sophos – Stilgherrian

09 September 2018

Weekly Wrap 432: More cybers, with a little Cronulla

I don’t know what to make of my week from Monday 3 to Sunday 9 September 2018. It felt like I was quite busy, but there isn’t as much visible output to show for it. Oh well.

Articles

Five Eyes governments get even tougher on encryption, ZDNet Australia, 3 September 2018.
Crims not spooks dominate cybersecurity threats: Sophos CEO, ZDNet Australia, 7 September 2018. Ransomware, the volume of customised malware, and its commercialisation are the biggest factors affecting cybersecurity today, says Kris Hagerman. Nation-state actors less so, at least for most organisations.

I wrote a third piece for ZDNet that should appear on Monday.

Podcasts, Media Appearances, Corporate Largesse

None. I am very embarrassed not to have done the podcast on Wednesday as promised. I did make the journey to Cronulla the recording session, as foreshadowed last week, but it turned out that I wasn’t quite recovered from illness, and needed to rest. But see below.

The Week Ahead

It’s a Sydney-centric week. I’ll head down the hill on Monday morning for least one meeting that afternoon.

On Tuesday and Wednesday I’m covering the AI & Machine Learning Summit. Thursday and Friday will be therefore about writing.

Further Ahead

The next episode of The 9pm Edict will now be recorded on Tuesday 18 September at 2100 AEST, because that week looks less hectic. Listen on the livestream or on Spreaker apps, or listen later on the usual feeds.

Beyond that:

Flying Sydney to Adelaide in a Vans RV-6 light aircraft registration VH-SOL piloted by Mark Newton, on Friday 28 or Saturday 29 September. I’ll record things for a podcast en route.
FireEye Cyber Defense Summit, Washington DC, 1â€“5 October.
Australian Cyber Conference, formerly the Australian Information Security Association (AISA) National Conference, Melbourne, 9â€“11 October.
The Sibos global financial services conference, Sydney, 22â€“25 October.
International Association of Privacy Professionals ANZ (iappANZ) Annual Summit, Privacy: Handling the Seismic Shift, Melbourne, 1 November. (TBC)

[Photo: The Right to Strike. Trade union members leading a protest march through Pitt Street, Sydney on 6 September 2018. It was a big event, with the column stretching for maybe two kilometres, yet it received little media coverage. As for this photo, I wish I’d had a wider angle lens and been able to bet in closer.]

06 July 201417 August 2014

Weekly Wrap 213

[This post was actually written on 17 August 2014, but I’ve dated it 6 July 2014 so it appears in the archives in the correct sequence. This post is part of an attempt to clear the backlog of routine posts, hence the lack of photo, detail and finesse. â€” Stilgherrian.]

My week of Monday 30 June to Sunday 6 July 2014 was, finally, an extremely busy one, as you can see from this basic listing.

Articles

Do the Privacy Commissioner’s teeth have any bite?, ZDNet Australia, 30 June 2014.
Facebook manipulation yet more evidence of Silicon Valley’s contempt, Crikey, 30 June 2014.
Ancient vulnerabilities are geddon in the way of security, ZDNet Australia, 3 July 2014.
Twitter becoming the latest instrument of terrorism, Crikey, 4 July 2014.

Media Appearances

On Monday I spoke about Todd Carney’s bubbling and other internet stunts and fads on ABC 666 Canberra.
On Tuesday I spoke about various tech issues with Dom Knight on ABC Local Radio around NSW.
On Thursday I spoke about wi-fi security and the need to keep personal data more secure than credit cards on ABC News24. A recording will be posted in due course.
Also on Thursday, I spoke about robot news on ABC Radio National Drive.

5at5

5at5 number 71, 30 June 2013.
5at5 number 72, 1 July 2013.
5at5 number 73, 4 July 2013.

Why don’t you subscribe to 5at5?

Corporate Largesse

On Wednesday I went to Sophos’ World of Warbiking Breakfast, during which we were fed a lovely meal at Aqua Dining at Milsons Point in Sydney. We also received Sophos-branded cycling smartphone holder, water bottle, notebook and pen.
Also on Wednesday, I went to Amazon Web Services’ media briefing, “Exporting Australian IP to the World”, which took place over an excellent lunch at Gowings Bar and Grill and Sydney’s QT Hotel.
And again on Wednesday, I had a long meeting over coffee with someone from the Association for Data-driven Marketing and Advertising (ADMA), and of course they paid for the coffees.

26 September 201130 September 2011

Weekly Wrap 68: Bad shoulder, with inquisitive rosellas

A weekly summary of what I’ve been doing elsewhere on the internets. Last week was relatively unproductive thanks to continuing pain from my shoulder and continuing gut irritation from nasty anibiotics, about which I may write something later.

Once more I’m posting this on Monday rather than Sunday. Oops. I don’t suppose the world will end. Well, not because of this anyway.

Podcasts

Patch Monday episode 106, “Fighting malware at SophosLabs”. A conversation with Mark Harris, the head of SophosLabs globally, and Sean McDonald, who manages the lab in North Sydney.

Articles

Trends on Twitter brief but telling, just like in the real world, Sydney Morning Herald, 19 September 2011, my first article for Fairfax.
NBN retail pricing neither a bargain nor an extravagance, Crikey, 20 September 2011.
Hey Facebook, we want to share, but this is ridiculous, Crikey, 23 September 2011.

Media Appearances

On Monday I spoke with ABC 666 Canberra about Twitter, covering material from the Sydney Morning Herald piece. I’m not sure whether I recorded, but this time the ABC posted the audio themselves.
On Friday I spoke with ABC 774 Melbourne and ABC 666 Canberra about the Facebook changes.

Corporate Largesse

None.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Rosellas at Rosella Cottage, one of the Bunjaree Cottages at Wentworth Falls in the Blue Mountains where I’ve been staying off and on this year.]

12 September 201112 September 2011

Weekly Wrap 66: Kuala Lumpur: haze, hackers, food aplenty

A weekly summary of what I’ve been doing elsewhere on the internets. Most of the week was spent in Kuala Lumpur, my first visit. I’ll write more about that anon.

Podcasts

Patch Monday episode 104, “Can security ever beat PEBKAC?”. A conversation with Paul Ducklin, head of technology for the Asia-Pacific region with Sophos, and Chris Gatford, proprietor of Hack Labs, a specialist in penetration testing.

Articles

Rogue Google certificate used by 300,000 Iranian IPs , CSO, 6 September 2011.
Kaspersky sets sights on corporate market, CSO, 8 September 2011.
MD5 password hashes are dead, CSO, 9 September 2011. A warning from Kaspersky Lab analyst Evgeny (“Eugene”) Aseev.

Further material from the Kaspersky Lab event is appearing from today.

Media Appearances

None.

Corporate Largesse

On Tuesday I had lunch at Ocean Restaurant, Cockle Bay Wharf, thanks to Check Point. There’s some material from the conversations there that will appear in the next few days.
On Tuesday night I travelled to Kuala Lumpur thanks to Kasperky Lab. Their largesse included flights and airport transfers; meals and accommodation at Le Meridien; an evening sightseeing trip to Putrajaya including dinner on a cruise boat; a Kaspersky-branded leather document case, rather nice actually; Kaspersky-branded USB-powered speakers; and a t-shirt. I declined the offer of an all-day sightseeing tour on Friday because I had work to do.

Elsewhere

[Photo: Kuala Lumpur skyline, shrouded in haze, photographed with my battered HTC Desire from the 14th floor of Le Meridien, KL Sentral. It’s like this pretty much all day, what with the Indonesians burning down the rainforests and all. The photo doesn’t do the scene justice. I have since obtained a decent camera.]

20 July 2011

LulzSec vs Murdoch: the lessons, and what’s next?

LulzSec’s hack of The Sun and other UK websites belonging to Rupert Murdoch’s News International yesterday was one of the highest-profile infosec breaches in history. But will it mean anything beyond today’s news cycle? I suspect not.

(If you’re not up to speed on this, please read my initial summary for CSO Online or a shorter but fresher story for Crikey.)

As I thought about this overnight, and after chatting with Paul Ducklin from information security vendor Sophos, I came to the conclusion that despite all the media coverage yesterday nothing will change.

I wrote that up as an op-ed for CSO Online, Four lessons from LulzSec vs Murdoch.

We’ve seen hack after hack after hack, but civilisation has stubbornly refused to crumble. We’ve cried wolf a few hundred times too often. We’re experiencing what Paul Ducklin from Sophos calls “hack fatigue”.

We only hear about successful hacks, from LulzSec or anyone else, Ducklin told CSO Online. “They can crow about every time they have a success,” he said, “but you never hear about the sites they never broke into.”

And the idea that LulzSEc’s high-profile hacks will suddenly focus attention on organisation’s information security vulnerabilities? Bah. We’ve been flooded with media reports of high-profile hacks for the last few years, from NATO to Paris Hilton, Google to prime minister Gillard.

After all those stories we held urgent meetings, changed our ways, and put infosec at the top of the business agenda, right?

Yeah right.

So now what? I’ll put my money on LulzSec being forgotten until their next high-profile attack, or their arrest.

[Picture: Early this morning Australian time, LulzSec tweeted: “The Sun taken care of… now what about the moon…”, linking to that image (source unknown). Is it a hint? Or a meaningless distraction?]

17 May 2010

Patch Monday: Is Facebook the Antichrist of privacy?

Has Facebook gone too far? Is it out of control? Another change to its privacy settings and a new 5800-word privacy policy have triggered concerns by US authorities and European privacy organisations. In Sydney the death of 18-year-old Nona Belomesoff has been dubbed another “Facebook murder”. Is regulation needed?

In this week’s Patch Monday podcast, I cover Facebook privacy from two angles.

First, security and the risk to you and your employer. Paul Ducklin is Sophos’ head of technology for Asia Pacific. His research shows that half the time people will befriend anyone who asks — exposing all their personal details to strangers. Criminals wanting to steal your identity or probe your business have it easy.

Second, the policy implications. David Vaile, who heads up the Cyberspace Law and Policy Centre at the University of New South Wales thinks Facebook’s privacy model is “dangerous”. He foresees a time when personal information is considered as valuable and vulnerable as financial information — and any IT systems that hold that information will need network security as strong as the banks.

You can listen below. But it’s probably better for my stats if you listen at ZDNet Australia or subscribe to the RSS feed or subscribe in iTunes.

Please let me know what you think. Comments below. We accept audio comments too. Either Skype to stilgherrian or phone Sydney +61 2 8011 3733.