Tag: infosec

Posted on

Talking Stratfor hack and more on 1395 FIVEaa Adelaide

I was scheduled to talk about the year 2011 in technology on 1395 FIVEaa Adelaide this morning, but with the news that Malcolm Turnbull’s credit card details were exposed in the Stratfor hack that too was on the agenda.

The original plan was to cover the kinds of issues raised in my 2011 tech wrap for Crikey and the Patch Monday podcast episodes 2011: the year in security and 2011: IT’s year of consolidation.

We also covered computer support for the electoral roll and computerised voting, since Senator Cory Bernardi had raised the subject of people casting multiple votes and how only a handful of alleged cases had been prosecuted.

While I supported the idea of an online electoral roll, I spoke against online voting. I’ve written about that before at ABC’s The Drum, Electronic voting a threat to democracy.

The regular presenters were on holidays, so the host was William Goodings.

Podcast: Play in new window | Download (5.8MB)

The audio is ©2011 dmgRadio Australia, but here it is ‘cos it hasn’t been posted on the radio station’s website. Besides, this is a reasonable plug.

[Update 0910: Link added to article on electronic voting.]

Posted on

Weekly Wrap 81: Twitter, chaos and Christmas cheer

A weekly summary of what I’ve been doing elsewhere on the internets. Part of me wants to make a profound comment there but, you know, Christmas.

Podcasts

  • Patch Monday episode 119, “2011: IT’s year of consolidation”. A panel discussion with broadcaster, columnist and author Paul Wallbank and open source developer and strategist Jeff Waugh. This was the final episode for 2011. The next one will appear on Monday 9 January 2012.

Articles

Media Appearances

Corporate Largesse

  • On Monday night I enjoyed food and drinks at the Hilton Hotel Sydney’s Executive Lounge thanks to Dave Hall, who has membership.
  • On Tuesday night I had a little pizza and a rather large number of gin and tonics thanks to infosec firm Black Swan Consulting.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: The Western Distributor, Darling Harbour, photographed from the Parkroyal Darling Harbour.]

Posted on

Weekly Wrap 79: Rain, glitches and a cuckoo-dove

A weekly summary of what I’ve been doing elsewhere on the internets. I have no further explanations to add.

Podcasts

  • Patch Monday episode 117, “Is anonymity online your right?” A conversation with Scott Shipman, eBay’s global privacy leader, about online reputation and trust, data breach-notification laws, the behavioural targeting of advertising, eBay’s AdChoice technology for controlling that targeting, some of the clever things you can do by data mining eBay’s sales data, and how you might create the online equivalent of an untraceable cash transaction.

Articles

Media Appearances

  • I was a panellist on the Technology Spectator “webinar” [ugh!] “Board with security?”, which looked at why company directors need to understand information security a bit better and how they might go about it. The recording hasn’t been posted online yet, but I’ll put a link here when it is.
  • On Thursday night I was interviewed by ABC Radio News about a report by the Australian Government Competitive Neutrality Complaints Office, part of the Productivity Commission, into claims that the National Broadband Network’s grenfields fibre rollouts breached certain government policies. Exciting stuff. Sound bites were used on Friday’s morning’s AM program in a story headlined Government brushes off NBN criticisms.

Corporate Largesse

None. And I thought there’d be a bunch of corporate parties this week. But I spent most of the week at Wentworth Falls instead.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: A slender-billed cuckoo-dove, photographed at Bunjaree Cottages in the Blue Mountains. There’s a lot of bird life up here.]

Posted on

Not hacked, bugs

It turns out that my technical difficulties the other day were in all likelihood not the result of being hacked but an arsehat software incompatibility.

The short version is that the weirdnesses I experienced were caused by:

  • OS X Lion has known problems dealing with certain PDF files. It appears that the problematic PDF, produced by OpenOffice.org and then emailed via a Mailman mailing list, was one of them. Hence Apple Mail and sometimes Preview would crash when dealing with this PDF.
  • Norton Internet Security for Mac version 4 is only for OS X up to Snow Leopard. OS X Lion requires Norton Internet Security for Mac version 5. It’s a shame neither NIS nor Lion knew this.
  • Norton Internet Security probably hadn’t updated its virus definitions in the previous week because I was travelling a fair bit and was probably offline at the scheduled time.

I determined all this while I was running backups. It’s always sensible to make sure your backups are in order before doing any significant technical work.

I discovered that:

  • Copying the 400GB of Time Machine backups of my old MacBook Pro from one external USB drive (pocket sized) to another (bulkier, for archiving) using the Finder took more than 7 hours.
  • Creating the initial Time Machine backup of my new MacBook Pro on the pocket USB drive, some 220GB of data, took a little over three hours.
  • Encrypting that 640GB USB drive took 14.5 hours.

In hindsight, I suppose I should have checked software compatibility when transferring everything from the dead Snow Leopard machine to Lion, but then it did flag other stuff as incompatible so I assumed… yeah, I know.

Posted on

Live Blog: How pwned am I?

Uhoh. My MacBook Pro may have been hacked. I’ve already done a bit of troubleshooting, but this looks like it’s going to be A Thing, so I’ve decided to liveblog it. And here’s the liveblog.

The brief version is that Apple Mail crashed when it tried to open a particular email message dated 4 November, one containing a PDF file. Consistently. So I thought I’d do a virus scan on it.

That’s when Norton Internet Security reported that LiveUpdate was missing pieces, and I saw that it hadn’t checked for updates since… 4 November. Eek.

Now all the action would have happened on my battered old MacBook Pro running OS X 10.6 Snow Leopard. That computer finally died of motherboard failure on 11 November and I replaced it with a fresh OS X 10.7 Lion machine on 12 November.

However I did just transfer everything across using Apple’s migration tool, rather than freshly installing all the software and just copying the data, so… well… who knows what the hell is going on?

Deep in my heart I suspect that it was just bugginess and a dying computer, copied badly to a new computer. I hope.

If you want to follow or even help, the liveblog is over the jump.

[Update 11.20pm: Things may not be as bad as I thought. It turns out that Norton Internet Security for Mac version 4.x is only compatible for OS X up to version 10.6 Snow Leopard. There’s NIS version 5.x for OS X 10.7 Lion. It looks like it’s a straightforward software compatibility problem, and the lack of updates could be because I was travelling that week and the computer was offline when updates were scheduled. If this is all the case, I’m a bit disappointed that the software itself couldn’t figure this out.]

Continue reading “Live Blog: How pwned am I?”

Posted on

MOAR PANELZ: Board with Security?

I’m on yet another discussion panel this coming Thursday lunchtime: a Technology Spectator webinar [ugh!] called Board with Security?

We’ve had a whole bunch of security stories this year, but…

Research shows only 11 per cent of boards are presenting information security topics at each board meeting, and 40 per cent quarterly.

On the panel is Ernst & Young information security leader Mike Trovato; Black Swan Consulting Group director Keith Price, me, and I assume the moderator is Technology Spectator editor Charis Palmer.

It’s at midday Sydney time on Thursday 8 December, and you can register at GoToMeeting.