Weekly Wrap 133: Instagram, infosec and random nativity

Suburban Nativity: click to embiggenMonday 17 to Sunday 23 December 2012 was a week filled with plenty of work, plenty of stress and a small amount of exhaustion.

The media outputs are listed below, as usual. Towards the end of the week the long series of 5am and earlier starts was beginning to catch up with me, and on Thursday I accidentally slept in until lunchtime — and that was truly wonderful.

I decided to continue that level of sloth on the weekend. Well, apart from today, obviously. As mentioned below, there’s still quite a bit left to do before I can finally break for Christmas.

Also this week I dropped and broke my Samsung Galaxy S III, necessitating an urgent replacement. While doing that I discovered some gotchas with migrating data to a new phone, and I’ll write about that after Christmas.

Podcasts

  • Patch Monday episode 168, “2012 infosec review: Focus on crime, not cyberwar”. The second of our two year-end conversations. The panelists are Paul Ducklin, Sophos’ head of technology for Asia Pacific; Chris Gatford, director of penetration testing firm HackLabs; Jon Callas, chief technology officer at Entrust, and now also of secure messaging provider Silent Circle; and Stephen Wilson, managing director of Lockstep Group, which provides advice and analysis on digital identity and privacy technologies.

Articles

Media Appearances

Corporate Largesse

  • On Wednesday I had a very pleasant lunch indeed at Bistrode at the Hotel CBD in Sydney with a couple of chaps from Trend Micro. Needless to say, it was on their tab.

The Week Ahead

There’s tonight and one working day left before Christmas. In that time I have to produce a Patch Monday podcast, my end-of-year story for Crikey, and a follow-up to Friday’s story for CSO Online. I’ll be busy for the next 24 hours, though for all those things I’ve already got a plan in mind so they should be straightforward.

But then Tuesday is Christmas Day, and from then through to the end of the week I have precisely nothing planned. Sure, there’s a few little work-related things that’ll need to be polished off, but there are no pressing commitments. This pleases me immensely.

[Photo: Suburban Nativity, photographed on Stony Creek Road in Beverly Hills, Sydney, on 15 December 2012. The householders must do this every year, because the same nativity scene is visible in Google Street View imagery from December 2009.]

Weekly Wrap 80: Dropping bombs, dropping Es

A weekly summary of what I’ve been doing elsewhere on the internets — which wasn’t a lot because the sloth and the holiday season have started to take their toll. That’s also why this is being posted so late. Cope.

Podcasts

  • Patch Monday episode 118, “2011: the year in security”. A panel discussion with Chris Gatford, director of penetration testing firm HackLabs; Paul Ducklin, Sophos’ head of technology for Asia Pacific; Stephen Wilson, managing director of Lockstep Group, who provides advice and analysis on digital identity and privacy technologies; and Jon Callas, chief technology officer at Entrust.
  • The 9pm Edict episode 15, which includes my claim that Senator Stephen Conroy deliberately dropped the f-bomb earlier in the week.

Articles

  • Time to drop the ‘e’, Technology Spectator, 13 December 2011. Lovely headline, but the article is actually about the language we use to describe technology.

Media Appearances

None.

Corporate Largesse

  • On Tuesday, MobileIron paid for lunch at Silverbean on Enmore Road.
  • On Friday, Symantec paid for lunch at Sake Restaurant, The Rocks.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: A View from Hilton Hotel, Sydney, in particular the view onto George Street from the Executive Lounge. This photo was actually taken last night, 19 December, not in the “correct” week. But I know you won’t mind.]

Weekly Wrap 66: Kuala Lumpur: haze, hackers, food aplenty

A weekly summary of what I’ve been doing elsewhere on the internets. Most of the week was spent in Kuala Lumpur, my first visit. I’ll write more about that anon.

Podcasts

  • Patch Monday episode 104, “Can security ever beat PEBKAC?”. A conversation with Paul Ducklin, head of technology for the Asia-Pacific region with Sophos, and Chris Gatford, proprietor of Hack Labs, a specialist in penetration testing.

Articles

Further material from the Kaspersky Lab event is appearing from today.

Media Appearances

None.

Corporate Largesse

  • On Tuesday I had lunch at Ocean Restaurant, Cockle Bay Wharf, thanks to Check Point. There’s some material from the conversations there that will appear in the next few days.
  • On Tuesday night I travelled to Kuala Lumpur thanks to Kasperky Lab. Their largesse included flights and airport transfers; meals and accommodation at Le Meridien; an evening sightseeing trip to Putrajaya including dinner on a cruise boat; a Kaspersky-branded leather document case, rather nice actually; Kaspersky-branded USB-powered speakers; and a t-shirt. I declined the offer of an all-day sightseeing tour on Friday because I had work to do.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Kuala Lumpur skyline, shrouded in haze, photographed with my battered HTC Desire from the 14th floor of Le Meridien, KL Sentral. It’s like this pretty much all day, what with the Indonesians burning down the rainforests and all. The photo doesn’t do the scene justice. I have since obtained a decent camera.]

LinkedIn’s inadequate response to privacy stupidity

LinkedIn has responded to criticism over their opting-in of everyone to their “social advertising” program with a self-serving blog post. I’m less than impressed.

I wrote two articles yesterday. For Crikey, Sorry too hard a word for LinkedIn over privacy faux pas, in which I describe LinkedIn’s response as bullshit. And for CSO Online, Five lessons from LinkedIn’s opt-out stupidity, which reminds people to keep an eye on social networking services for unannounced changes to the rules of engagement.

Paul Ducklin from security vendor Sophos gives them an easier time, praising them for a quick response. He’s nicer than I am.

In the cold, clear light of Saturday morning, what depresses me most about this whole episode is not that a supposedly-professional service would pull a trick like this and, when caught out, just smear PR bull over the top. It’s that they’ll probably get away with it, and imagine they handled it well.

Continue reading “LinkedIn’s inadequate response to privacy stupidity”

LulzSec vs Murdoch: the lessons, and what’s next?

LulzSec’s hack of The Sun and other UK websites belonging to Rupert Murdoch’s News International yesterday was one of the highest-profile infosec breaches in history. But will it mean anything beyond today’s news cycle? I suspect not.

(If you’re not up to speed on this, please read my initial summary for CSO Online or a shorter but fresher story for Crikey.)

As I thought about this overnight, and after chatting with Paul Ducklin from information security vendor Sophos, I came to the conclusion that despite all the media coverage yesterday nothing will change.

I wrote that up as an op-ed for CSO Online, Four lessons from LulzSec vs Murdoch.

We’ve seen hack after hack after hack, but civilisation has stubbornly refused to crumble. We’ve cried wolf a few hundred times too often. We’re experiencing what Paul Ducklin from Sophos calls “hack fatigue”.

We only hear about successful hacks, from LulzSec or anyone else, Ducklin told CSO Online. “They can crow about every time they have a success,” he said, “but you never hear about the sites they never broke into.”

And the idea that LulzSEc’s high-profile hacks will suddenly focus attention on organisation’s information security vulnerabilities? Bah. We’ve been flooded with media reports of high-profile hacks for the last few years, from NATO to Paris Hilton, Google to prime minister Gillard.

After all those stories we held urgent meetings, changed our ways, and put infosec at the top of the business agenda, right?

Yeah right.

So now what? I’ll put my money on LulzSec being forgotten until their next high-profile attack, or their arrest.

[Picture: Early this morning Australian time, LulzSec tweeted: “The Sun taken care of… now what about the moon…”, linking to that image (source unknown). Is it a hint? Or a meaningless distraction?]