Stilgherrian (@stilgherrian)

Wentworth Falls NSW AU

The below is an off-site archive of all tweets posted by @stilgherrian ever

October 15th, 2015

“Who wrote ‘The Getting of Wisdom’?” “Was it Peter Dutton?” youtube.com/watch?v=1EV1lV…

via TweetDeck

@viveka Ah yes, I’ve been called that before. As you might imagine.

via TweetDeck in reply to viveka

So, 1. I’m not especially surprised, AU loves COMINT, and 2. “Snowden document” != Biblical Truth. twitter.com/stilgherrian/s…

via TweetDeck

“Australia accessed NSA spy data more than UK over 12 months: Edward Snowden document”, reports @Lateline abc.net.au/news/2015-10-1…

via TweetDeck

@SnarkyPlatypus That’s @0x1C and I’m sure you’ve never met.

via TweetDeck in reply to SnarkyPlatypus

@SnarkyPlatypus Thanks. It’s been an curious day, I’ve discovered some enthusiastic fans, and got some great material for @RNFutureTense.

via TweetDeck in reply to SnarkyPlatypus

@iain_chalmers @Pozible Yep, I have the flood of emails for all the transactions. Thanks, mate, I’ll go through everything in the morning.

via TweetDeck in reply to iain_chalmers

@ChristineEwing7 The link explains all these things. ;) But anyway, the @Pozible just ended, I’m funded, so all’s good.

via TweetDeck in reply to ChristineEwing7

@Pozible Indeed. I don’t have the brainspace to think it through now, but I have all of the emails and some got it wrong. Tomorrow!

via TweetDeck in reply to Pozible

@Pozible No worries. I can see how it happened. Campaign started before DST started, but scheduled to end during DST. Timezone calcs = hell.

via TweetDeck in reply to Pozible

@Pozible Thanks. Thank makes 4 from 4. (Whew!). I’ll file a proper bug report tomorrow.

via TweetDeck in reply to Pozible

@Pozible @reubenacciano Nah, we’re done, I’m tired, and I’m funded. “And now we can all get some sleep.” ;)

via TweetDeck in reply to Pozible

@Pozible Don’t worry about it for now. I just got to 100% funded in these last few minutes, so I’m good.

via TweetDeck in reply to Pozible

@Pozible I’ll gather the various messages tomorrow and see if I can help you isolate the bug. But a bug you have, somewhere.

via TweetDeck in reply to Pozible

… also@Poziblele has a problem, in that some bits say the campaign ends at 2230 AEDT, but it says 5 minutes to go at 2130 AEDT. (2/2)

via TweetDeck

It’ll be a moment before I can look at that, because I literally just walked into the room to check the internet, and… (1/2)

via TweetDeck

About to check email to see how the fuck that happened.

via TweetDeck

Also, wow, thank you everyone, “Send Stilgherrian to Ruxcon 2015” is 100% funded with 8 minutes remaining. Whew! pozible.com/corruptednerds2

via TweetDeck

Finally back at the hotel, and wondering how @0x1C and I can be erased from the internet.

via TweetDeck

So this is a thing… You got this image on the files now, boys and girls? twitter.com/0x1C/statuses/…

via Plume for Android

@druey @NewtonMark And that was recorded for real as I was cutting through Central as that fire kicked off. It’s the real thing.

via Plume for Android in reply to druey

Gawd, I have to get back to the hotel and pimp the last hours of this @Pozible. pozible.com/corruptednerds2

via Plume for Android

OH: “I never imagined that the combination of scat and methamphetamines would be so arousing.”

via Plume for Android

@Rui_deLemos After a few drinks with these folks, I’ll be heading to the hotel to wrap the @Pozible.

via Plume for Android in reply to Rui_deLemos

OH: “That guy’s a CISO? He must’ve done a Stephen Bradbury and bene the last one standing after everyone else died.”

via TweetDeck

OH: “Oh. There’s Mr Wily. This will end well.” Ping @0x1C

via Plume for Android

So it’s pretty much over, and the overheated, dehydrated infosec crowd is starting to look for drinks.

via Plume for Android

paulwallbank “It’s my party……” @ Mandalay Bay Wave Pool & Beach, Las Vegas instagram.com/p/82Ci1cREAA/

via Instagram (retweeted on 3:43 PM, Oct 15th, 2015 via Plume for Android)

purserj Policyhack *cough* twitter.com/alliecoyne/sta…

via TweetDeck (retweeted on 3:41 PM, Oct 15th, 2015 via Plume for Android)

frankkanedubai No. Afghanistan was Russia’s Afghanistan twitter.com/middleeasteye/…

via Twitter for iPhone (retweeted on 3:40 PM, Oct 15th, 2015 via Plume for Android)

SwiftOnSecurity We found out the only thing worse than boys with crypto, was boys without crypto. twitter.com/mzbat/status/6…

via Twitter for iPhone (retweeted on 3:09 PM, Oct 15th, 2015 via TweetDeck)

Winning is managing to detect the bad guys anywhere in this typical attack timeline. pic.twitter.com/5fLwmC0au2

via Plume for Android

These guys just broke in long enough to set up some email redirection rules. pic.twitter.com/o3RXJVfsVX

via Plume for Android

“Now with 35% more awesomeness,” says Hackworth. pic.twitter.com/fCosnJtf7N

via Plume for Android

@G0_now Yep, I’m seven minutes in, and totally absorbed.

via TweetDeck in reply to G0_now

“Send Stilgherrian to Ruxcon 2015” is 50% funded, a mere 7.5 hours to go. pozible.com/corruptednerds2 pic.twitter.com/0rIQir8sHP

via TweetDeck

I’ve just jumped into Aaron Hackworth’s presentation. Catching up on context. pic.twitter.com/LuvBdvuD3l

via Plume for Android

Panel ends with the moderator noting that we have a new PM who might understand this stuff a bit better.

via TweetDeck

Rachel Falk: “As a former lawyer, I can say that policy is never the answer” to small business education. [Hear hear.]

via TweetDeck

So many drinks to be had here. [Crosses off four boxes on the grid.] twitter.com/taosecurity/st…

via TweetDeck

Looming demarcation dispute here. twitter.com/jturner_ibrs/s…

via TweetDeck

@nnwakelam @0x1C Fortunately, there’s more clue than clueless here. It’s just that the clueless often get a microphone.

via TweetDeck in reply to nnwakelam

There was no clear answer to that, but we know from reporting that the answer is “nobody”.

via TweetDeck

Audience member is more concerned about who verifies that ~150 telcos are all securing this data appropriately.

via TweetDeck

Falk says that from Telstra’s viewpoint, it’s “just” more data that needs to be protected to a certain level. No real change.

via TweetDeck

Audience question on how metadata gathered in the new data retention regime is being secured.

via TweetDeck

@xntrik @0x1C Is there a name for this sort of party?

via TweetDeck in reply to xntrik

@0x1C @Fobski @xntrik Where are you hanging out to find these people?

via Twitter Web Client in reply to 0x1C

Stephen Ellis is saying cyber security training needs to be integrated into childhood education. 3yo’s have iPads!

via TweetDeck

Suresh Hungenahally, CISO, Dept EDJTR, says classification systems are maturing between govt and private sector. [Curious comment]

via TweetDeck

CT is counterterrorism, for those who don’t inject Canberra acronyms for breakfast.

via TweetDeck

Franzi says it’s a familiar problem, e.g. CT in 2000s, How do you get info out of classified realm quickly so others can use it?

via TweetDeck

Marcella Hawkes, AGD, says the challenge is the timeliness and actionability of the information that’s shared.

via TweetDeck

Stephen Ellis from HP hasn’t been as directly involved, says AU is doing better than many other nations.

via TweetDeck

Rachel Falk from Telstra says “information sharing” can mean anything and everything. We can’t rely on govt to solve our problems.

via TweetDeck

Moderator asks the private sector reps how well the government is doing at this information sharing stuff.

via TweetDeck

Franzi hints that ASD Top Four may be the Top Something Else before the end of the year. These hints confirm other hinters’ hints.

via TweetDeck

Lots of agreement on looking forward to the cyber security review that’s due out before the end of the year. New initiatives.

via TweetDeck

@0x1C @xntrik These are important issues, and we need a diagram, and a policy.

via TweetDeck in reply to 0x1C

jturner_ibrs Awesome panel on government & private sector collaboration starting with @TFeakin_ASPI & @rachael_falk pic.twitter.com/Io6vAVnBj5

via Twitter for iPhone (retweeted on 11:52 AM, Oct 15th, 2015 via TweetDeck)

@PointZeroOne I chose not to take that path today.

via TweetDeck in reply to PointZeroOne

The government panel is beginning now. I suspect I’ll have to be paying attention here. pic.twitter.com/YZ8Km4QMq5

via Plume for Android

Thompson’s storytelling is all background for his thesis of a new paradigm for defence in depth. pic.twitter.com/D4Kp7EKMoM

via Plume for Android

@oliyoung Thompson is being very silly with his storytelling.

via TweetDeck in reply to oliyoung

Thompson: “I needed expert advice, so I went to Wikipedia.”

via TweetDeck

Thompson’s slide on the forces impacting security posture. pic.twitter.com/SH11o0snz0

via Plume for Android

You can help design anti-viral drugs or whatever by solving puzzles. fold.it

via TweetDeck

@dsturnbull That wasn’t mentioned in Franzi’s session, but it’s come up elsewhere.

via TweetDeck in reply to dsturnbull

@Steve_Lockstep I’ll have a chance later today, actually.

via TweetDeck in reply to Steve_Lockstep

Thompson is telling an incredibly funny story about his wife weaponising bananas. Infosec angle? Who knows. Who cares?

via TweetDeck

Sittin in on Hugh Thompson, CTO & SVP, Blue Coat, on the Evolution of IT Security. Not sure where this will go.

via TweetDeck

My observation: Large private sector orgs and govt agencies like ASD are now very much on the same page in terms of worldview.

via TweetDeck

The questions were a bit industry internal, so I won’t tweet. But Franzi is also on the panel after morning tea.

via TweetDeck

Audience member slamming ASD Top 35 Mitigations etc. “Application whitelisting is a half million dollar exercise” …

via TweetDeck

Joe: “As you ask your question, can we have your name and organisation, so we can look you up in our systems…nes

via TweetDeck

Q&A time with Joe Franzi. That’s actually a sentence.

via TweetDeck

Franzi: “Even my own organisation” is guilty of being too risk-averse. [Now there’s as statement!]

via TweetDeck

Franzi: “This reputation piece is and should be a strategic concern” for many organisations.

via TweetDeck

@SilvesterSJ Defence traditionally has appalling slides. It’s the way things are done.

via TweetDeck in reply to SilvesterSJ

A reminder from Franzi, too, that your incident response plan needs to be rehearsed.

via TweetDeck

“Some organisations are risk-averse where they needn’t be.” Our new PM is “very forward-leaning” in this regard.

via TweetDeck

These are also familiar issues re responsibility. pic.twitter.com/hC7tC0w3k5

via Plume for Android

We even do it at home. You make risk-based choices about how much effort you put into protecting various kinds of data.

via TweetDeck

Franzi’s is pleased that the infosec industry has moved to a risk-based approach. Not all info needs the same protection.

via TweetDeck

These risk issues are the same as those coming from the private sector. pic.twitter.com/FaCJUO80WP

via Plume for Android

Franzi has linked his 3 R’s of Cyber Security with Telstra’s 5 Knows. [Such clear frameworks c.f. just two years ago.]

via TweetDeck

@SnarkyPlatypus Yes, but being trolled by @jturner_ibrs is one thing. This is a whole new level.

via TweetDeck in reply to SnarkyPlatypus

Yes, that was all pretty clear.

via TweetDeck

Franzi’s people are involved in all these areas of the ASD’s legislated responsibilities. pic.twitter.com/5FhwJj7Fxy

via Plume for Android

Franzi is running through their incident response model and ASD’s role in cyber security. Very clear exposition.

via TweetDeck

Whether it’s “secret squirrel stuff” or open-source, the govt can never have as extensive sensor network as private infosec firms.

via TweetDeck

Franzi is stressing the importance of Aust Cyber Security Centre (ACSC) cooperating with private sector…

via TweetDeck

I have just been trolled from stage. The tone has been set.

via TweetDeck

Here’s the agenda, tho there could be a fourth for resilience. pic.twitter.com/HpUzdN56mh

via Plume for Android

Franzi says he’s produced his slides on Windows XP and Office 2000 at ASD. pic.twitter.com/ce0pDgTkOi

via Plume for Android

Joe Franzi coming on stage now.

via TweetDeck

@nkav Thanks, Nick. @smperris made the same point earlier. Still, it looks nice and scary, eh?

via TweetDeck in reply to nkav

Next session for me is Joe Franzi, Assistant Secretary Cyber Security, Australian Signals Directorate.

via TweetDeck

Judging from the Q&A, Interpol has some sort of national cyber review program running to help countries assess their readiness.

via TweetDeck

I’m tweeting again today from @AISA_National’s national conference in Melbourne. aisa.org.au/aisa-conferenc… Mute to avoid.

via TweetDeck

Oops. I got distracted. I missed most of the Interpol guy’s talk.

via TweetDeck

@smperris Ah well that does put a rather different spin on it.

via Plume for Android in reply to smperris

@k_morrissey @mccaig I suppose, but there’s a difference between simplifying (motor vehicle) and this. I think.

via Plume for Android in reply to k_morrissey

It’s rather quiet here at so far this morning. How late did last night’s dinner go?

via Plume for Android

Right. Time to get this show on the road.

via TweetDeck

Thu plan, supplemental: The shape of my day at is to be in the morning sessions, then doing interviews in the afternoon. Probably.

via TweetDeck

Wow. This is like a motoring writer not knowing the difference between a tractor and a bus. twitter.com/mccaig/status/…

via TweetDeck

I’m fairly sure that last tweet didn’t break the law.

via TweetDeck

Normally I’m skeptical of email legal warnings, but sometimes one just stands out as a little more serious. pic.twitter.com/2SkXrDO7Fh

via TweetDeck

CSMPasscode Copyright law should be revised to allow researchers to tinker w/car software, 64% of our Influencers said passcode.csmonitor.com/influencers-co…

via TweetDeck (retweeted on 7:41 AM, Oct 15th, 2015 via TweetDeck)

@joelpmichael Not even that. @wolfcat tweeted yesterday that average December maximum is something like 25C.

via TweetDeck in reply to joelpmichael

Yeah look and if you left me alone with a nuclear weapon people would get all complainey where’s the justice. twitter.com/NuclearAnthro/…

via TweetDeck

@chifley_alison Melbourne is a very European city, in many ways.

via TweetDeck in reply to chifley_alison

If anyone has any suggestions for new Rewards that’ll entice last-minute supporters, do let me know. ;) pozible.com/corruptednerds2

via TweetDeck

I’ve just updated that @Pozible to reflect the initial target including the production of the first podcast episode. pozible.com/corruptednerds2

via TweetDeck

“Send Stilgherrian to Ruxcon 2015” is 50% funded, just 15 hours left to run. Eek. pozible.com/corruptednerds2 pic.twitter.com/0rIQir8sHP

via TweetDeck

@macgibbon Oh thanks. In hindsight, @dobes’ headline should have gone the full H G Nelson, “… giant human firewall made from kiddies”.

via TweetDeck in reply to macgibbon

Oh excellent, it looks like The American is going to produce the Glorious Outcome That We All Crave. twitter.com/TheFix/status/…

via TweetDeck

I like it when my writing is “surprisingly rational”. I think. twitter.com/jturner_ibrs/s…

via Twitter Web Client

Thursday. Please observe all safety precautions. Thursday.

via TweetDeck