hacking – Page 30 – Stilgherrian

12 September 201112 September 2011

Weekly Wrap 66: Kuala Lumpur: haze, hackers, food aplenty

A weekly summary of what I’ve been doing elsewhere on the internets. Most of the week was spent in Kuala Lumpur, my first visit. I’ll write more about that anon.

Podcasts

Patch Monday episode 104, “Can security ever beat PEBKAC?”. A conversation with Paul Ducklin, head of technology for the Asia-Pacific region with Sophos, and Chris Gatford, proprietor of Hack Labs, a specialist in penetration testing.

Articles

Rogue Google certificate used by 300,000 Iranian IPs , CSO, 6 September 2011.
Kaspersky sets sights on corporate market, CSO, 8 September 2011.
MD5 password hashes are dead, CSO, 9 September 2011. A warning from Kaspersky Lab analyst Evgeny (“Eugene”) Aseev.

Further material from the Kaspersky Lab event is appearing from today.

Media Appearances

None.

Corporate Largesse

On Tuesday I had lunch at Ocean Restaurant, Cockle Bay Wharf, thanks to Check Point. There’s some material from the conversations there that will appear in the next few days.
On Tuesday night I travelled to Kuala Lumpur thanks to Kasperky Lab. Their largesse included flights and airport transfers; meals and accommodation at Le Meridien; an evening sightseeing trip to Putrajaya including dinner on a cruise boat; a Kaspersky-branded leather document case, rather nice actually; Kaspersky-branded USB-powered speakers; and a t-shirt. I declined the offer of an all-day sightseeing tour on Friday because I had work to do.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Kuala Lumpur skyline, shrouded in haze, photographed with my battered HTC Desire from the 14th floor of Le Meridien, KL Sentral. It’s like this pretty much all day, what with the Indonesians burning down the rainforests and all. The photo doesn’t do the scene justice. I have since obtained a decent camera.]

31 July 201131 July 2011

Talking LulzSec/Anonymous vs PayPal on TripleJ’s Hack

On Wednesday afternoon, LulzSec and Anonymous joined forces to encourage people to boycott PayPal by withdrawing their money and closing their accounts.

The back story is that PayPal has cut off WikiLeaks’ account, meaning that people could no longer donate money to WikiLeaks via PayPal. Anonymous launched distributed denial of service (DDoS) attacks against PayPal. Last week the FBI and others arrested people alleged to have been responsible for those attacks. So this week, the boycott of PayPal.

The joint statement by LulzSec and Anonymous makes for interesting reading. It describes DDoS attacks as “ethical, modern cyber operations”. Such things are actually a criminal act, despite what Anonymous may imagine the law to be. “Law enforcement continues to push its ridiculous rules upon us,” they write, when it’s not law enforcement who makes the laws, but governments.

The call for the boycott was unfolding as Triple J’s current affairs program Hack was going to air, and I phoned in a report. Here’s the audio.

Podcast: Play in new window | Download (1.7MB)

I found it interesting that presenter Tom Tilley responded to my comment that DDoS is a crime by saying “Yeah I imagine there’d be people with lots of different points of view about what they’re doing and whether it’s indeed lawful.”. Personally I reckon the law in this is pretty clear. Pandering to their audience?

24 July 201124 July 2011

Weekly Wrap 59: Making paragraphs while the rain pours

A weekly summary of what I’ve been doing elsewhere on the internets. While Sydney dealt with its wettest July since 1950, I was at the Bunjaree Cottages in Wentworth Falls, writing and writing and writing and writing. And talking on the radio.

“Make hay while the sun shines,” goes the old saying. But for a writer, it’s about making paragraphs while the rain pours. Being stuck indoors with a magnificent view really helps.

Podcasts

Patch Monday episode 97, “Amazon’s Vogels: cloud, start-ups, treadmills” My guest is Amazon’s chief technology officer, Dr Werner Vogels. A fascinating conversation, I found.

Articles

LulzSec hacks UK’s “The Sun”, News International, CSO, 19 July 2011.
LulzSec 1, Murdoch 0: News Int, the hacker, becomes the hacked, Crikey, 19 July 2011.
NEXTDC leases secure Canberra data centre, CSO, 19 July 2011.
Child exploitation material filters… same policy, different activities, Crikey, 20 July 2011. It’s perhaps not obvious from the headline, but this is about the “voluntary” blocking of child abuse material by Australian internet service providers.
Four lessons from LulzSec vs Murdoch, CSO, 20 July 2011. I argue that despite the hacking of The Sun having such a high profile, nothing will actually change.
Australia to consider right-to-privacy law, CSO, 21 July 2011.
Watchdogs welcome Australia’s right-to-privacy move , CSO, 21 July 2011.
Hackers target Tasmanian government website, CSO, 21 July 2011.
Guardian tech editor leaking information, claims LulzSec, CSO, 22 July 2011.
In IT’s dance of the inflating elephants, Microsoft is stumbling, Crikey, 22 July 2011.
DSD: Four mitigation strategies prevent 85% of intrusions, CSO, 23 July 2011.

Media Appearances

On Tuesday I spoke about LulzSec vs Murdoch on ABC 774 Melbourne.
On Wednesday I spoke with ABC Radio’s national lunchtime current affairs program The World Today about the FBI’s arrest allegedly Anonymous-connected hackers.
On Thursday I spoke with Louise Saunders on ABC 936 Hobart about the hack of a Tasmanian government web server.

Corporate Largesse

None. But there’ll be plenty next week. I’ll tell you more about that later this morning.

Elsewhere

[Photo: Potholes on Frenchmans Road, Wentworth Falls, photographed on 20 July 2011. This is a slightly modified version, here’s the original.]

22 July 2011

Talking Tasmanian goverment hack on ABC 936 Hobart

Yesterday the Tasmanian government was hit by a hacker.

Sp1d3r from the hacking crew S4t4n1c_s0uls got into a Debian Linux box and inserted his graphic into an email sent to state’s media.

I reported this for CSO Online.

S4t4n1c_s0uls has claimed responsibility for almost 100 website defacements this month, including sites in Brazil, Jamaica, China, India and the Philippines. Five Chinese government websites were hit, and one in the Philippines.

I spoke about the hack with Louise Saunders on ABC 936 Hobart, and here’s the audio.

Podcast: Play in new window | Download (1.9MB)

The audio is Â©2011 Australian Broadcasting Corporation, but it hasn’t been posted on their website so here it is. In return, I reckon you might choose to listen to Louise Saunders’ drive program some time soon.

20 July 2011

LulzSec vs Murdoch: the lessons, and what’s next?

LulzSec’s hack of The Sun and other UK websites belonging to Rupert Murdoch’s News International yesterday was one of the highest-profile infosec breaches in history. But will it mean anything beyond today’s news cycle? I suspect not.

(If you’re not up to speed on this, please read my initial summary for CSO Online or a shorter but fresher story for Crikey.)

As I thought about this overnight, and after chatting with Paul Ducklin from information security vendor Sophos, I came to the conclusion that despite all the media coverage yesterday nothing will change.

I wrote that up as an op-ed for CSO Online, Four lessons from LulzSec vs Murdoch.

We’ve seen hack after hack after hack, but civilisation has stubbornly refused to crumble. We’ve cried wolf a few hundred times too often. We’re experiencing what Paul Ducklin from Sophos calls “hack fatigue”.

We only hear about successful hacks, from LulzSec or anyone else, Ducklin told CSO Online. “They can crow about every time they have a success,” he said, “but you never hear about the sites they never broke into.”

And the idea that LulzSEc’s high-profile hacks will suddenly focus attention on organisation’s information security vulnerabilities? Bah. We’ve been flooded with media reports of high-profile hacks for the last few years, from NATO to Paris Hilton, Google to prime minister Gillard.

After all those stories we held urgent meetings, changed our ways, and put infosec at the top of the business agenda, right?

Yeah right.

So now what? I’ll put my money on LulzSec being forgotten until their next high-profile attack, or their arrest.

[Picture: Early this morning Australian time, LulzSec tweeted: “The Sun taken care of… now what about the moon…”, linking to that image (source unknown). Is it a hint? Or a meaningless distraction?]

20 July 201120 July 2011

Talking hacker arrests on ABC’s “The World Today”

While I was busy writing an op-ed on the LulzSec vs Murdoch saga this morning — and I’ll post more about that momentarily — I got a phone call from ABC Radio’s lunchtime current affairs program The World Today to comment on the FBI’s arrest of alleged Anonymous-connected hackers overnight.

The story is TransAtlantic arrests target hackers, and if you click through you’ll get both transcript and audio. You’ll hear me, as well as Patrick Gray, presenter of the Risky Business podcast on information security. The reporter is Sarah Dingle.

I’d be interested to know what you think of these arrests.

Patrick reckons they arrested nobodies.

This current batch of arrests will “bring to justice” a bunch of people who made no attempt to conceal their actions because they’re either technically useless or just didn’t care.

They’re “low hanging anons”.

But that won’t stop the mainstream media from portraying this as the establishment striking back at online troublemakers.

I reckon that while that may or may not be true, the computers the FBI has just seized will be handy evidence when it comes to tracking down other culprits. After all, their operational security has hardly been world class.