Stilgherrian (@stilgherrian)

Wentworth Falls NSW AU

The below is an off-site archive of all tweets posted by @stilgherrian ever

June 3rd, 2015

I have an early start tomorrow, so by the time you see this tweet I will have gone.

via TweetDeck

THIS HAS NOTHING TO DO WITH FISTING.

via TweetDeck

People keep saying “You started it!” to me.

via TweetDeck

Yes, @GrogsGamut @jonkudelka @Pollytics, I noticed too late that @robcorr deserves credit for that compilation.

via TweetDeck in reply to GrogsGamut

marxculture People often say to me, “mark, do you have a photo that sums up digital transformation?”

Why yes, yes I do pic.twitter.com/MfUO5RVvHu

via Tweetbot for Mac (retweeted on 7:57 PM, Jun 3rd, 2015 via TweetDeck)

@NewtonMark @NicholasFryer @bigjsl Tat’s really not the same as a tattoo, though.

via TweetDeck in reply to NewtonMark

jamesrbuk What I really want to know is what are the other categories? twitter.com/johnplunkett14…

via Twitter Web Client (retweeted on 7:56 PM, Jun 3rd, 2015 via TweetDeck)

@jonkudelka @Pollytics @GrogsGamut Was it as good for you as it was for me? I think I need a cigarette after reading that.

via TweetDeck in reply to jonkudelka

“Each line on a graph means something and gives the solution to its repair.” storify.com/_robcorr/each-…

via TweetDeck

I will break my rule on not linking to Storfy to bring you this glory. sfy.co/g0fWR HT @Pollytics, sympathies @GrogsGamut

via TweetDeck

SharesMagSteve Official, IT sec firm Sophos to IPO, straight into FTSE 250 w/ £1bn-£1.5bn mkt cap. About time UK had a big tech float, more please…

via Twitter Web Client (retweeted on 7:36 PM, Jun 3rd, 2015 via TweetDeck)

@johnthelutheran I had no idea that St Thomas was so risqué!

via TweetDeck in reply to johnthelutheran

Is Paul Barry halal?

via TweetDeck

@joshgnosis I agree, it’s pretty heady stuff. And cheaper than PCP.

via TweetDeck in reply to joshgnosis

@timpoliti @llament It’s certainly a business, isn’t it.

via TweetDeck in reply to timpoliti

Me at @zdnetaustralia today: “Australia’s cyber defence ‘pretty ordinary’ before ASD’s Top Four” zdnet.com/article/austra…

via TweetDeck

@OaaSvc @lady_nerd @marcoostini Thanks. I’ve eaten plenty for now. I’ll break the back of these two articles and then collapse, I think.

via TweetDeck in reply to OaaSvc

@bigjsl @NicholasFryer I’d have thought that the entire podcast was its own safety warning.

via TweetDeck in reply to bigjsl

Dear @NicholasFryer, please be aware of this tweet by @bigjsl, who is a lovely chap. twitter.com/bigjsl/status/…

via TweetDeck

@OaaSvc @lady_nerd @marcoostini Alas, I must get some work done for now, though I may have some supper later.

via TweetDeck in reply to OaaSvc

jrhennessy I saw the phrase “Read a bloody map Warren you pretzel” in a Facebook thread and I can’t stop thinking about it

via Twitter Web Client (retweeted on 5:33 PM, Jun 3rd, 2015 via TweetDeck)

Wed plan, 1730 update: Transcribe some of today’s recordings; supper and a nightcap, perhaps; collapse and prepare for another early start.

via TweetDeck

WombatOnPatrol Wombat Wednesday haiku.

On a moonless night
a wombat casts no shadow
square poo, what’s with that?

pic.twitter.com/3jG8E7OdJI

via Twitter for iPhone (retweeted on 5:13 PM, Jun 3rd, 2015 via Plume for Android)

Dear World, take note of how an Australian parliament like NSW’s deals with boofheads. HT @Roj_Ame pic.twitter.com/C4N9Fwk8nT

via Plume for Android

The sun has set over the Gold Coast. pic.twitter.com/rzUY5KcToA

via Plume for Android

I shall be foregoing the @hacklabs whisky tasting tonight because I have deadlines, but I wish everyone there well.

via TweetDeck

@kofeyh @0x1C Really? They seemed happy enough to fund my new experimental drama series, “Goats of ASIO”

via TweetDeck in reply to kofeyh

Oh. @0x1C and I have been seen talking. Someone notify the authorities.

via Plume for Android

@AssoftServe I will almost definitely be writing this up for @zdnetaustralia, will link to the slides etc if they’re online.

via TweetDeck in reply to AssoftServe

@MarkLaffan The pie was rather nice, actually. As was the second pie.

via TweetDeck in reply to MarkLaffan

This is either the third-best thing I have seen today, or “a shit idea”. (Joke stolen from @darrenpauli) twitter.com/GuardianAus/st…

via TweetDeck

@R_Chirgwin @0xmaro English as a second+ language FTN (for the neutral).

via TweetDeck in reply to R_Chirgwin

My self-control: “I should be healthy and have fruit for afternoon tea… PARTY PIES!!!”

via Plume for Android

@AssoftServe True. But I use the slides as an index to my recording, and some of the spoken words were helpful. I may write that up later.

via TweetDeck in reply to AssoftServe

And thus ends the lesson from the University of Otago. pic.twitter.com/CKCAGwRBNG

via Plume for Android

And this is what Uni of Otago did in response… pic.twitter.com/ASin3gxah2

via Plume for Android

Oops! I missed a point on that last slide: It was all primarily one attacker, probably, given the consistency of approach.

via TweetDeck

They’d trained their users to accept this sort of thing. This isn’t a phish! pic.twitter.com/Pgo49Pugfv

via Plume for Android

What we discovered, part 2, with the first point being the big takeaway. pic.twitter.com/iFrwzbNVBZ

via Plume for Android

Once accounts were compromised, they were used by outside people in as little as 5 hours. pic.twitter.com/WkWJfZnSXg

via Plume for Android

@garthk Well, all of those things.

via TweetDeck in reply to garthk

The blue line shows how many emails were sent from compromised accounts, red is how many queued ‘cos mail reputation was gone.

via TweetDeck

That 4th box says that all of the 1174 emails were intercepted, but four users infected ‘cos they used external email accounts.

via TweetDeck

I won’t post any more phishing examples just now, because there’s always plenty to find on that internet thing.

via TweetDeck

Overall, the university is a large target with good infrastructure (so that makes it a good base for further ops, I guess).

via TweetDeck

Stolen accounts were also used to access other organisations that trusted connections from Uni of Otago.

via TweetDeck

Another one was staff having some of their payroll diverted to another account, something seen by US universities.

via TweetDeck

“Why us?” One was economic value, particularly student accounts, used to get free resources that overseas students don’t have.

via TweetDeck

Borrie says that in June 2013, Uni of Otago got hit with a spear phishing attack, so they studied it to see what’s going on.

via TweetDeck

Next up, Mark Borrie, Univeristy of Otago, “Why Phishing Works”

via TweetDeck

“How governments are using cyber crime tools to target activists”, writes @HamishBarwick computerworld.com.au/article/576521…

via TweetDeck

This last point is why @0xmaro thinks FinSpy’s crypto was so flawed. pic.twitter.com/3unCV6VlyR

via Plume for Android

And now @0xmaro has hijacked a FinSpy-infected Android to see what it has collected. pic.twitter.com/ve38yJxcMX

via Plume for Android

Anyone can reconfigure the device via the Emergency SMS protocol. pic.twitter.com/Kx7m4cKuWN

via Plume for Android

Learning about the cryptographic arsehattery that meant @0xmaro could brute-force FinSpy’s crypto in 30.5 hours on one server.

via TweetDeck

FinSpy’s makers will have fixed this flaw by now, but we were just shown how to detect if your Android has this spyware on it.

via TweetDeck

“NSW Police use hacking software to spy on computers and smartphones: WikiLeaks data”, @bengrubb in 2014 smh.com.au/it-pro/governm…

via TweetDeck

“East kind of things”? Thank you, automangle. (Or was it FinSpy on my phone…?15

via TweetDeck

Yes, as @0xmaro explained, the config files reveal east kinds of things the spyware can do. pic.twitter.com/XGXaqZmeR0

via Plume for Android

The slides will be on the website, but this is curious. Don’t want people to spot the software! pic.twitter.com/2jZGowea7d

via Plume for Android

GreenJ which is a weird concept when you think about it twitter.com/newscomauHQ/st…

via TweetDeck (retweeted on 2:03 PM, Jun 3rd, 2015 via TweetDeck)

@drzax It’s important to put your own slant on the news.

via TweetDeck in reply to drzax

ForeignPolicy Well, that didn’t go as planned. A British battle tank crushed a German driving student’s car. atfp.co/1dJQ4pN pic.twitter.com/hiQPtTkSuU

via Buffer (retweeted on 2:02 PM, Jun 3rd, 2015 via TweetDeck)

darrenpauli Can’t make Attila Marosi’s FinSpy talk? Here it is via TROOPERS 15 youtube.com/watch?feature=… pic.twitter.com/vVlnZoIneN

via Twitter Web Client (retweeted on 2:01 PM, Jun 3rd, 2015 via TweetDeck)

dkulshitsky FinFisher: not using an exploit for installation. Just need 2min with the device to install manually.Wants lots of permissions

via Twitter for Android (retweeted on 2:00 PM, Jun 3rd, 2015 via TweetDeck)

Yeah, 10 minutes in and we’re reverse engineering Android code. I am so not up to date on this stuff.

via TweetDeck

@BundyB Yeah, I left out the “@”.

via TweetDeck in reply to BundyB

Earlier presentations on FinSpy / FinFisher from @0xmaro are at marosi.hu

via TweetDeck

Certain Australian agencies use FinSpy, said @0xmaro. Did he just say that? Well, let’s learn how to break it!

via TweetDeck

This is going to go very deep down the rabbit hole… pic.twitter.com/91exYfV8rr

via Plume for Android

This session should also be on the Livestream at livestream.com/accounts/49315…, ‘cos it’s in the Monarch Room.

via TweetDeck

Next: 0xmaro, Sophos Lab,
“Hacking FinSpy: how to analyse and defeat an Android law-enforcement spying app”

via TweetDeck

Reminder: I’m tweeting from the @AusCERT Information Security Conference today. conference.auscert.org.au/program Mute to avoid.

via TweetDeck

Me at @zdnetaustralia: “Australia’s cyber defence ‘pretty ordinary’ before ASD’s Top Four” zdnet.com/article/austra… pic.twitter.com/nkYeiCMw2b

via TweetDeck

@OaaSvc @dlitchfield There that, and that may fit with a feature story that I have to write this month.

via TweetDeck in reply to OaaSvc

@Neefsck @nrw505 Do I get to pick which staff member?

via TweetDeck in reply to Neefsck

OH, angry man: “I need to blog about this some more!” Look, OK, it was @Steve_Lockstep

via Plume for Android

OH: “Well, I’m a regulator…” “So, is that a diet thing?”

via TweetDeck

@EvaMcGinness I don’t have a copy of the buzzword bingo card. Where do I get one?

via TweetDeck in reply to EvaMcGinness

Watts stresses that the biggest risk is personnel security. But VICPOL did “lose” that guy who was under witness protection.

via TweetDeck

Want to work with the Victorian government? You’ll have to be compliant. pic.twitter.com/4cXcSQW8w9

via Plume for Android

Ah! Watts just name-checked privacy by design and security by design. pic.twitter.com/qOn64JZEVi

via Plume for Android

Watts’ next slide is the “confidentiality, integrity, availability” framework. I thought we’d moved on from there?

via TweetDeck

Apropos of nothing @Steve_Lockstep needs to read the origins of the word “wonk”. oxforddictionaries.com/definition/eng…

via TweetDeck

“We’re not taking a compliance-based approach, we’re taking a risk-based approach,” says Watts. pic.twitter.com/EWMWA6gHzB

via Plume for Android

Steve_Lockstep Watts: “the big trap in data classification is over-classification” . < MyPOV: there’s plenty of under-classification too.

via Twitter for iPhone (retweeted on 11:03 AM, Jun 3rd, 2015 via TweetDeck)

@xntrik @lady_nerd @kiwicon I’ll definitely look at @avasecure a little. This harden-the-human stuff fascinates me.

via TweetDeck in reply to xntrik

I won’t tweet this session, because it’s dreadfully policy-wonk. In a good way. (Is there a good way?)

via TweetDeck

Steve_Lockstep Watts: The role of the Commissioner for Privacy and Data Protection, Victoria (Aus). pic.twitter.com/HrRFvYObqh

via iOS (retweeted on 10:56 AM, Jun 3rd, 2015 via TweetDeck)

I’m with David Watts, Comm for Privacy & Data Protection, Victoria, on the state’s “New Approach to Data Security in Victoria”

via TweetDeck

jeamland Can we have a competition for the most disingenuous claim from an Australian Federal politician?

via Tweetbot for Mac (retweeted on 10:54 AM, Jun 3rd, 2015 via TweetDeck)

In another room, @sparky_au is presenting Telstra’s Five Knows that tweeted about Tuesday. I’m in the Victorian policy thing.

via TweetDeck

Steve_Lockstep Now at - David Watts, Victorian Commissioner for Privacy and Data Protection. pic.twitter.com/82gNlfS76e

via Twitter for iPhone (retweeted on 10:53 AM, Jun 3rd, 2015 via TweetDeck)

Paul Barry is getting gender reassignment? twitter.com/franksting/sta…

via TweetDeck

“The manual teach-once-and-hope systems [for security training] are done,” says @lady_nerd.

via TweetDeck

The software that @lady_nerd has been talking about is the AVA Human Vulnerability Scanner. avasecure.com

via TweetDeck

EvaMcGinness @lady_nerd Love the idea of reinforcing good security behaviour. Endorphins are a good motivator for playing safe.

via Twitter for Android (retweeted on 10:16 AM, Jun 3rd, 2015 via TweetDeck)

The Livestream of the @AusCERT conference main room is at livestream.com/accounts/49315… and you can rewind, @MarkHumphries tells me.

via TweetDeck

“There’s a bit of a grey area around AVA, in that it’s ethically dubious, and that’s OK,” says @lady_nerd

via TweetDeck

@humphriesmark @lady_nerd Ah good. I will re-plug that, then, and hope that it stays up there.

via TweetDeck in reply to humphriesmark

OaaSvc Schedule social engineering testing. People behave differently over time. @lady_nerd

via TweetDeck (retweeted on 10:12 AM, Jun 3rd, 2015 via TweetDeck)

I’ll certainly be linking to the video of @lady_nerd’s presentation once it’s online. This is brilliant stuff.

via TweetDeck

_Mike_Holm_ Physical security: challenge people at the door, the training says. Did anyone ever practice that? Train staff? @lady_nerd

via Twitter for iPad (retweeted on 10:08 AM, Jun 3rd, 2015 via TweetDeck)

Steve_Lockstep .@lady_nerd says history of email accounts is important vulnerability intelligence < Reminds me of signals mgt /cc @confyrm

via Twitter Web Client (retweeted on 10:07 AM, Jun 3rd, 2015 via TweetDeck)

This is very true, attendees. Do consider. twitter.com/JackGJessen/st…

via TweetDeck

OaaSvc Now talking about automated scanning for people. AVA. It’s an open source tool. @lady_nerd

via TweetDeck (retweeted on 10:04 AM, Jun 3rd, 2015 via TweetDeck)

Steve_Lockstep .@lady_nerd: Pro phishers measure the effectiveness of their work better than we measure training! pic.twitter.com/DyRi8mviyJ

via iOS (retweeted on 10:03 AM, Jun 3rd, 2015 via TweetDeck)

So, what if we could do automated vulnerability scanning for humans as well as networks, asks @lady_nerd

via TweetDeck

Phishers are analysing the ROI of their attacks, so why aren’t we analysing the effectiveness of our training, asks @lady_nerd

via TweetDeck

The purpose of 25-min security awareness videos is to make people wish they could get their 25 mins back, says @lady_nerd

via TweetDeck

Tip: Google “security awareness poster” to see some true clip-art “treasures”, says @lady_nerd “This not how humans learn.”

via TweetDeck

Security awareness education? Compliance has us racing to the bottom, says @lady_nerd.

via TweetDeck

tveastman There’s a Live Feed of @lady_nerd ‘s talk happening right now at livestream.com/accounts/49315…

via TweetDeck (retweeted on 9:52 AM, Jun 3rd, 2015 via TweetDeck)

Note to tech conference organisers: Consider @AusCERT’s example, and kick off with a couple of women presenting for a change.

via TweetDeck

Next up, @lady_nerd from SafeStack, “Protecting your people - automated human vulnerability scanning”

via TweetDeck

“The legal envronment in Australia is… unique. You have a couple really horrible laws.15

via TweetDeck

Publish your research on a form that can be understood by journalists and activists so they can make use of it, says @evacide

via TweetDeck

“You are all dong research, just not running around buying things?” asks @evacide. “Publish your research.”

via TweetDeck

This is one of the key messages from @evacide’s talk. twitter.com/EvaMcGinness/s…

via TweetDeck

I had to duck out, so I just missed a whole discussion of Ethiopia and some legal stuff that is really, really important.

via TweetDeck

Material on Vietnam now. @evacide notes one case which shows a single critical blog post can get you a RAT.

via TweetDeck

Newer research 2: “Behind the Syrian Conflict’s Digital Frontlines” fireeye.com/blog/threat-re…

via TweetDeck

Newer research 1: “The Syrian Malware House of Cards” securelist.com/blog/research/…

via TweetDeck

All the research presented so far is old, because @evacide stopped. But others have continued.

via TweetDeck

Syrian malware has moved to using BlackShades RAT. $150.

via TweetDeck

The writer of DarkComet RAT stopped supporting it because of “inappropriate use” by Syria. What is “appropriate” use of a RAT?

via TweetDeck

Syrian students are getting more savvy in response. pic.twitter.com/QnI5R9Sn2L

via Plume for Android

Now @evacide is running through some more detailed facts about Syrian malware campaigns.

via TweetDeck

I won’t tweet any more of these “topical social engineering” attacks, but some of them are pretty funny.

via TweetDeck

Meanwhile, me at @zdnetaustralia: “Australia’s cyber defence ‘pretty ordinary’ before ASD’s Top Four” zdnet.com/article/austra…

via TweetDeck

Here’s another example of a “topical social engineering” phish. pic.twitter.com/tT1dtE1WQ3

via Plume for Android

“This Flash installer [on fake YouTube] was mailicioius. Even more malicious than having Flash on your machine” Ouch, @evacide!

via TweetDeck

troyhunt Good turnout at by the look of it too pic.twitter.com/40G4fyAP8Z

via iOS (retweeted on 9:16 AM, Jun 3rd, 2015 via TweetDeck)

troyhunt Keynote at quoting @thegrugq: “Privacy and security do not work retroactively”. Nice.

via Twitter for iPhone (retweeted on 9:15 AM, Jun 3rd, 2015 via TweetDeck)

Eva tells the story from this CNN yarn from 2012, “Computer spyware is newest weapon in Syrian conflict” edition.cnn.com/2012/02/17/tec…

via TweetDeck

This was when Facebook and Twitter made noticeable improvements to their security.

via TweetDeck

Assad unblocking Facebook was a trap, says @evacide. With no HTTPS by default, Syria launched a man-in-the- middle attack.

via TweetDeck

In the West, compromised users suffer identity theft. In Syria, they can get executed, @evacide reminds us.

via TweetDeck

OaaSvc “You’re not a good journalist if you’re not making powerful enemies.” - @evacide. Are you listening Australian Press Corp?

via TweetDeck (retweeted on 9:08 AM, Jun 3rd, 2015 via TweetDeck)

Opening keynote is @EFF’s @evacide, “We could be heroes”

via TweetDeck

Steve_Lockstep Thomas King AusCERT GM goes full at . pic.twitter.com/Ihzsy4Wt6T

via Twitter for iPhone (retweeted on 9:01 AM, Jun 3rd, 2015 via TweetDeck)

jamver AusCERT also taking on the role of the “Royal Flying Doctor Service” with the launch of the “Flying Squad”

via Twitter for iPhone (retweeted on 9:00 AM, Jun 3rd, 2015 via TweetDeck)

King announces that @AusCERT is partnering with the iDcare identity theft support service. idcare.org

via TweetDeck

When @AusCERT sends malware samples to vendors, only 37% of them are something the vendors can already detect.

via TweetDeck

“As always, things are getting worse.” 200 pieces of malware and 536 phishing sites are being processed each month.

via TweetDeck

Membership numbers of @AusCERT are up 19% since the start of the year. Highest figure in org’s 22 year history.

via TweetDeck

42% of delegates are here for the first time.

via TweetDeck

Thomas King, GM @AusCERT, is kicking off with some stats. ~800 attendees, 381 being trained, 20 countries represented.

via TweetDeck

@marcoostini @AusCERT Yes, thank you, Marco, I have been … educated15

via TweetDeck in reply to marcoostini

@topdeck Don’t get me started about that! It’s one of my biggest, biggest gripes.

via TweetDeck in reply to topdeck

Yes, today I am tweeting from the AusCERT Information Security Conference. conference.auscert.org.au/programMute to avoid.

via TweetDeck

Me: “What hashtag are we using?” She nods toward the stage. Oh. I am an arsehat. pic.twitter.com/JVaTX2Tkq8

via Plume for Android

CyberBuzzfeed Is California’s Drought Being Caused By Bitcoin Cooling Reactors Sending Water Into Space? pic.twitter.com/V45vuvHJHC

via Twitter for iPhone (retweeted on 8:22 AM, Jun 3rd, 2015 via TweetDeck)

@Taezar @bengrubb That’s the one, though a certain Queensland Police officer just told me we need to let go of the past.

via Plume for Android in reply to Taezar

Hey @AusCERT @marcoostini, what hashtag are we meant to be using today?

via TweetDeck

@vealmince Oh do let me know how it works for you.

via TweetDeck in reply to vealmince

The other 97 seem to be missing, perhaps destroyed by the chemtrail instagram.com/p/3cPND9CFgy/

via Instagram

Me at @crikey_news Tuesday: “ASIC still able to wield its magic hammer online” crikey.com.au/2015/06/02/asi… [$, free trial]

via TweetDeck

@Taezar It’s lovely here, yes, I’ve been here a few times before. Our catering is pretty much locked down, though.

via TweetDeck in reply to Taezar

Story filed for @zdnetaustralia, finally. That’s the first from , and there’ll be another one coming later.

via TweetDeck

OK, writing now, ‘cos I really must finish this thing before breakfast.

via TweetDeck

kentishtowncats Shit going down in Nottingham. pic.twitter.com/rp7yKncfvS

via Twitter for iPhone (retweeted on 5:44 AM, Jun 3rd, 2015 via TweetDeck)

@trentyarwood @OaaSvc I’ll tweet when it doesn’t interfere with the coverage I’m being paid to produce. I’ll see how I go.

via TweetDeck in reply to trentyarwood

Wed plan, draft: Write for @zdnetaustralia; 0830 AusCERT conference conference.auscert.org.au/program, with more writing along the way. A busy day.

via TweetDeck

@gusworldau @alexkidman It’s not a matter of whether you’re allowed access, more whether you’re on the list for it to be administered.

via TweetDeck in reply to gusworldau

Wednesday. Most of them are not awake yet. Use the blue spray, just to make sure. Wednesday.

via Plume for Android