AND WHAT IF HE COMES BY MOTORCADE ONE WAY AND GOES BY BOAT THE OTHER WAY WOW A PRESIDENT THAT DOES TWO DIFFERENT THINGS HE IS LIKE A GOD.
I WONDER WHAT COLOUR SOCKS PRESIDENT OBAMA WILL BE WEARING WILL IT BE THE SAME COLOUR SOCKS AS ME OMFG WHAT IF IT IS I’D TOTALLY FREAK OUT.
“It has not been confirmed whether Mr Obama will arrive at the Uni of Queensland by helicopter, motorcade or by boat on the Brisbane River.”
You fucking yokels.
“Of all of the world leaders’ planes, these are absolutely the stars, they are state of the art … blinged out with really iconic livery.”
Here’s one. “OMFG tilt-rotors blow dust everywhere that’s amazing we provincials haven’t see it before.†Oh grow up. http://t.co/syuRMqFCHX
Oh and the G20 is tomorrow, right? Brace yourself for more slack-jawed wonderment as the media gasps at the powerful people.
I am seriously getting over this screechy historically-ignorant panic-merchant bullshit that’s peddled as “news†these days.
“Russian fleet� Oh get a fucking grip, people. It’s barely a flotilla.
Translated out of cyber-bullshit, “Nation tries to find out what questions it might be asked in international forum.†Not exactly weird.
“We cannot tell you for reasons about not being able to tell you.”
“Mr Alperovitch said he could not name the media organisations targeted because of confidentiality reasons,†which is a logical fallacy.
“Chinese hackers ‘breach Australian media organisations’ ahead of G20â€, reports @abcnews in a curiously timed report. http://t.co/DGxVsLbN9b
@SnarkyPlatypus Yeah. I’d intended to catch the 2018 or 2118 back up the hill, but people. I blam@expectproblemsms, obviously.
“@gcluley sings The AntiVirus Industry Songâ€, a video by @juhasaarinen et moi. https://t.co/DH4NTangzo
@SnarkyPlatypus Yes. I arrive at Wentworth Falls at 0107, and must catch the 0706 back in the morning.
Departing.
@SnarkyPlatypus @expectproblems Until just a few minutes ago. Now I am preparing to catch the 2318 Lithgow service.
No, this won’t end well.

Shut up. I know what time it is. instagram.com/p/vVn-FGCFue/
Wow, @MarkDiStef, that is the best headline I’ve seen all day. Bravo. http://t.co/zF7NKQvfib
RT @BuzzFeedOz: We Talk To The Koala That’s Hugged Both Joe Hockey And Kim Kardashian http://t.co/sVpe9JsE7c via @MarkDiStef http://t.co/y1…
@SnarkyPlatypus @oberonsghost Soon, my precious. Soon.
@oberonsghost Excellent. It would seem that @expectproblems will be here too.
@oberonsghost Well, I am the place with a corner for a couple hours, if that helps your helps.
@expectproblems For approximately two hours.
@expectproblems I am in Haymarket and in a pub.
@expectproblems That’s a different verb. How does that relate to my verb?
Apparently no-one wants a drink.
joshgnosis Catch of the Day emailed asking if we do gift guides. I replied asking to explain why they waited 3 years to disclose a data breach. Silence
It seems there’s still a few spots left at the iappANz Summit “Privacy@Play†in Sydney this coming Monday. http://t.co/zsMOgyzo0o
I am uncertain.
At the place with the corner, but not in the corner.
Departing the conference, because the attendees will be heading to their dinner soon. I must eat more quickly and then head up the hill.
Sessions ends. #avar
In response to a question, it’s not definitively Russia. Could be Ukraine, Could be someone trying for them as a cover#avarar
It’s pretty clear this was Russia. One target was a Turkish company that manages oil/gas pipes from Iran etc#avarar
Siedlarz : Dragonfly is currently dormant, no new email traffic. It was well resources, “likely to be state-sponsoredâ#avaravar
My crypto knowledge is rather shoddy. That’s the one thing I keep learning at these events#avarar
Baltazar is now running through the hints they use to ease the brute-force decryption of the 3DES private key. #avar
I missed how that was then encrypted on the C&C server. #avar
Exfiltration then does XOR with key ‘1312312’ then BZip2 again. That file is then sent to the C&C server with a unique #avaravar
Data encrypted on target for exfiltration: Base64 > XML > BZip2 > 3DES with dynamically generated keys. #avar
I will not be so insane as to try to tweet an architectural description of the malware. #avar
Symantrec’s Jonell Baltazar takes over to discuss the Dragonfly malware internals. Lightsout / Backdoor.Oldrea / Trojan.Karagany!gen1#avarar
Bad guys’ OPSEC failures allowed the researchers to get the stolen files and decrypt them#avarar
Some of the work was done on Saturdays. Note that Russian govt often works Tue-Sat, not Mon-Fri. [Curious coincidence.] #avar
Compilation timestamps fall into standard working day, suggests professional developers. Timezone UTC+4 matches Moscow and Seychelles. #avar
Symantec got access to the C&C server through a request to the hosting provider. #avar
Command and control servers were placed on compromised WordPress and Joomla sites, majority hosted in US, then Germany, then others. #avar
The trojanised versions of software updates were being served out one time for six weeks, another for 10 days. #avar
Most sophisticated was compromising the supply chain for ICS control software, so engineers ended up with trojanised versions. #avar
May 2013 to Apr 2014 that switched to compromised legit sites hosting Lightsout exploit kit. #avar
Spearphishing to senior employees / engineers. Subject “The account†/ “Settlement of delivery problemâ€. All from one Gmail a#avart. #avar
Three attack vectors: Spearphishing, watering hole attacks, compromise 3rd-party software, with increasing sophistication. #avar
Defence and aviation targets were mainly US and Canada. Focus shift in 2013 to US and European energy targets. #avar
Dragonfly was a cyberespionage campaign targeting defence from 2011 and then later energy sector, stealing info, capable of sabotage. #avar
Next up is Marcin Siedlarz from Symantec on the Dragonfly threat actor. #avar
I’m returning to tweet from the Association of anti-Virus Asia Researchers (AVAR) conference. https://t.co/Y4AB90vBRP Mute #avar to avoid.
I gather that the theme of G20 is now “The World Explains Things to Australiaâ€. Crusader Rabbit will lap that up, I reckon. He’ll love it.
@JonDeeOz I’ve done two nights of that, and a third coming tonight. Obviously I am extremely happy* with the situation.
Exploring the Sheraton’s idea of what constitutes “Thai green curry chickenâ€. While editing a video.
@gcluley I am still sulking in the foyer and getting my brain working. I have no idea where @juhasaarinen. He’s escaped.
RT @juhasaarinen: I could put on this enormous onesie hakkerihuppari and do an impromptu dance routine on stage. The AFP will be ready. [!]
RT @gcluley: @juhasaarinen @stilgherrian Only banned from one session? you aren’t trying hard enough [What Mr Cluley says is true, folks.]
@juhasaarinen WHAT IS WRONG WITH YOUTUBE WHY DO YOU HATE FREEDOM.
Palmer-Lambie Wars 1: The Press Releases.
@juhasaarinen Wait. I’ll just download it from YouTube. Using an innertube.
@juhasaarinen We shall figure that out at lunchtime. I have a USB stick or Bluetooth or something.
@dilettantiquity It’s all a bit silly, given it’s not a classified meeting, and anyone can post anything they like about anything.
@juhasaarinen I have the audio, so I can re-mix that with a static frame at the start for the full thing.
Ah! @juhasaarinen filmed most of the Anti-Virus Industry Song. https://t.co/zTFMeUPPJn #avar
@SnarkyPlatypus @oberonsghost Well @juhasaarinen are rarely in the same place, so something is something something thing.
@juhasaarinen And we should be allowed back in in a few minutes. @franksting @SnarkyPlatypus @oberonsghost @parisbcowan @gcluley
@JackGJessen Well, that was more a set-up for the next joke.
@nphair @jon_lawrence Can you imagine telling your 2003 selves that Baidu would be part of it? Or were they already up by then?
@mark_lawler @gcluley Hah! There were certainly a lot of “It’ll never happen†feelpinions back then.
@nphair @jon_lawrence Hah! There’s some “usual suspects†names on that list. But yes, a very different indu#avar #avar
@juhasaarinen @franksting @SnarkyPlatypus @oberonsghost @parisbcowan @gcluley This will not end well.
@dilettantiquity It’s “Chatham House Ruleâ€, singular, but that’s not much help when there’s only one person speaking.
@rycrozier Yeah I think they’ve got it all thought through.
In other disturbing news, @juhasaarinen is also in Sydney.
@gavincostello @gcluley Yes, it’s all quite disturbing.
I’m running an errand and sulking, because there are too many people in the room who work for the government and know my face.
@0x1C I would never be cynical.
The next presentation is by the Australian Federal Police, but the media has been banned. #avar
Lesson 7: We don’t know how lucky we are in the IT security industry. We get together and share information#avarar
“You certainly can’t trust NSA or GCHQ to produce decent PowerPoint presentation@gcluleyc#avar #avar
Cluley: Snowden revelations have taught us that you can’t really trust anyone but yourself#avarar
Lesson 6: It’s getting more serious. (The kids are now just doing DDoS and defacements.#avarar
The real message from @gcluley is that the hype and media-friendly names help the industry get the message to users who don’t care#avarar
Internet chaos meltdown time bomb! #avar
Lesson 5: Hype and hysteria can sometimes be a good thing. #avar
Malware authors don’t NEED to be geniuses, because users keep making the same mistakes#avarar
LOVE-LETTER-FOR-YOU.TXT.vbs #avar
Lesson 4: Malware authors are not geniuses. #avar
He’s still sulking#avarar
Lesson 3: Anti-virus is (still) not dead. #avar
Lesson 2: Where there’s money, there’s malware (and where there’s malware there’s money). [Money for the AV industry, he #avar.] #avar
Now we’re seeing a whole series of malware-as-art images, whic@gcluleyey compares with Banksy’s a#avaravar
Who remembers the Cascade virus? #avar
So @gcluley’s favourite virus is the Casino Virus, “Disk Destroyer, a Souvenir of Malt#avar #avar
Things I was told: “There’s no such thing as a good viru#avar #avar
Things I was told: “All viruses are written in Bulgaria.†[Remember the Dark Avenge#avaravar
Things I was told: “Boot from a clean floppy disc.â€#avarar
“AV industry should thank Bill Gates for the sterling work Microsoft did before the Trustworth Computing initiative,†s@gcluleyu#avaravar
Remember the myth? You only have to worry about floppy discs, EXE and COM files.â€#avarar
Well that was terrible. I have a recordng. #avar
We have to sing a song now. We have to stand up. #avar
Dr Solomon’s issued a commemorative clock on 1 October 1996 to having now tracked 10,000 viruses#avarar
The early anti-virus industry was doomed, @gcluley was told, because eventually all the definitions wouldn’t fit on the 356kB floppy#avarar
We are being reminded of boot-sector viruses that were spread by floppy drive and sneaker net. The old people are looking pained. #avar
So @gcluley’s first programming job was writing the Windows version of Dr Solomon’s Anti-Virus Toolkit. Solomon wrote OS/2 versi#avaravar
[Amusing and meandering story about Dr Solomon’s Anti-Virus Toolkit and a packet of cheesey biscuits.#avarar
And now @gcluley is getting disapproving headshakes from the audience for having programmed in Pascal on his Amstrad. #avar
And now @gcluley is demoing the game 3D Monster Maze that he played on said machine. It had 3D* graphics*. #avar
He got a Sinclair ZX81, sold as being “powerful enough to run a nuclear power plant!†It has 1kB of memo#avaravar
In the summer of 1981, @gcluley really really wanted to be The Doctor. [He said he wants “to be Doctor Whoâ€, but I will correct hi#avaravar
Lesson 1: Predicting the future is easy. Ensuring the predictions are correct is hard. #avar
STIX files (an XML format) are currently being posted manually. Once XML is agrees upon, automation will follow. #avar.
CERT AU now distributing Structured Threat Information Expression (STIX) files to speed ingest of threat info. stix.mitre.org #avar
[I wont bother tweeting the rest of this organisational information ’cos it’s all readily available on an innertub#avaravar
CERT AU and Asia Pacific CERT is encouraging countries that don’t have CERTs to set them up#avarar
CERT AU has been working closely with QLD authorities to prevent disruption and embarrassment during the G20. #avar
ACSC is coordinating CERT AU, ACC, AFP, ASD and ASIO. [Not news, of course, just tweeting the background.] #avar
Clark runs through CERT AU’s role, says they’re “currently transitioning†to the Aust Cyber Security Centre (ACSC), replacin#avarC. #avar
@SnarkyPlatypus Bonjour. Je profite de l’entreprise des virus-pompiers. Et vous?
First up will be Dr Andrew Clark from CERT Australia on Regional Cyber Security Collaboration. #avar
I am now tweeting from the Association of anti-Virus Asia Researchers (AVAR) conference, day 1. https://t.co/Y4AB90vBRP Mute #avar to avoid.

RT @newscomauHQ Russian warships unlikey a response to PM Tony Abbott bit.ly/1zNnI5U pic.twitter.com/Ailrpw2Qxk [Gosh, you don’t say.]
franksting Russia signs Nuclear energy deal with Iran. Half a column on page 16. Yep the Aussie media has its eye on the ball
KotakuAU Cops Raided Game Studio Because They Thought It Was A Gambling Den - tinyurl.com/mv6vcrp
St James.
@leslienassar No, I’m just a potential vulnerability.
And there are so, so many ordinary people.
Arriving at Sydney Central like an ordinary person.
@NewtonMark What’s “Bing”?
MS14-066, eh? Well this is all a bit of a hoot.
Has anyone suggested the band name “Clive and the PUPettes” yet?
@leslienassar Is that a threat? It sounds like a threat.

Crossing the Nepean instagram.com/p/vUFxhFCFs-/

The Labor candidate. pic.twitter.com/U2flIGx5BS
@LeftyMatt Ah, and this Saturday. First I’d heard of it.
I’ve just discovered that there’s a by-election in the Blue Mountains City Council, ‘cos the Labor candidate is working the railway station.
Thu plan: 0706 train to Sydney; 0930 AVAR conf day 1 https://t.co/Y4AB90vBRP; write for @zdnetaustralia, maybe; @5at5daily; return train.
@juhasaarinen It’s more of a cyberhood these days, obviously.
Mobile.
@juhasaarinen This describes most of the internet though. As long as it looks pretty on the surface, who cares what’s under the hood?
@juhasaarinen So let me get this shocking news straight in my head. Alpha code is not suitable for production. MY GOD THIS IS OUTRAGEOUS.
RT @gregneuf: Blind leading the blind “@hyounpark: IBM is training 10,000 consultants on the anatomy of a tweet. #SWGAI http://t.co/OlIDed…
fanfiction_txt “I didn’t know it was a contest of Sex with yor pokemon?” Ash asked her,
rubbing his hair, which was full of goo.
@michaelneale Well he can’t see that on the phone.
Oh great, now the taxi booker is judging my lifestyle. “6.45 this morning? Tsk tsk.”
The latest AV-Comparatives test results are out. That should feed some conversation today. http://t.co/7dkb3C1qfF http://t.co/wpqQaNqD4W
Thu plan, draft: 0706 train to Sydney; AVAR conf day 1 https://t.co/Y4AB90vBRP; write for @zdnetaustralia, maybe; @5at5daily; return train.
Thursday. If yesterday was the pre-wash, then today is the spin cycle. That’s right, the wash itself failed. Everything is filth. Thursday.
Having set the alarm for 0500, just over four hours away, I shall now attempt slumber. I have departed.
@SnarkyPlatypus The Good Lord invented razor wire for a reason.
@semibogan You made your choice with eyes open, did you not?
@SnarkyPlatypus Don’t get me started.
I am told that the World Parks Congress worldparkscongress.org and G20 refugees are the cause. Even the Mountains are booked out.
Tomorrow morning I shall be catching the 0706 train back to Sydney. The city’s accommodation shortage is an embarrassment.
It is after midnight again. But I will be arriving at Wentworth Falls in five minutes, and a taxi will be waiting for me.
@SnarkyPlatypus I daresay this is a strategy.