hacking

You are currently browsing articles tagged hacking.

The wokking of the kangaroo: click to embiggenMost of my week of Monday 17 to Sunday 23 August 2015 was wiped out by a cold, as I mentioned last time. But apart from that, I’m pleased with proceedings.

I didn’t get much new done, but some of my recent ZDNet columns seem to have gotten plenty of attention. I squirted out a new podcast, and locked in plenty of stuff for the future.

Articles

Following on from last week’s Android, you have serious security problems, we have…

Podcasts

Media Appearances

5at5

There were four editions of 5at5, on Tuesday, Wednesday, Thursday, and Friday. Why not subscribe so you’ll get all the future ones?

Corporate Largesse

  • On Wednesday, I met with Dick Bussiere from Tenable Network Security — the chap who was quoted in this week’s ZDNet column — and their PR people paid for the coffee.

The Week Ahead

The week begins with the 0636 train to Sydney, because this is the first of two weeks I’m spending in Ashfield in Sydney’s inner west, catsitting. On Monday and Tuesday, I’m covering the Gartner Security & Risk Management Summit in Sydney. I daresay that I’ll spend a big chunk of Wednesday writing about things from that event. Thursday too, maybe.

Mid-week I’ll also be announcing the full details of The 9pm Edict Public House Forum. I’ve already said elsewhere that it’ll be recorded on Saturday 12 September at the Australian Arms Hotel in Penrith, but still to come is information on how you can be part of the live audience.

In the latter part of the week, I’ll finally be able to buy all the hardware that you good people have paid for in The 9pm Urgent Hardware Refresh. The new MacBook Pro has already been ordered, and should arrive late in the week. I’ll shop around for the rest as I get the time.

The weekend sees a Full Moon, so I shall take the necessary precautions. I’ll probably also knock off a quick episode of The 9pm Edict.

Further Ahead

During the following week, starting Monday 31 August, I’ll design and test my new podcast recording set-up. I’ll post a description once that’s done. I’ll be at the ACCAN National Conference on Tuesday 1 and Wednesday 2 September, and indeed taking part in a panel discussion on the Wednesday afternoon. The weekend of 5 and 6 September will see another special episode of The 9pm Edict.

Further ahead still, on Friday 11 September, I’ll be presenting my regular guest lecture at UTS. And then on Saturday 12 September, it’s The 9pm Edict Public House Forum, with post-production to be done on the Sunday.

[Photo: The kangaroo is wokked, being a photograph of my breakfast in progress, taken on 23 August 2015.]

ABC logoThe Ashley Madison hack returned to the news this week, because the 30-day deadline given by Impact Team, the hacker(s) who claimed responsibility, expired, and the site’s data started being dumped onto the internet.

While I’d spoken about this before on ABC 936 Hobart, this week I spoke about the then-latest developments on Friday with ABC Gold Coast. Here’s the full conversation with morning presenter Nicole Dyer.

The site I mentioned at the end, where you can check whether your email address appears in the Ashley Madison data dump, or in many of the larger data breaches of recent years, is haveibeenpwned.com, run by Australian security researcher Troy Hunt. Use it.

Play

The audio is of course ©2015 Australian Broadcasting Corporation.

Barangaroo from Pyrmont: click to embiggenMy week of Monday 10 to Sunday 16 August 2015 was just as remarkable as the previous week, in that I got plenty of interesting things done.

Given that this Weekly Wrap is so dreadfully late, however, I won’t go into any details.

Articles

Podcasts

None. But there’ll be a new episode of The 9pm Edict on Sunday 23 August. See Update 11 of The 9pm Urgent Hardware Refresh for details of the plan from there on.

Media Appearances

5at5

There were three editions of 5at5, on Monday, Thursday, and Friday. Why not subscribe so you’ll get all the future ones?

Corporate Largesse

None.

The Week Ahead

Most of it’s gone already, thanks to a nasty cold. Many people in and around Sydney seem to have been hit by this one. However, there’s a good two and a half days left, so…

On Friday (today), I’ll be re-planning everything post-cold, and writing a column for ZDNet.

On Saturday, I’ll be heading to Penrith to sort out a recording location for The 9pm Edict Public House Forum, as well as running a few errands. En route, I’ll be working on the script for the first of the three special podcast episodes for The 9pm Urgent Hardware Refresh. And on Sunday, I’ll be recording and posting that episode.

Further Ahead

The week beginning Monday 24 August will be the first of two weeks I’ll be spending in Ashfield in Sydney’s inner west, catsitting. I’m looking forward to it, though visiting Ashfield is always a bittersweet experience for me, for reasons that some of you may be aware of.

On Monday and Tuesday, I’m covering the Gartner Security & Risk Management Summit in Sydney. In the past, I’ve gotten good value out of this event. I daresay that I’ll spend a big chunk of Wednesday writing about things from that event. Thursday too, maybe.

In the latter part of the week, I’ll finally be able to buy all the hardware that you good people have paid for in The 9pm Urgent Hardware Refresh. In between some meetings in the city, I’ll be designing and testing my new recording set-up, and posting a description once I’ve gotten it all working to my satisfaction. The weekend sees a Full Moon, so I shall take the necessary precautions.

Looking even further ahead, I’ll be at the ACCAN National Conference on Tuesday 1 and Wednesday 2 September, and indeed taking part in a panel discussion on the Wednesday afternoon. The weekend of 5 and 6 September will see another special episode of The 9pm Edict.

And further ahead still, on Friday 9 September, I’ll be presenting my regular guest lecture at UTS. And then on Saturday 10 September, I should be recording The 9pm Edict Public House Forum — though I’ll officially confirm that date tomorrow afternoon.

[Photo: Barangaroo from Pyrmont, photographed on 11 August 2015 as I was waiting for a coffee companion. The Barangaroo development is certainly dominating the western side of the Sydney CBD now.]

Screenshot of Stilgherrian on Lateline: click for video and transcriptIt was my very great pleasure to talk about hacking and the impending security disaster that is the Internet of Things (IoT) on ABC TV’s Lateline last night — and don’t I look concerned.

Also joining the program was security researcher Runa Sandvik, who got plenty of media recently for hacking a smart sniper rifle.

I won’t go into too many details here, because you can see the video and transcript at the Lateline website. For the next month or so, you can also watch it in HD on iView.

However, this exchange surprised me:

STILGHERRIAN: … Scarier though is what’s happening with smart TVs. There are millions of those around the world. They’re networked, so you can watch clips from YouTube or whatever on them or Netflix or any of the streaming services, and yet I’ve seen a young hacker from South Korea not only hack a smart TV, hack it in 10 different ways and set it up so that the camera and microphone in the TV are streaming live video and sound out to the internet while the television looks like it’s turned off. These are televisions that are being installed over the last few years and more in the future in hotel bedrooms, classrooms, corporate boardrooms. So they’re kind of like an always-on surveillance device.

JOHN BARRON: I guess, Runa, the question then occurs: well, who would want to do this? Who would want to hack into somebody’s TV set in suburban Australia or the United States? The answer would probably be: well, nobody. But why would somebody want to do this?

RUNA SANDVIK: There’s a mix. There’s definitely people that are doing this for sort of evil purposes, if you will, or to make money, and there are people that do it just because they can, because it’s there, it’s a possibility, it’s not as secure as it should be and they do it just to show that they can.

Personally, I’d have thought that the security risks of peering into people’s homes would have been obvious, but the questions moved on before I could point out the attraction to both pilferers and perverts.

Anyway, you can also read my thoughts on this in my December 2014 column, All aboard the internet of things infosec hype train, and its January 2014 predecessor, Our hackers, who art in open source, deliver us from refrigerators.

The Final Redoubt: click to embiggenMy week of Monday 27 July to Sunday 2 August 2015 represented a remarkable turnaround — perhaps the turnaround that I’d been detecting in the winds since June. And then there’s the bushfire. It’s all so complicated!

Why? It was a full week with a properly-working computer — a week spent in a house with a properly-working kitchen, heating, and inspiring view — and that brought back some of the clarity of thought which I’ve been sorely lacking. I got plenty done, the most important in many ways being the launch — finally! — of The 9pm Urgent Hardware Refresh.

I was very pleased when people started contributing to this crowdfunding campaign just as soon as it was launched. I’m even more pleased to report that as I write this, roughly half-way through the campaign period, we’ve reached 54% of the initial target. That means we’re likely to succeed.

The stress of not having a working computer is subsiding, but I’m not counting my chickens before they’re hatched.

People who write or perform for a living will also understand the importance of the kind of reassurance that comes with people supporting the plan which, until then, had existed solely in your own head.

That has helped. Thank you. If you haven’t done so already, please check out The 9pm Urgent Hardware Refresh

Thanks also to the many people who asked whether I was in any danger from this weekend’s bushfire at Wentworth Falls. No, I’m not.

The fire is only 3km from Bunjaree Cottages, but between it and me there’s some significantly challenging terrain, and the wind has been taking the fire in a different direction. More than 100 volunteers from the NSW Rural Fire Service have been keeping us safe.

I’m certainly paying attention to what’s happening, though, and I see that there’s a wind change forecast for Monday. Depending on how the RFS people go with their plans for the rest of today and overnight, well, my risk assessment may change.

Just as I write this, the alert for the fire area has been raised from WATCH AND ACT to EMERGENCY WARNING — the latter being described thusly:

You may be in danger and need to take action immediately. Any delay now puts your life at risk.

I must stress again, though, that I am not in the alert area, and I currently face no risk.

Articles

Podcasts

  • On Friday, I posted “The 9pm I Can’t Believe It’s Not a Planet”, being The 9pm Edict episode 46. I turned out better than its convoluted production process led me to imagine. I may tell you about that during the week.

Media Appearances

5at5

The hiatus has ended. There were two editions, on Thursday and Friday. Why not subscribe so you’ll get all the future ones?

Corporate Largesse

None. But there’s quite a bit scheduled for the coming week.

The Week Ahead

This is going to be a better-structured one, folks.

Monday will be a media production day — but I’ll decide the exact details on the day, depending on the bushfire threat level.

On Tuesday, I’ll be catching the 0706 train to Sydney, because on Tuesday and Wednesday I’ll be covering the ADMA Global Forum, presented by the Association for Data-driven Marketing and Advertising. Also, at 2030 AEST on Tuesday night, I’ll be a guest on ABC Local Radio around NSW. And on Wednesday night, I’ll be going to Text100’s (in)famous Christmas in August event, a preview of their clients’ consumer technology for Christmas.

On Thursday, I’ll be going to a lunchtime briefing by NetSuite, and writing something for ZDNet, before taking the train back to the Blue Mountains. Thursday is also the last day of The 9pm Urgent Hardware Refresh, with the campaign ending at 2100 AEST that evening.

On Friday, I’ll be confirming what’ll happen with the funds so raised.

[Photo: The Final Redoubt, photographed on 2 August 2015. Should I ever need a final hiding place from a severe bushfire — and everything has happened so quickly that we skipped straight past three levels of warning, the fire jumped the road and railway, and all escape routes were blocked — then this cutting on Railway Parade near Wentworth Falls is where I’d wrap myself in wet woollen items and hope for the best.]

ABC logoThe information security news story of the week was, of course, the data breach at “affairs” and “cheaters” website Ashley Madison, something first reported by journalist Brian Krebs.

I spoke about this data breach in a couple of radio spots — I’m reluctant to call it a
“hack” until we have some evidence that a hack was involved, as opposed to some internal problem — but I reckon the first was the best.

Here’s that conversation, a 13-minute chat from Tuesday morning with ABC 936 Hobart morning presenter Leon Compton. Enjoy.

Play

The audio is of course ©2015 Australian Broadcasting Corporation.

ABC logoHundreds of millions of Samsung smartphones have a serious security vulnerability. The company has known about it since December, but hasn’t done anything about it. I spoke about this on ABC Radio’s The World Today on Thursday.

A software bug is making around 600 million Samsung mobile phones around the world vulnerable to attack. The bug in the phone’s keyboard software could allow hackers to read text messages and to view and take photos. It was found by a US computer security company which informed Samsung late last year.

If you want the technical details, read the Ars Technica story, New exploit turns Samsung Galaxy phones into remote bugging devices.

Here’s the three-and-a-half minute radio story. There’s also a transcript, and a written news story, Samsung phones vulnerable to cyber attacks because of software bug.

Play

The audio is ©2015 Australian Broadcasting Corporation, and it’s being served here directly from the ABC website.

Since this report aired, Samsung has said that it will fix this vulnerability, but not all Samsung smartphone owners will receive the fix immediately.

Surveillance: click to embiggenMy week of Monday 8 to Sunday 14 June 2015 has been another productive one, despite Monday allegedly being a holiday. Thank you, Your Majesty. I’m exhausted.

I also think I’m coming down with a cold, which is hardly surprising. We’ll see.

There’s much I want to talk about, but this very moment I’m at the regularly monthly Poetry in the Pub in Katoomba. I have Sunday Lunch here many weeks. But this month it’s essentially a wake, because one of their number has passed. I’ll admit that I shed a tear as one chap read Henry Lawson’s “The Glass on the Bar”. My whinges can wait for another time.

Articles

There’s also two more ZDNet pieces in the pipeline. They’ll appear in the first half of the coming week, I imagine.

Podcasts

None. The next episode of The 9pm Edict is now scheduled for Wednesday 17 Saturday 20 June.

5at5

There were five editions of 5at5 this week, on Monday, Tuesday, Wednesday, Thursday, and Friday. That’s more than 25 things for you to read! To save me having to tell you this, you could just subscribe.

Media Appearances

Corporate Largesse

None.

The Week Ahead

On Monday and Tuesday, I’ll be finishing off those two ZDNet stories. In theory, I’m also heading in to Sydney on Tuesday for the Optus Business Lunch, to hear the company’s chief executive officer Allen Lew deliver a keynote speech on “how customer behaviours are driving digital transformation” — but with deadlines, that may have to be cancelled. That Sydney trip will definitely be cancelled.

On Wednesday, I’ll be completing an episode of The 9pm Edict podcast. On Thursday, I’ll be writing a column for ZDNet. Wednesday and Thursday are writing days, completing those two ZDNet items, plus a piece for Crikey, plus starting on an episode of The 9pm Edict podcast.

On Friday, I’m definitely doing the long commute to Sydney, to go to a lunchtime briefing by the Wynyard Group on corporate and cyber criminals.

On Saturday I’ll be completing the podcast, and perhaps helping with some, um, engineering work at Bunjaree Cottages. While the rest of the weekend has not yet been planned, the Solstice is on Sunday night — well, for me it’s at 0238 AEST on Monday morning — so I’ll be marking the occasion in some way. How? I’m not sure yet. The same applies to the rest of the weekend, I suppose.

Update 15 June 2015: Edited to reflect the schedule change. Second update, 1620 AEST: Edited to add link to ABC Riverina recording. Update 17 June 2015: Edited to reflect further schedule changes.

[Photo: Surveillance, photographed at Wentworth Falls railway station on 13 June 2015.]

Winter in Katoomba: click to embiggenMy week of Monday 25 to Sunday 31 May 2015 did not unfold as planned, but it wasn’t a complete disaster.

Podcasts

  • “The 9pm Orgy of Confusion”, being The 9pm Edict episode 44. There’s actually a lot more to this episode than this simple entry might suggest. Please listen.

Articles

  • Lessons from a Sydney cryptoparty, ZDNet Australia, 25 May 2015. Quite a few people have said this is a good piece, despite its bland headline, so perhaps you might do me the honour of clicking through and reading it.

5at5

There were two editions of 5at5 this week, on Monday, and Friday. To save me having to tell you this, you could just subscribe.

Media Appearances

None.

Corporate Largesse

None. But this will change next week.

The Week Ahead

On Monday, I’ll be doing various tasks which I am not at liberty to reveal, before heading to Sydney and getting a decent night’s sleep before…

On Tuesday, I’ll be getting up early and heading to the morning sessions of Check Point’s Cyber Security Symposium 2015. In the afternoon I’m flying to the Gold Coast for the AusCERT 2015 Information Security Conference, which runs through to Friday afternoon. I’ll even be taking part in the AusCERT Speed Debatecheck out last year’s — before flying back to Sydney on Friday night.

Then it’s the Queen’s Birthday long weekend, and I haven’t quite decided what happens with that.

[Photo: Winter in Katoomba, photographed on 31 May 2015.]

2UE logoIs it possible to hack into a commercial airliner’s flight control systems by first hacking into its inflight entertainment system?

That’s the worry, certainly. But now the FBI has said that security researcher Chris Roberts told them he’d done exactly that hack 15 or 20 times, and on one occasion even managed to compromise the Thrust Management Computer, getting it to issue a “climb” command to one engine — with the result that the burst of increased thrust caused “lateral movement” of the aircraft.

Except Wired reports that Roberts told them that he claimed no such thing. He’d had many hours of conversations with the FBI, and in condensing that down to a few sentences they’ve got the wrong end of the stick.

This whole story caught the attention of 2UE morning presenter Stuart Hocking, we spoke about it for about seven minutes earlier today, and here’s the recording.

Play

This audio is ©2015 Radio 2UE Sydney Pty Ltd.

« Older entries