to all the cyber things, ZDNet Australia, 21 August 2017.
The IoT-based threat of Cyber Chocolatocalypse, and worse, ZDNet Australia, 22 August 2017.

Podcasts

None, but I’ll announce my latest alleged plans in the next few days. Heh. Yeah, right.

Media Appearances

On Monday 24 July, I spoke about exploding batteries on ABC Melbourne.
On Wednesday 16 August, I speculated about Australia’s new cyberwar unit on ABC Adelaide.
On Tuesday 22 August, I spoke about a bunch of things on ABC Melbourne.

I probably won’t get around to posting the audio from these, but we’ll see.

Corporate Largesse

My flights from Sydney to Canberra and return on 11–12 August were provided by Australian consulting firm IBRS.
There was plenty of free food and drink at the Gartner Security & Risk Management Summit on 21–22 August, as well as vendor swag. Crowdstrike: Branded webcam privacy covers. Cylance: Branded USB-to-various recharge cable. Thales: A branded lens kit for mobile devices, with macro and fisheye lenses; another of the excellent Thales pens. Trustwave: One of those credit card sized multi-purpose tools.

The Week Ahead

All I’ll say for now is that I’ll definitely be down in Sydney on Thursday for a couple of medical things. The rest I’ll make up as I go along. As always, watch for the details on Twitter.

Further Ahead

Events I’m covering or speaking at include:

SINET61 on 26 to 27 September.
I’m speaking at Digital Manipulation of Democracy, part of the Victorian Fabians’ Spring Series of events on “Digitisation and Democracy”, on 27 September in Melbourne.
The iappANZ Summit 2017 on 3 October.
The Australian Information Security Association (AISA) in Sydney from 10 to 12 October.
Ruxcon in Melbourne on 21 to 22 October.

If there’s anything I should add in there, please let me know.

[Photo: Dawn at Wentworth Falls, looking east from Wentworth Falls railway station on the chilly morning of 21 August 2017.]

Weekly Wrap 373: Three weeks, ending in sunshine

23 July 2017 in Weekly Wrap by Stilgherrian | Permalink

This Weekly Wrap covers three weeks, Monday 3 to Sunday 23 July 2017, because I just simply didn’t get around to it. Sometimes the pace needs to be pulled back. Especially when you’re in Queensland.

There was plenty of productivity, but it was in the background. You’ll see hints of it in the lists.

Articles

Australia moves a step closer to the East India Cyber Company, ZDNet Australia, 3 July 2017.
Why Startupland needs the veil of ignorance, ZDNet Australia, 13 July 2017. This came out of the Data + Privacy Asia Pacific conference on 12 July.
Data retention’s value for money still not proven: Criminologist, ZDNet Australia, 19 July 2017. This story, and the next two, came out of the 5th International Conference on Cybercrime and Computer Forensics (ICCCF) on the Gold Coast on 17–18 July.
Fear of downloadable guns becoming a reality, ZDNet Australia, 20 July 2017.
Cyberwar looms as diplomats dither, ZDNet Australia, 21 July 2017.

Podcasts

None, but see below.

Media Appearances

On Wednesday 5 July, I spoke about the Medicare data breach and the dark web on ABC Adelaide.
On the same day, I spoke with journalism students at Macleay College about the tech press, and my thoughts on journalism generally. They’ve published an article and edited video.
On Friday 14 July, I spoke about the Australian government’s cryptography plans on ABC Perth.
On Thursday 20 July, I spoke about various ways to help secure your email on ABC Gold Coast.

I probably won’t get around to posting audio of those last two.

Corporate Largesse

None, apart from the food and drink provided at the conferences.

The Week Ahead

Monday through Wednesday will be days of writing and editing, for both ZDNet and the SEKRIT project. The latter is very close to completion now.

~~The next episode of The 9pm Edict podcast will finally be recorded this Thursday 27 July at 2100 AEST, and streamed live via stilgherrian.com/edict/live/.~~ You still have time to support this podcast with a one-off contribution.

On Friday, I’m heading down to Sydney, and the University of NSW in particular, to help celebrate the 30th birthday of the Australian Privacy Foundation. How time flies.

Further Ahead

At some point between 26 and 28 July, I’m recording the pilot episode of a new podcast. Even though it’s a variant of The 9pm Edict, it won’t be streamed live. It’s a different sort of thing. Details soon.

Later in the year, I’m covering SINET61 on 26 to 27 September; the iappANZ Summit 2017 on 3 October; the Australian Information Security Association (AISA) in Sydney from 10 to 12 October; and Ruxcon in Melbourne on 21 to 22 October.

If there’s anything I should add in there, please let me know.

[Photo: Approaching Gold Coast Airport (OOL/YBCG) from the north, photographed on 16 July 2017 from Virgin Australia flight VA517, served that day by Boeing 737-800 registration VH-YVA.]

Weekly Wrap 370: One and a half launches and climbing

02 July 2017 in Weekly Wrap by Stilgherrian | Permalink

My week of Monday 26 June to Sunday 2 July 2017 was strangely quiet, but also strangely productive. It’s a fine start for the new financial year.

I’m even fixing my broken time-management systems, and that’s just one of the reasons I finally feel like I’m climbing out of a low patch.

Articles

Australia’s encryption thwart thought is fraught, ZDNet Australia, 28 June 2017.

I wrote a second piece for ZDNet, which will be posted on Monday.

Media Appearances

On Tuesday night Australian time, the ransomware known variously as Petya or NotPetya amongst other things, spread across the planet. Inevitably, I ended up talking about it in the media on Wednesday. I did radio spots on 3AW Melbourne, ABC Brisbane (where I also spoke briefly about the €2.4 billion fine copped by Google), ABC Melbourne, and various ABC News reports. I also appeared on Channel TEN’s The Project.

And on Friday evening, I spoke about Australia’s new cyber warfare unit (briefly) and other matters with Peter Goers on ABC Adelaide.

Podcasts, Corporate Largesse

None. Read the rest of this entry »

Weekly Wrap 367: Too much rain, too little evidence

12 June 2017 in Weekly Wrap by Stilgherrian | Permalink

My week of Monday 5 to Sunday 11 June 2017 wasn’t bad at all, despite the rain. Most of the achievements were in the background, however.

Articles

Mobile security is really about risk and identity management, ZDNet Australia, dated 1 June 2017, but actually published this week.

Podcasts, Media Appearances, Corporate Largesse

None.

The Week Ahead

Monday is a public holiday for the Queen’s Birthday, but I’ll be working on the SEKRIT editorial project. That work will continue on Tuesday, after which the project should not be SEKRIT. Wednesday will be devoted to administrivia.

Thursday will be spent in Sydney. So far I’ve scheduled a meeting, two medical appointments, and a bunch of errands.

On Saturday, I’m recording the pilot episode of a new podcast. I’ll tell you more about that in about a week.

Further Ahead

I’m covering 5th International Conference on Cybercrime and Computer Forensics (ICCCF) on the Gold Coast from 16 to 18 July, I hope; and the national conference of the Australian Information Security Association (AISA) in Sydney from 10 to 12 October.

If there’s anything I should add in there, please let me know.

[Photo: Central station in the rain, photographed on 9 June 2017. The view is from a NSW TrainLink V-set (#purpletrain) standing on platform 7 looking towards platform 8.]

Weekly Wrap 366: Winter, inevitably, but you knew that

04 June 2017 in Weekly Wrap by Stilgherrian | Permalink

Elizabeth Bay, Sydney My week of Monday 29 May to Sunday 4 June 2017 was less annoying than usual. I take this as a positive sign.

Podcasts

“The 9pm Courting Disaster”, being The 9pm Edict episode 67. This episode is also available on SoundCloud and Spreaker. This was the first episode in two months. I’d you’d like to help make them more frequent, please feel free to contribute.

Articles

Australia’s grand cyber plan swamped by reality: ASPI, ZDNet Australia, 31 May 2017.
I also finished a piece for ZDNet that’ll appear in the next few days.

Media Appearances

On Monday 29 May, Justin Warren quoted some of my tweets is a piece for Forbes, Fast Failure Of Imagination.
On Tuesday, I spoke about digital driver’s licenses on ABC Adelaide. I won’t be posting this audio, or the ones I’ve missed uploading in the last couple of months. There’s some higher-priority things to focus on.

Corporate Largesse

None.

The Week Ahead

It’s more or less the same as last week, except that the plan might actually come together. There’s work to do on the SEKRIT editorial project; and writing a thing for ZDNet, plus a bunch of administrivia. Then it’s the long weekend for the Queen’s Birthday, though I haven’t had a chance to even think about that yet.

Further Ahead

I’m covering 5th International Conference on Cybercrime and Computer Forensics (ICCCF) on the Gold Coast from 16 to 18 July, I hope; and the national conference of the Australian Information Security Association (AISA) in Sydney from 10 to 12 October.

If there’s anything I should add in there, please let me know.

[Photo: Elizabeth Bay, Sydney, photographed on 9 June 2014 just after some afternoon rain. This image had previously gone through Instagram. While some might complain about the supposed purity of not using filters, I quite like the painterly effect. I’ll rant about the idiocy of the #nofilter hashtag another time.]

Weekly Wrap 364: Cruising through May, striking few rocks

21 May 2017 in Weekly Wrap by Stilgherrian | Permalink

It’s another multi-week Weekly Wrap, covering the three weeks from Monday 1 to Sunday 21 May 2017. The throat infection is finally gone — touch wood — but the sleep patterns are still rubbish, and the care factor low.

I don’t want to whinge any more, through, so here are the things.

Articles

Cyber cooperation leads to cybersecurity, so why won’t Australia cyber do it?, ZDNet Australia, 3 May 2017.
Lawyers and insurers set for data breach payday, ZDNet Australia, 10 May 2017.
Hey cyber techbros, smugly yelling ‘patch and back-up’ won’t fix ransomware, ZDNet Australia, 15 May 2017. This was my response to the WannaCry worm outbreak a few days previously, and I got a bunch of hate mail, but also a bunch of compliments. Go figure.

Podcasts

None, but see below for my podcast plans.

Media Appearances

On Tuesday 2 May, I spoke very briefly about the attempted extortion of Netflix by a hacker group on Ten Network’s The Project. It was originally planned to be a longer package followed by a studio guest, but we were cut back to make room for a breaking political story. I forgot to grab a copy of the video, alas.
Some of my comments on WannaCry were quoted in an article at Popular Science, 5 things we learned from WanaCryptor, the biggest ransomware attack in internet history, as well as some other places.
Some of my tweets about Twitter’s privacy changes were quoted at Breitbart, of all places, in Twitter Introduces 'Creepy' New Privacy Settings, Auto Location Tracking.
Some of my tweets on the death of Mark Colvin were quoted by the Sydney Morning Herald, ABC journalist Mark Colvin dead at 65.

I’ve just finished reading Mark Colvin’s book, Light and Shadow: Memoirs of a Spy’s Son, and it’s wonderful. If you’re in Australia, it’s currently AUD 8.60 on Kindle.

Corporate Largesse

On Wednesday 3 May, I covered Cyber Security — the Leadership Imperative 2017, and a lovely breakfast was served. It also led to the first two stories listed above.

The Week Ahead

I’ve dropped my plans to cover the AusCERT Information Security Conference on the Gold Coast later this coming week, in part because I’ve got plenty of other things to do.

This week I plan to do a solid amount of work on the SEKRIT editorial project; write a thing or two for ZDNet, including a 1500-word feature; plus, I guess, a bunch of other things. But I won’t assign specific tasks to specific days, because that tends to jinx things, especially with my sleep patterns still being so dodgy.

Further Ahead

The next episode of The 9pm Edict podcast will be recorded and streamed live on Tuesday 30 May from stilgherrian.com/edict/live/, starting at 2100 AEST. You still have time to support this podcast with a one-off contribution.

(For those of you who’ve been asking about ongoing contributions, yes, I still intend to set up a better system for that. That won’t be finalised for a while, though, so one-off contributions are very welcome.)

Beyond that, I’m covering 5th International Conference on Cybercrime and Computer Forensics (ICCCF) on the Gold Coast from 16 to 18 July, I hope; and the national conference of the Australian Information Security Association (AISA) in Sydney on 10 to 12 October.

If there’s anything I should add in there, please let me know.

[Photo: Circles and Spikes. The side of the cruise liner Carnival Spirit docked at the Overseas Passenger Terminal, Circular Quay, Sydney, on 17 May 2017.]

cybersecurity

Media Appearances

Articles, Podcasts, Corporate Largesse

The Week Ahead

Further Ahead

Articles

Podcasts

Media Appearances

Corporate Largesse

The Week Ahead, and Further Ahead

Articles

Podcasts

Media Appearances

Corporate Largesse

The Week Ahead

Further Ahead

Articles

Podcasts

Corporate Largesse, Media Appearances

Corporate Largesse

The Week Ahead

Further Ahead

Articles

Podcasts

Media Appearances

Corporate Largesse

The Week Ahead

Further Ahead

Articles

Podcasts

Media Appearances

Corporate Largesse

The Week Ahead

Further Ahead

Articles

Media Appearances

Podcasts, Corporate Largesse

Articles

Podcasts, Media Appearances, Corporate Largesse

The Week Ahead

Further Ahead

Podcasts

Articles

Media Appearances

Corporate Largesse

The Week Ahead

Further Ahead

Articles

Podcasts

Media Appearances

Corporate Largesse

The Week Ahead

Further Ahead

Categories

More Stilgherrian