Weekly Wrap 164: A turn-around, with Finnish jelly beans

Glimpse of Sydney Central: click to embiggenMy week Monday 22 to Sunday 28 July 2013 was initially as unproductive as the previous two, but Thursday marked a turning-point. Thank the gods. No details.

Articles

Podcasts

None, but I did plenty of behind-the-scenes work on the Corrupted Nerds website, including settling on Cryout Creations’ Mantra theme for WordPress as the design framework.

This fixed a very, very annoying bug that I’d encountered in some other themes that broke the RSS feeds in Blubrry’s PowerPress Podcasting Plugin for WordPress, and that in turn meant that I couldn’t add the podcasts to Apple’s iTunes store.

Having removed that roadblock, I’ll be able to add more material to Corrupted Nerds very soon — including two new episodes in the coming week.

Media Appearances

None.

Corporate Largesse

The Week Ahead

On Monday I’ll complete a catch-up edition of my ZDNet Australia column, The Full Tilt, with something that’ll probably annoy quite a few people who call themselves geeks, and then spending the afternoon in Katoomba. Somewhere in there I’ll fire up that Nokia Lumia 925.

On Tuesday I’ll write a piece for Technology Spectator, one that’s been on the back burner for a while, and completing a new episode of Corrupted Nerds: Conversations podcast. The forecast is for a rainy day, so that’s perfect.

On Wednesday morning I’ll head into Sydney to attend a media event with Vodafone Australia at 1030, then the rest of the week becomes some what flexible — although I know it include a medical appointment in Sydney, another column for ZDNet Australia and some planning.

The weekend is currently unplanned.

[Photo: Glimpse of Sydney Central, being a view of the clock tower at Sydney’s Central station, taken early one winter morning from the Metro Sydney Central hotel.]

Do McAfee’s new cyberstats really represent a shift?

Composite image of ZDNet column headline and McAfee report title: click for ZDNet columnAs brokers of reliable information about the scale of online crime and espionage, most information security vendors would make great used car salesmen — but McAfee’s latest research finally seems to be taking the right path.

In my column at ZDNet Australia this week, I give McAfee some praise for the most recent research they’ve funded, a preliminary report from the Washington-based Center for Strategic and International Studies titled The Economic Impact of Cybercrime and Cyber Espionage that dismantles the daft idea that cyberstuff costs the global economy a trillion dollars a year.

McAfee now admits that you can’t run a small-N survey in a couple dozen large, wealthy nations — often a self-selected sample of known crime victims at that — and extrapolate the data globally.

Their new figure is “probably measured in the hundreds of billions of dollars”, although they never quite commit to one specific number…

“In the context of a $70 trillion global economy, these losses are small, but that does not mean it is not in the national interest to try to reduce the loss, and the theft of sensitive military technology creates damage whose full cost is not easily quantifiable in monetary terms,” McAfee writes.

True, but as McAfee themselves point out, this supposed cybercrime explosion is really down at the level of shoplifting. Retailers generally budget between 0.5% and 2% for pilferage and other such “shrinkage”.

I also mention my previous critical comments about various infosec vendors’ dodgy statistics — but I don’t link to them, because they were mostly published at non-CBS mastheads. So here’s a selection of stories I’ve written on this subject over the last couple of years.

Continue reading “Do McAfee’s new cyberstats really represent a shift?”

I’ve just launched “Corrupted Nerds”, with many cybers

Corrupted Nerds: Conversations cover image: click for the first episodeLast night launched a new website and podcast, Corrupted Nerds, and the first episode is an interview with Eugene Kaspersky.

Yes, this is a “replacement” for the Patch Monday podcast I used to do for ZDNet Australia, but which was killed off in a budget cut at the beginning of 2013 — with my approval, by the way, because I agreed that from ZDNet Australia’s point of view the money would be better spent on a written column, The Full Tilt.

I won’t got into details about Corrupted Nerds, apart from saying that the subtitle is “information, power, security and all the cybers in a global internet revolution that’s changing… everything”, and to point to the introductory blog post for more details.

I’ve got four episodes in the pipeline, but no funding yet. So I’d be grateful if you could both spread the word and comment upon what I’m doing. I thank you.

Talking ASIO hack on BBC World Service

BBC World Service logoMonday night’s Four Corners episode claimed, amongst other thing, that Chinese hackers had stolen the plans to the new headquarters of the Australian Security and Intelligence Organisation (ASIO). It made global news, and as a result, I ended up being interviewed on the BBC World Service program World Have Your Say.

The 15-minute live panel discussion also included Four Corners journalist Andrew Fowler, one of the BBC’s journalists based in China, and a journalist from The New York Times.

I quite enjoyed the chat, but it also showed how new all this stuff is to a mainstream audience.

Here’s the audio of the full 30-minute program. It starts off with a discussion of the current situation in Syria, and then we start at about the 14-minute mark.

The audio is of course ©2013 British Broadcasting Corporation. The audio player is linked directly to the BBC’s copy of the MP3 file. If that ever breaks, let me know and I’ll post my copy.

Infosec at AusCERT 2013: the media coverage

AusCERT 2013 conference banner: click for conference websiteHere’s a list of the news stories I’ve found this morning that have been written about the AusCERT 2013 information security conference.

The theme for this year’s conference was “This time it’s personal”:

[The theme reflects] the growth in attacks and unauthorised disclosures of online personal information. Motivated by illicit financial gain, cyber criminals obtain unauthorised access to personal information, but more and more, we are seeing data disclosures being posted publicly by attackers for political motives, rather than financial gain.

Hence the theme will resonate within the information security community and remind us that the online environment provides opportunities galore to capture personal information; of the impact these breaches can have on the lives of individuals; and the importance of information security to prevent these attacks. AusCERT2013 will explore these issues and bring experts from Australia and around the world to provide insight and solutions to deal with these challenges.

Items are arranged alphabetically by masthead and then chronologically. If I’ve missed anything, please let me know. Indeed, I daresay that some more articles will be published on Monday or Tuesday, so if that happens I’ll update this post appropriately.

There’s a lot here for me to read, so if I’m going to write a reaction piece some time then it’ll be… later.

Continue reading “Infosec at AusCERT 2013: the media coverage”

AusCERT 2012 and the militarisation of cyberspace

AusCERT 2012 logo: click for conference websiteI didn’t make it to information security conference AusCERT 2013 this year. I’m about to read what’s been written and compile a list — but first, a reflection on what happened in 2012.

When I look back two years to what I wrote from AusCERT 2011, I’m reminded that we were just getting our head around the implications of the Stuxnet worm. Not only was malware being written by organised criminals, and we were facing an explosion of anti-banking malware and mobile malware, and looking ahead to when an angry child might deploy malware against their neighbours — we were now made well aware that malware was also being written by nation states with budgets in the millions of dollars and beyond.

But looking through the list (below) for AusCERT 2012, what jumps out is the emphasis on the militarisation of information security, as well as the emphasis in the scale of criminal activities. I won’t expand on that, because the conversation with AusCERT general manager Graham Ingram speaks for itself.

Articles from AusCERT 2012

Podcasts from AusCERT 2012

  • Patch Monday episode 139, “War talk dominates AusCERT 2012”, the first of two episodes based on material recorded at the information security conference. The overall theme is that infosec is becoming militarised. We no longer talk about “information assurance” but “defensive cyber operations”. Click through for the full list of speakers.
  • Patch Monday episode 140, “Cybercrime: it’s just too easy”, the second of two episodes based on material recorded at the AusCERT 2012 information security conference. AusCERT general manager Graham Ingram explains why cybercrime is here to stay, and F-Secure chief research officer Mikko Hypponen details a complex transnational criminal operation that saw goods bought fraudulently in Denmark being resold in Moscow, as well giving his views on hacktivism and the level to which antivirus companies should cooperate with governments.

Bonus Extra Video

After the conference, my flight back to Sydney was delayed. With the need to kill some time, this video was the result.

My compilation of reports from AusCERT 2013 will be posted later today. My compilation of reports from AusCERT 2013 is now online.