Stilgherrian (@stilgherrian)

Wentworth Falls NSW AU

The below is an off-site archive of all tweets posted by @stilgherrian ever

November 13th, 2014

AND WHAT IF HE COMES BY MOTORCADE ONE WAY AND GOES BY BOAT THE OTHER WAY WOW A PRESIDENT THAT DOES TWO DIFFERENT THINGS HE IS LIKE A GOD.

via Janetter for Mac

I WONDER WHAT COLOUR SOCKS PRESIDENT OBAMA WILL BE WEARING WILL IT BE THE SAME COLOUR SOCKS AS ME OMFG WHAT IF IT IS I’D TOTALLY FREAK OUT.

via Janetter for Mac

“It has not been confirmed whether Mr Obama will arrive at the Uni of Queensland by helicopter, motorcade or by boat on the Brisbane River.”

via Janetter for Mac

You fucking yokels.

via Janetter for Mac

“Of all of the world leaders’ planes, these are absolutely the stars, they are state of the art … blinged out with really iconic livery.”

via Janetter for Mac

Here’s one. “OMFG tilt-rotors blow dust everywhere that’s amazing we provincials haven’t see it before.” Oh grow up. abc.net.au/news/2014-11-1…

via Janetter for Mac

Oh and the G20 is tomorrow, right? Brace yourself for more slack-jawed wonderment as the media gasps at the powerful people.

via Janetter for Mac

I am seriously getting over this screechy historically-ignorant panic-merchant bullshit that’s peddled as “news” these days.

via Janetter for Mac

“Russian fleet”? Oh get a fucking grip, people. It’s barely a flotilla.

via Janetter for Mac

Translated out of cyber-bullshit, “Nation tries to find out what questions it might be asked in international forum.” Not exactly weird.

via Janetter for Mac

“We cannot tell you for reasons about not being able to tell you.”

via Janetter for Mac

“Mr Alperovitch said he could not name the media organisations targeted because of confidentiality reasons,” which is a logical fallacy.

via Janetter for Mac

“Chinese hackers ‘breach Australian media organisations’ ahead of G20”, reports @abcnews in a curiously timed report. abc.net.au/news/2014-11-1…

via Janetter for Mac

@SnarkyPlatypus Yeah. I’d intended to catch the 2018 or 2118 back up the hill, but people. I blame @expectproblems, obviously.

via Janetter for Mac in reply to SnarkyPlatypus

@gcluley sings The AntiVirus Industry Song”, a video by @juhasaarinen et moi. youtube.com/watch?v=75amj-…

via Janetter for Mac

@SnarkyPlatypus Yes. I arrive at Wentworth Falls at 0107, and must catch the 0706 back in the morning.

via Plume for Android in reply to SnarkyPlatypus

@SnarkyPlatypus @expectproblems Until just a few minutes ago. Now I am preparing to catch the 2318 Lithgow service.

via Plume for Android in reply to SnarkyPlatypus

No, this won’t end well.

via Plume for Android

Shut up. I know what time it is. instagram.com/p/vVn-FGCFue/

via Instagram

Wow, @MarkDiStef, that is the best headline I’ve seen all day. Bravo. buzzfeed.com/markdistefano/…

via Janetter for Mac

BuzzFeedOz We Talk To The Koala That’s Hugged Both Joe Hockey And Kim Kardashian buzzfeed.com/markdistefano/… via @MarkDiStef pic.twitter.com/y1VmrYIefb

via TweetDeck (retweeted on 6:38 PM, Nov 13th, 2014 via Janetter for Mac)

@oberonsghost Excellent. It would seem that @expectproblems will be here too.

via Janetter for Mac in reply to oberonsghost

@oberonsghost Well, I am the place with a corner for a couple hours, if that helps your helps.

via Janetter for Mac in reply to oberonsghost

@expectproblems That’s a different verb. How does that relate to my verb?

via Janetter for Mac in reply to expectproblems

Apparently no-one wants a drink.

via Janetter for Mac

joshgnosis Catch of the Day emailed asking if we do gift guides. I replied asking to explain why they waited 3 years to disclose a data breach. Silence

via TweetDeck (retweeted on 5:49 PM, Nov 13th, 2014 via Janetter for Mac)

It seems there’s still a few spots left at the iappANz Summit “Privacy@Play” in Sydney this coming Monday. iappanz.org/IAPP/Events/Su…

via Janetter for Mac

At the place with the corner, but not in the corner.

via Janetter for Mac

Departing the conference, because the attendees will be heading to their dinner soon. I must eat more quickly and then head up the hill.

via Plume for Android

In response to a question, it’s not definitively Russia. Could be Ukraine, Could be someone trying for them as a cover.

via Janetter for Mac

It’s pretty clear this was Russia. One target was a Turkish company that manages oil/gas pipes from Iran etc.

via Janetter for Mac

Siedlarz : Dragonfly is currently dormant, no new email traffic. It was well resources, “likely to be state-sponsored”.

via Janetter for Mac

My crypto knowledge is rather shoddy. That’s the one thing I keep learning at these events.

via Janetter for Mac

Baltazar is now running through the hints they use to ease the brute-force decryption of the 3DES private key.

via Janetter for Mac

I missed how that was then encrypted on the C&C server.

via Janetter for Mac

Exfiltration then does XOR with key ’1312312’ then BZip2 again. That file is then sent to the C&C server with a unique ID.

via Janetter for Mac

Data encrypted on target for exfiltration: Base64 > XML > BZip2 > 3DES with dynamically generated keys.

via Janetter for Mac

I will not be so insane as to try to tweet an architectural description of the malware.

via Janetter for Mac

Symantrec’s Jonell Baltazar takes over to discuss the Dragonfly malware internals. Lightsout / Backdoor.Oldrea / Trojan.Karagany!gen1/

via Janetter for Mac

Bad guys’ OPSEC failures allowed the researchers to get the stolen files and decrypt them.

via Janetter for Mac

Some of the work was done on Saturdays. Note that Russian govt often works Tue-Sat, not Mon-Fri. [Curious coincidence.]

via Janetter for Mac

Compilation timestamps fall into standard working day, suggests professional developers. Timezone UTC+4 matches Moscow and Seychelles.

via Janetter for Mac

Symantec got access to the C&C server through a request to the hosting provider.

via Janetter for Mac

Command and control servers were placed on compromised WordPress and Joomla sites, majority hosted in US, then Germany, then others.

via Janetter for Mac

The trojanised versions of software updates were being served out one time for six weeks, another for 10 days.

via Janetter for Mac

Most sophisticated was compromising the supply chain for ICS control software, so engineers ended up with trojanised versions.

via Janetter for Mac

May 2013 to Apr 2014 that switched to compromised legit sites hosting Lightsout exploit kit.

via Janetter for Mac

Spearphishing to senior employees / engineers. Subject “The account” / “Settlement of delivery problem”. All from one Gmail account.

via Janetter for Mac

Three attack vectors: Spearphishing, watering hole attacks, compromise 3rd-party software, with increasing sophistication.

via Janetter for Mac

Defence and aviation targets were mainly US and Canada. Focus shift in 2013 to US and European energy targets.

via Janetter for Mac

Dragonfly was a cyberespionage campaign targeting defence from 2011 and then later energy sector, stealing info, capable of sabotage.

via Janetter for Mac

Next up is Marcin Siedlarz from Symantec on the Dragonfly threat actor.

via Janetter for Mac

I’m returning to tweet from the Association of anti-Virus Asia Researchers (AVAR) conference. etouches.com/ehome/avar2014… Mute to avoid.

via Janetter for Mac

I gather that the theme of G20 is now “The World Explains Things to Australia”. Crusader Rabbit will lap that up, I reckon. He’ll love it.

via Janetter for Mac

@JonDeeOz I’ve done two nights of that, and a third coming tonight. Obviously I am extremely happy* with the situation.

via Janetter for Mac in reply to JonDeeOz

Exploring the Sheraton’s idea of what constitutes “Thai green curry chicken”. While editing a video.

via Janetter for Mac

@gcluley I am still sulking in the foyer and getting my brain working. I have no idea where @juhasaarinen. He’s escaped.

via Janetter for Mac in reply to gcluley

RT @juhasaarinen: I could put on this enormous onesie hakkerihuppari and do an impromptu dance routine on stage. The AFP will be ready. [!]

via Janetter for Mac in reply to juhasaarinen

RT @gcluley: @juhasaarinen @stilgherrian Only banned from one session? you aren’t trying hard enough [What Mr Cluley says is true, folks.]

via Janetter for Mac in reply to gcluley

@juhasaarinen WHAT IS WRONG WITH YOUTUBE WHY DO YOU HATE FREEDOM.

via Janetter for Mac in reply to juhasaarinen

Palmer-Lambie Wars 1: The Press Releases.

via Janetter for Mac

@juhasaarinen Wait. I’ll just download it from YouTube. Using an innertube.

via Janetter for Mac in reply to juhasaarinen

@juhasaarinen We shall figure that out at lunchtime. I have a USB stick or Bluetooth or something.

via Janetter for Mac in reply to juhasaarinen

@dilettantiquity It’s all a bit silly, given it’s not a classified meeting, and anyone can post anything they like about anything.

via Janetter for Mac in reply to dilettantiquity

@juhasaarinen I have the audio, so I can re-mix that with a static frame at the start for the full thing.

via Janetter for Mac

Ah! @juhasaarinen filmed most of the Anti-Virus Industry Song. youtube.com/watch?v=nZp7G1…

via Janetter for Mac

@SnarkyPlatypus @oberonsghost Well @juhasaarinen are rarely in the same place, so something is something something thing.

via Janetter for Mac in reply to SnarkyPlatypus

@JackGJessen Well, that was more a set-up for the next joke.

via Janetter for Mac in reply to JackGJessen

@nphair @jon_lawrence Can you imagine telling your 2003 selves that Baidu would be part of it? Or were they already up by then?

via Janetter for Mac in reply to nphair

@mark_lawler @gcluley Hah! There were certainly a lot of “It’ll never happen” feelpinions back then.

via Janetter for Mac in reply to mark_lawler

@nphair @jon_lawrence Hah! There’s some “usual suspects” names on that list. But yes, a very different industry.

via Janetter for Mac in reply to nphair

@dilettantiquity It’s “Chatham House Rule”, singular, but that’s not much help when there’s only one person speaking.

via Janetter for Mac in reply to dilettantiquity

@rycrozier Yeah I think they’ve got it all thought through.

via Janetter for Mac in reply to rycrozier

In other disturbing news, @juhasaarinen is also in Sydney.

via Plume for Android

I’m running an errand and sulking, because there are too many people in the room who work for the government and know my face.

via Plume for Android

The next presentation is by the Australian Federal Police, but the media has been banned.

via Plume for Android

And @gcluley has ended on that happy note.

via Plume for Android

Lesson 7: We don’t know how lucky we are in the IT security industry. We get together and share information!

via Janetter for Mac

“You certainly can’t trust NSA or GCHQ to produce decent PowerPoint presentations.” @gcluley

via Janetter for Mac

Cluley: Snowden revelations have taught us that you can’t really trust anyone but yourself.

via Janetter for Mac

Lesson 6: It’s getting more serious. (The kids are now just doing DDoS and defacements.)

via Janetter for Mac

The real message from @gcluley is that the hype and media-friendly names help the industry get the message to users who don’t care.

via Janetter for Mac

A plea from @gcluley: “Can you just call a virus ‘Lumpytrousers’?”

via Janetter for Mac

Internet chaos meltdown time bomb!

via Janetter for Mac

Lesson 5: Hype and hysteria can sometimes be a good thing.

via Janetter for Mac

Malware authors don’t NEED to be geniuses, because users keep making the same mistakes.

via Janetter for Mac

LOVE-LETTER-FOR-YOU.TXT.vbs

via Janetter for Mac

Lesson 4: Malware authors are not geniuses.

via Janetter for Mac

He’s still sulking.

via Janetter for Mac

Lesson 3: Anti-virus is (still) not dead.

via Janetter for Mac

Lesson 2: Where there’s money, there’s malware (and where there’s malware there’s money). [Money for the AV industry, he means.]

via Janetter for Mac

I think this is just @gcluley’s long nostalgia-sulk that malware isn’t fun any more.

via Janetter for Mac

Now we’re seeing a whole series of malware-as-art images, which @gcluley compares with Banksy’s art.

via Janetter for Mac

No, @gcluley, this next virus is from Independence Day.

via Janetter for Mac

Who remembers the Cascade virus?

via Janetter for Mac

So @gcluley’s favourite virus is the Casino Virus, “Disk Destroyer, a Souvenir of Malta”.

via Janetter for Mac

It appears that @gcluley is about to claim there IS such a thing as a good virus.

via Janetter for Mac

Things I was told: “There’s no such thing as a good virus.”

via Janetter for Mac

Things I was told: “All viruses are written in Bulgaria.” [Remember the Dark Avenger?]

via Janetter for Mac

Things I was told: “Boot from a clean floppy disc.”

via Janetter for Mac

“AV industry should thank Bill Gates for the sterling work Microsoft did before the Trustworth Computing initiative,” says @gcluley

via Janetter for Mac

Remember the myth? You only have to worry about floppy discs, EXE and COM files.”

via Janetter for Mac

Well that was terrible. I have a recordng.

via Janetter for Mac

We have to sing a song now. We have to stand up.

via Janetter for Mac

Dr Solomon’s issued a commemorative clock on 1 October 1996 to having now tracked 10,000 viruses.

via Janetter for Mac

The early anti-virus industry was doomed, @gcluley was told, because eventually all the definitions wouldn’t fit on the 356kB floppy.

via Janetter for Mac

We are being reminded of boot-sector viruses that were spread by floppy drive and sneaker net. The old people are looking pained.

via Janetter for Mac

So @gcluley’s first programming job was writing the Windows version of Dr Solomon’s Anti-Virus Toolkit. Solomon wrote OS/2 version.

via Janetter for Mac

[Amusing and meandering story about Dr Solomon’s Anti-Virus Toolkit and a packet of cheesey biscuits.]

via Janetter for Mac

And now @gcluley is getting disapproving headshakes from the audience for having programmed in Pascal on his Amstrad.

via Janetter for Mac

And now @gcluley is demoing the game 3D Monster Maze that he played on said machine. It had 3D* graphics*.

via Janetter for Mac

He got a Sinclair ZX81, sold as being “powerful enough to run a nuclear power plant!” It has 1kB of memory.

via Janetter for Mac

In the summer of 1981, @gcluley really really wanted to be The Doctor. [He said he wants “to be Doctor Who”, but I will correct him.]

via Janetter for Mac

Lesson 1: Predicting the future is easy. Ensuring the predictions are correct is hard.

via Janetter for Mac

Next up, @gcluley’s keynote, “What 20 years working in the Anti-Virus industry taught me”

via Janetter for Mac

STIX files (an XML format) are currently being posted manually. Once XML is agrees upon, automation will follow. .

via Janetter for Mac

CERT AU now distributing Structured Threat Information Expression (STIX) files to speed ingest of threat info. stix.mitre.org

via Janetter for Mac

[I wont bother tweeting the rest of this organisational information ‘cos it’s all readily available on an innertube.]

via Janetter for Mac

CERT AU and Asia Pacific CERT is encouraging countries that don’t have CERTs to set them up.

via Janetter for Mac

CERT AU has been working closely with QLD authorities to prevent disruption and embarrassment during the G20.

via Janetter for Mac

ACSC is coordinating CERT AU, ACC, AFP, ASD and ASIO. [Not news, of course, just tweeting the background.]

via Janetter for Mac

Clark runs through CERT AU’s role, says they’re “currently transitioning” to the Aust Cyber Security Centre (ACSC), replacing CSOC.

via Janetter for Mac

@SnarkyPlatypus Bonjour. Je profite de l’entreprise des virus-pompiers. Et vous?

via Janetter for Mac in reply to SnarkyPlatypus

First up will be Dr Andrew Clark from CERT Australia on Regional Cyber Security Collaboration.

via Janetter for Mac

I am now tweeting from the Association of anti-Virus Asia Researchers (AVAR) conference, day 1. etouches.com/ehome/avar2014… Mute to avoid.

via Janetter for Mac

RT @newscomauHQ Russian warships unlikey a response to PM Tony Abbott bit.ly/1zNnI5U pic.twitter.com/Ailrpw2Qxk [Gosh, you don’t say.]

via Plume for Android

franksting Russia signs Nuclear energy deal with Iran. Half a column on page 16. Yep the Aussie media has its eye on the ball

via Twitter for iPhone (retweeted on 9:14 AM, Nov 13th, 2014 via Plume for Android)

KotakuAU Cops Raided Game Studio Because They Thought It Was A Gambling Den - tinyurl.com/mv6vcrp

via Allure Media Social (retweeted on 9:14 AM, Nov 13th, 2014 via Plume for Android)

@leslienassar No, I’m just a potential vulnerability.

via Plume for Android in reply to leslienassar

And there are so, so many ordinary people.

via Plume for Android

Arriving at Sydney Central like an ordinary person.

via Tweetbot for iΟS

MS14-066, eh? Well this is all a bit of a hoot.

via Tweetbot for iΟS

Has anyone suggested the band name “Clive and the PUPettes” yet?

via Tweetbot for iΟS

@leslienassar Is that a threat? It sounds like a threat.

via Tweetbot for iΟS in reply to leslienassar

@LeftyMatt Ah, and this Saturday. First I’d heard of it.

via Plume for Android in reply to LeftyMatt

I’ve just discovered that there’s a by-election in the Blue Mountains City Council, ‘cos the Labor candidate is working the railway station.

via Plume for Android

Thu plan: 0706 train to Sydney; 0930 AVAR conf day 1 etouches.com/ehome/avar2014…; write for @zdnetaustralia, maybe; @5at5daily; return train.

via Plume for Android in reply to stilgherrian

@juhasaarinen It’s more of a cyberhood these days, obviously.

via Plume for Android in reply to juhasaarinen

@juhasaarinen This describes most of the internet though. As long as it looks pretty on the surface, who cares what’s under the hood?

via Janetter for Mac in reply to juhasaarinen

@juhasaarinen So let me get this shocking news straight in my head. Alpha code is not suitable for production. MY GOD THIS IS OUTRAGEOUS.

via Janetter for Mac in reply to juhasaarinen

gregneuf Blind leading the blind “@hyounpark: IBM is training 10,000 consultants on the anatomy of a tweet. pic.twitter.com/OlIDedt8dJ

via Twitter for iPhone (retweeted on 6:28 AM, Nov 13th, 2014 via Janetter for Mac)

fanfiction_txt “I didn’t know it was a contest of Sex with yor pokemon?” Ash asked her,

rubbing his hair, which was full of goo.

via Twitter Web Client (retweeted on 6:18 AM, Nov 13th, 2014 via Janetter for Mac)

Oh great, now the taxi booker is judging my lifestyle. “6.45 this morning? Tsk tsk.”

via Janetter for Mac

The latest AV-Comparatives test results are out. That should feed some conversation today. av-comparatives.org/performance-te… av-comparatives.org/dynamic-tests/

via Janetter for Mac

Thu plan, draft: 0706 train to Sydney; AVAR conf day 1 etouches.com/ehome/avar2014…; write for @zdnetaustralia, maybe; @5at5daily; return train.

via Janetter for Mac

Thursday. If yesterday was the pre-wash, then today is the spin cycle. That’s right, the wash itself failed. Everything is filth. Thursday.

via Janetter for Mac

Having set the alarm for 0500, just over four hours away, I shall now attempt slumber. I have departed.

via Tweetbot for iΟS

@SnarkyPlatypus The Good Lord invented razor wire for a reason.

via Tweetbot for iΟS in reply to SnarkyPlatypus

@semibogan You made your choice with eyes open, did you not?

via Tweetbot for iΟS in reply to semibogan

I am told that the World Parks Congress worldparkscongress.org and G20 refugees are the cause. Even the Mountains are booked out.

via Janetter for Mac

Tomorrow morning I shall be catching the 0706 train back to Sydney. The city’s accommodation shortage is an embarrassment.

via Plume for Android

It is after midnight again. But I will be arriving at Wentworth Falls in five minutes, and a taxi will be waiting for me.

via Tweetbot for iΟS