hacking – Page 27 – Stilgherrian

21 May 201203 June 2012

Weekly Wrap 102: Infosec and interference

My week from Monday 14 to Sunday 20 May 2012 was mostly about the AusCERT information security conference and a blur of returning pain thanks to my dodgy shoulder.

As I finish compiling this post, I’ve still got lots of AusCERT material to produce and Monday looks like being intense. So let’s just list everything and see what happens.

Podcasts

Patch Monday episode 138, “Anonymous ‘crippled’: where to for hacktivism?”. Following last week’s conversation with Israeli information security researcher Tal Be’ery about hacktivists’ tactics, I spoke with former journalist and commentator Barrett Brown, who has worked with Anonymous for about a year and a half. He discusses Anonymous’ position in the wake of revelations that Sabu, a core member and informal leader of the offshoot hacking group LulzSec, had become an FBI informant.

Articles

These are just the first two articles from my AusCERT coverage. More will follow.

AusCERT 2012: Russian crims evade transaction profiling, ZDNet Australia, 17 May 2012.
AusCERT 2012: DNS poisoning the ‘thin end of a wedge’, ZDNet Australia, 17 May 2012.

Videos

5 Conference Tips for PR Professionals, an impromptu video message from Gold Coast airport.

Media Appearances

On Monday I spoke about Facebook charging for highlighted posts and the company’s stock market float on ABC 702 Sydney.
On Tuesday I spoke with journalism student Tom Davey about various attempts to regulate the internet. Here’s his resulting radio report.
On Friday night I spoke about AusCERT, cybercrime, cyberwar and claims that Apple is behind the pace on ABC Local Radio.
On Sunday afteroon I spoke about the surveillance society at the Sydney Writers’ Festival. Here’s the audio recording.
On Sunday night I spoke about using Twitter to generate ideas with James O’Loughlin on ABC Local Radio. Here’s the audio recording.

Corporate Largesse

AusCERT 2012 conference organisers and sponsors paid for various meals and drinks, but I didn’t keep track of that. While that means I can’t disclose who paid, it also means I can’t be influenced because I can’t remember who’s meant to be doing the influencing. Complete market failure, that.

The Week Ahead

There’s a couple of days of intense writing and production ahead. At the very least there’s two or three articles about AusCERT 2012 and the Patch Monday podcast. Then there’s a piece to do for CSO Online, and one for Technology Spectator.

I should be returning to Wentworth Falls this evening, but I plan to be back on Wednesday night to go to a paintball session with Eugene Kaspersky and other journalists. That could be weird. And I’ll probably be in Sydney again at the end of the week, but that hasn’t been planned out yet.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up) and via Instagram. The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Airbus A320-232 VH-VGY at Gold Coast airport, the aircraft I traveled in on Saturday. Check out the complete history of VH-VGY at FlightAware.]

[Update 26 May 2012: Links added to last weekend’s audio recordings, added earlier today as separate blog posts. Update 3 June 2012: Link added to Tom Davey’s radio report.]

19 May 2012

Talking AusCERT 2012 and cyberwar on ABC Local Radio

My full output from the AusCERT 2012 information security conference has yet to appear. Stand by. But last night I did a half-hour conference wrap with Dom Knight on ABC Local Radio.

We spoke about the conference atmosphere itself, cybercrime, cyberwar, the risk of Cybergeddon (yes, I know), and the claim by Eugene Kaspersky that Apple is ten years behind Microsoft when it comes to security.

Not that Mr Kaspersky would ever, like, troll the entire planet.

Podcast: Play in new window | Download (15.5MB)

What we didn’t talk about, really, was the two stories that have been published so far:

Russian crims evade transaction profiling, which details a trans-national organised crime operation profiled by Mikko Hypponen.
DNS poisoning the thin end of a wedge’, in which domain name system pioneer Dr Paul Vixie supports my argument that fiddling with the internet’s fundamental navigation systems probably isn’t such a great idea.

15 May 201216 May 2012

AusCERT 2012: What’s changed since 2011?

I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.

Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:

AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?

The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?

And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.

I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?

[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]

13 May 2012

Weekly Wrap 101: Codeine and counter-surveillance

My week from Monday 7 to Sunday 13 May 2012 was less productive than it might have been thanks to my shoulder being “out” for a few days, resulting in severe pain. No, I don’t mean I have a gay shoulder. I mean that a rib wasn’t seated properly.

The shoulder was repaired on Wednesday and is now slowly getting better, thank you. But despite the pain and the codeine haze, I did get a little work done.

Podcasts

Patch Monday episode 137, “Removing the anonymity from Anonymous”. A conversation about the tactics of Anonymous, LulzSec and other hacktivists with Israeli information security researcher Tal Be’ery, web security research team leader at Imperva’s Application Defense Center (ADC), where he leads efforts to capture and analyse hacking data.

Articles

IT: the opportunities, some lost, from a low-tech budget, Crikey, 9 May 2012.

Media Appearances

On Friday I spoke at the inaugural Saasu Cloud Conference, with a presentation entitled Security and the Cloud: Hype versus Reality.

Corporate Largesse

None.

The Week Ahead

The current plan? A day of writing at Wentworth Falls on Monday. A day of travelling on Tuesday, taking the train to Sydney and then flying to the Gold Coast. Once there I’ll be covering the AusCERT 2012 information security conference for ZDNet Australia, flying back to Sydney on Saturday afternoon.

On Sunday afternoon I’m speaking about the total surveillance society at the Sydney Writers Festival.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Fuckin' art, innit, taken at the Hotel InterContinental, Sydney, on Saturday 12 May 2012.]

06 May 2012

Weekly Wrap 100: Delay, disease and cold, clear nights

My week from Monday 30 April to Sunday 6 May 2012 also covered the entire continent, because a cancelled flight kept me in Perth through until Monday evening.

I won’t go into the cancelled flight in detail just now. Either you saw it unfold via my Twitter feed or you didn’t. Not everything has to be recorded everywhere forever.

I got back to Wentworth Falls late on Tuesday and went to bed — and didn’t emerge until Friday, thanks to a nasty cold I seem to have picked up along the way.

Podcasts

Patch Monday episode 136, “Blackhole crimeware as a service here to stay”. A discussion of the evolution of the Blackhole malware toolkit and other trends highlighted in the latest AVG Community Powered Threat Report (PDF) with Michael McKinnon, security advisor for AVG Australia and New Zealand, and Rob Collins, senior sales engineer for Asia-Pacific with WatchGuard.

Articles

Street View Wi-Fi: is it Google’s News of the World moment?, Crikey, 30 April 2012.
Facebook is profitable, but $86 billion is still speculation, Crikey, 4 May 2012.
Anonymous hacktivists prefer penetration, but choose targets of opportunity, CSO Online, 4 May 2012.

Media Appearances

On Wednesday I spoke about the risks of unsecured Wi-Fi on Adelaide radio 1395 FIVEaa.

Corporate Largesse

None.

The Week Ahead

The current plan is that I’ll be in Wentworth Falls until Thursday morning, writing a whole bunch of stuff and, with luck, getting rid of this cold. I’ll head to Sydney some time on Thursday, and then present a keynote on security at Friday’s Saasu Cloud Conference.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags. Yes, I should probably update this stock paragraph to match the current reality.

[Photo: Waratah Cottage via Instagram. Waratah Cottage is one of the Bunjaree Cottages, where I’ve spent maybe three-fifths of my time over the past year. It’s not the building I usually stay in, but it’s likely that I’ll be here until Thursday.]

11 March 201226 May 2012

Talking hacking and irrational actors in Redfern

The Recordkeeping Roundtable panel “Freedom of Information?” held on 29 February was recorded, and here’s the audio.

The promo, as I told you earlier said:

In a connected world where information sharing is easier and has more impact than ever before, is the current framework of FOI, information security, privacy and archives laws and practices delivering the information society needs in a timely and appropriate way? This panel discussion will be about:

assessing the effectiveness of current information access and security laws and methods — are they hopelessly broken?

the culture of secrecy and withholding by government agencies

how technology and activism offer those with the skills and motivation some alternative and very powerful ways to access and reveal information, and

what can be done to address the current state of things and move to better ways of making information available when and where it’s needed.

I was the first speaker, talking about the new, disorderly ways of liberating information, using the Anonymous crack of Stratfor as an example. Since then, though, we’ve discovered that the whole thing might have been an FBI sting operation against WikiLeaks!

Recordkeeping Roundtable has posted the audio of the entire event: opening remarks by moderator Cassie Findlay; me; the speech by former diplomat Dr Philip Dorling, who now leads the journalistic pack in FOI stuff; the speech by Tim Robinson, Manager, Archives and Records Management Services at the University of Sydney; and the question and answer session.

Here, though, is a tweaked and slightly less bandwidth-hungry version of my speech.

Podcast: Play in new window | Download (Duration: 17:38 — 7.5MB)

[The original audio recording by Cassie Findlay was sampled at 44.1kHz. This version has the audio levels compressed and normalised, and re-sampled to 22.050kHz. It’s posted here under a Creative Commons BY-SA license.]

[Update 26 May 2012: A transcript of what I said is now available.]