Stilgherrian (@stilgherrian)

Wentworth Falls NSW AU

The below is an off-site archive of all tweets posted by @stilgherrian ever

February 26th, 2017

That’s enough from me for today. I’ve got a busy week ahead.

via Tweetbot for iΟS

This man clearly doesn’t understand how television works. twitter.com/daev/status/83…

via Tweetbot for iΟS

@ScooterDMC No worries. As I said to someone earlier, the drill is about rehearsing procedures, not stress-testing networks.

via Tweetbot for iΟS in reply to ScooterDMC

I have probably eaten enough for today. Or possibly the week.

via Tweetbot for iΟS

This is why we can’t have nice things. twitter.com/SteveMolk/stat…

via Tweetbot for iΟS

It’s not even 1800 ICT here in Ho Chi Minh City, but my body is sorta still on AEDT and I’m knackered.

via Tweetbot for iΟS

And so ends the @FIRSTdotOrg Technical Colloquium. More action tomorrow.

via Tweetbot for iΟS

“To be losing a truthfulness contest to Donald Trump? It’s like losing a rap battle to Mitt Romney.” thehill.com/media/321157-m…

via TweetDeck

The Australian Taxation Office (ATO) works to a similar timetable without any external actor even attacking them.

via TweetDeck in reply to stilgherrian

I hasn’t realised that after the Jul 2016 defacements etc of VN airport systems, they ran manually for around three weeks.

via TweetDeck in reply to stilgherrian

jeremyrsaunders Oscars Predictions:
1) Sunday
2) In 6 months you won’t remember who won
3) In 6 years you won’t remember the films
4) We will all die alone

via Twitter Web Client (retweeted on 8:55 PM, Feb 26th, 2017 via TweetDeck)

@dobes I think I will be seeking out a lizard very, very soon.

via TweetDeck in reply to dobes

@SnarkyPlatypus I would be seeking advice from experts.

via TweetDeck in reply to SnarkyPlatypus

@techoglot @Asher_Wolf I think the whole thing is a hoax to get people swearing at celebrities.

via TweetDeck in reply to techoglot

See? Unlike quokkas, geckos are not rubbish animals. twitter.com/dobes/status/8…

via TweetDeck

@SnarkyPlatypus Maybe I should put together a playlist for educational purposes.

via TweetDeck in reply to SnarkyPlatypus

@SnarkyPlatypus There are too many unnecessarily redundant words in that tweet which are not required.

via TweetDeck in reply to SnarkyPlatypus

@staticsan More than 50% of mobile devices in China are domestically-made Android devices. Google defaults? Uhuh.

via TweetDeck in reply to staticsan

This has also been flagged as a no-recording session, so I’ll be quiet for a while now.

via TweetDeck in reply to stilgherrian

Last up for today: Thanh Nguyen and Kha Nguyen from VNSecurity, “High-profile Targeted Attacks in Vietnam Case Studies”

via TweetDeck

NewtonMark “Everything is fine.” @Centrelink twitter.com/CentrelinkDown…

via Twitter Web Client (retweeted on 8:33 PM, Feb 26th, 2017 via TweetDeck)

This is a disturbing visual image. twitter.com/thegrugq_ebook…

via TweetDeck

snurb_dot_info CNN, with nothing left to lose after being banned by Trump’s liesperson, now accepts the science of climate change: twitter.com/CNN/status/835…

via Hootsuite (retweeted on 8:31 PM, Feb 26th, 2017 via TweetDeck)

ANVA has an app store blacklist, and is working towards a whitelisting process.

via TweetDeck in reply to stilgherrian

ANVA’s work, and a government crackdown on bad app stores, has cut down mobile malware. pic.twitter.com/aHJJVLtLSC

via Tweetbot for iΟS in reply to stilgherrian

The Anti Network-Virus Association of China (ANVA) has 43 members exchanging malware info. anva.org.cn

via TweetDeck in reply to stilgherrian

@NewtonMark @davispg And now you’ll never know, because the previous owner has bolted.

via TweetDeck in reply to NewtonMark

@twcau Quokkas are bullshit animals.

via TweetDeck in reply to twcau

TheMediaTweets Farage: “Can you take a photo of us all please. Ok, everybody smile. Everybody? Everybody? We’re doing a photo…….twitter.com/i/web/status/8…uf

via Twitter for iPhone (retweeted on 8:21 PM, Feb 26th, 2017 via TweetDeck)

The quokka menace must be stopped. twitter.com/semibogan/stat…

via TweetDeck

Interesting question. I suspect many would remain, for “free” clones of paid apps. twitter.com/staticsan/stat…

via TweetDeck in reply to stilgherrian

There’s 300+ Android app stores in China. “Not every store is safe,” unsurprisingly. There’s also many malicious ad channels.

via TweetDeck in reply to stilgherrian

@kln_nurv 10Gbps, not 10Gbps, and to repeat, this is not about stress-testing networks but about rehearsing response procedures.

via TweetDeck in reply to kln_nurv

Top 10 mobile apps in China. If they’re outlined they accept payments. pic.twitter.com/JnELFAvqeK

via Tweetbot for iΟS in reply to stilgherrian

Next up: Dr H E Nengqiang, CNCERT/CC, “The Challenge and Practice of Anti-Virus in Mobile Internet”

via TweetDeck

Min Sung Jung is star of the day so far. He’ll be a hard act to follow.

via TweetDeck in reply to stilgherrian

All those Korean cyber drills are organised by a team of three people, plus some contracting to write the malware. Impressive.

via TweetDeck in reply to stilgherrian

The 10Gbps drill is in a test/drill environment, not production. The aim is to test procedures, not stress-test net..twitter.com/i/web/status/8…jL

via TweetDeck in reply to stilgherrian

@ScooterDMC In answer your question, the 15Gbps is in a simulated environment, not against production sites. Pentesting against prod tho.

via TweetDeck in reply to ScooterDMC

My view is that there’s some clever stuff happening in this drill. Well done, Korea.

via TweetDeck in reply to stilgherrian

The 2017 drill will be more closely related to DPRK threat and the IoT botnet threat, and election-time botnet threats.

via TweetDeck in reply to stilgherrian

Min Sung Jung is giving us some detail about how they create the “fog of war” between participants. Some clever stuff.

via TweetDeck in reply to stilgherrian

This guy says he extended the drill in 2016 to a full scenario, including cross-organisation attacks. pic.twitter.com/NRcrKvHOE6

via Tweetbot for iΟS in reply to stilgherrian

KISA runs a DDoS Shelter Service for SMEs.

via TweetDeck in reply to stilgherrian

@ScooterDMC I know. Anyway, I will ask him about that in the Q&A.

via TweetDeck in reply to ScooterDMC

@ScooterDMC Still, it’s a drill with live sites, and this is mostly about testing procedures and so on.

via TweetDeck in reply to ScooterDMC

@ScooterDMC I therefore imagine our presenter will ramp that up for 2017.

via TweetDeck in reply to ScooterDMC

The pentesting listed under Jun 2016 was by known Korean whitehats against the actual live sites.

via TweetDeck in reply to stilgherrian

This is the stuff Korea covers in its cyber drill. Note that they practice against DDoS up to 10 Gbps. pic.twitter.com/0VeaTUYqMH

via Tweetbot for iΟS in reply to stilgherrian

That’s right, mate. That’s why I keep noticing that Korean infosec guys know their stuff.

via TweetDeck in reply to stilgherrian

“As you know, we face North Korea, right? The bad one.”

via TweetDeck in reply to stilgherrian

KISA is the Korea Internet & Security Agency, with ~700 staff.

via TweetDeck in reply to stilgherrian

Next up: Min Sung Jung, KrCERT/CC Researcher, “National cybersecurity drill in Republic of Korea in 2016”

via TweetDeck

Does anyone know how President Trumble has been going lately?

via TweetDeck

This really is hanging out for a caption competition, isn’t it. twitter.com/KJRISYDNEY/sta…

via Tweetbot for iΟS

“There I was, minding my own business, when…” twitter.com/KJRISYDNEY/sta…

via Tweetbot for iΟS

Taking a quick break to deal with a massive fatigue wave.

via Tweetbot for iΟS in reply to stilgherrian

Next up: Shoko Nakai, JPCERT/CC, “Website Checking System for Incident Response”

via TweetDeck

kymaher SA farmers and manufacturers will soon be able to grow and process industrial hemp pic.twitter.com/IXErC3qQTk

via Twitter for Android (retweeted on 6:25 PM, Feb 26th, 2017 via TweetDeck)

Why 11 October will cause grief if your sysadmins are careless.

via Tweetbot for iΟS in reply to stilgherrian

brianweeden Man, Russian generals sure do seem to shoot themselves or get killed in car accidents twitter.com/MikaelSkillt/s…

via Twitter for Android (retweeted on 6:16 PM, Feb 26th, 2017 via TweetDeck)

Mind you, the guy presenting right now would appear to have a clue. pic.twitter.com/S9QrtjEZMC

via TweetDeck in reply to stilgherrian

I wouldn’t say that DNSSEC makes your brain go funny, but, you know, it does.

via TweetDeck in reply to stilgherrian

Next up: 30 mins on the Root Zone DNSSEC Key Signing Key Rollover. I won’t tweet this. You can thank me later…twitter.com/i/web/status/8…tP

via TweetDeck

RajneshSingh Vast majority of users in use a as their means of access - Binh Vu, Vietnam Internet Association

via TweetDeck (retweeted on 5:55 PM, Feb 26th, 2017 via TweetDeck)

JohnWDean Well, CNN did nothing to Nixon. They did not exist while Nixon was in office. Hope that wasn’t a senior moment, Ben..twitter.com/i/web/status/8…7e

via Twitter for iPhone (retweeted on 5:55 PM, Feb 26th, 2017 via TweetDeck)

mrnickharvey Please make this happen. pic.twitter.com/djq9DBW2ht

via Twitter for iPhone (retweeted on 5:44 PM, Feb 26th, 2017 via TweetDeck)

This is a no-post session, so that’s all from me about this.

via TweetDeck in reply to stilgherrian

Next up: Jacomo Piccolini from Team Cymru, who seems to be taking us down a rabbit-hole. pic.twitter.com/iTsV9S7yMJ

via Tweetbot for iΟS in reply to stilgherrian

For those following at home, the afternoon session at the @FIRSTdotOrg Technical Colloquium begins now. 2017.apricot.net/program/schedu…

via TweetDeck

@ChrissieM @SnarkyPlatypus At some point I’ll be heading up to that observation deck, just below the helipad.

via TweetDeck in reply to ChrissieM

Two more views from level 23 of the Saigon Sheraton. pic.twitter.com/n0aQOd9hct

via Tweetbot for iΟS in reply to stilgherrian

SopanDeb I challenge anyone to find a better passage written in any journalistic publication this week:..twitter.com/i/web/status/8…37

via Twitter Web Client (retweeted on 4:47 PM, Feb 26th, 2017 via Tweetbot for iΟS)

RCdeWinter Time for a D&C in DC. pic.twitter.com/Bv9twMPGBq

via iOS (retweeted on 4:38 PM, Feb 26th, 2017 via Tweetbot for iΟS)

Tactical error: All that seafood was just the starter. We now have MOAR FOOD arriving.

via Tweetbot for iΟS in reply to stilgherrian

Another view of the Bitexco Financial Tower, and in other directions. pic.twitter.com/l7fXn38u83

via Tweetbot for iΟS in reply to stilgherrian

NZITF scanned the entire .nz namespace in two days last week. 17% of HTTPS was Let’s Encrypt. pic.twitter.com/MiNj3yNbsG

via Twitter for iPhone

RadioFreeTom And post-9/11, there’s been a lot of these kinds of dissertations. twitter.com/bungdan/status…

via TweetDeck (retweeted on 3:48 PM, Feb 26th, 2017 via TweetDeck)

@itamer Ah yep. Another example did just that. Used “legit” email to tell staff to use their “holiday” email. Cute trick.

via TweetDeck in reply to itamer

I’m taking a moment to absorb the full magnificence of that concept.

via TweetDeck in reply to stilgherrian

I just popped to bathroom, and the music playing was a V-pop country & western cover of “Moonlight Shadow”.

via TweetDeck

Brailey says emailed intel sharing is too slow these days. Projects should focus on automated intelligence data sharing.

via TweetDeck in reply to stilgherrian

Currently: Barry Brailey from NZITF, “NZITF Ops & Initiatives”, an explainer on what they’re doing.

via TweetDeck

She sussed it, mainly because it was the first email after New Year, and he didn’t say “Happy New Year” as usual. 2/2

via TweetDeck in reply to stilgherrian

Within 12 hours of a NZ CEO tweeting a holiday pic from France, his COO received this email. 1/2 pic.twitter.com/rO1MA7DoBo

via Twitter for iPhone

Vietnam is also keen to share information outwards to help fight cybercrime operations in the country.

via TweetDeck in reply to stilgherrian

All that said, Phuong says that the lack of a focused organisation in the key cybersecurity challenge in Vietnam.

via TweetDeck in reply to stilgherrian

But if these organisations, and international orgs, do step in to help, do we have cybercolonialism? Cyberneocolonialism? 3/3

via TweetDeck in reply to stilgherrian

Westerners, with resources and organisation and relatively informed populations, must seem like we’re from another planet. 2/3

via TweetDeck in reply to stilgherrian

Phuong has already included subtle requests for information and intelligence sharing from us visitors to Vietnam. 1/3

via TweetDeck in reply to stilgherrian

Not mentioned in this slide: Almost no endpoint protection, so everybody gets pwned. pic.twitter.com/XzF8czb27L

via Tweetbot for iΟS in reply to stilgherrian

In 2016, 16% of all email in Vietnam was a ransomware attack, 20x the figure for 2015.

via TweetDeck in reply to stilgherrian

On a completely unrelated note —completely — Vietnam tops the list for probability of your computer getting infected locally17

via TweetDeck in reply to stilgherrian

Next up: Nam Tran Phuong from VNCERT, “APT attack in Vietnam”

via TweetDeck

MichaelPascoe01 Just one small detail of our political and military incompetence in Howard’s war smh.com.au/interactive/20… - has any..twitter.com/i/web/status/8…2i

via Twitter Web Client (retweeted on 2:56 PM, Feb 26th, 2017 via TweetDeck)

NuclearAnthro NO SNACK CAR! 😡 twitter.com/muckrock/statu…

via Twitter for iPhone (retweeted on 2:56 PM, Feb 26th, 2017 via TweetDeck)

@juhasaarinen Your life must be full and exciting.

via TweetDeck in reply to juhasaarinen

_youhadonejob1 Would you call an electrician or plumber? pic.twitter.com/oekkF79Gm9

via Twitter for iPhone (retweeted on 2:52 PM, Feb 26th, 2017 via TweetDeck)

mrchrisaddison World asked to put plans for wars/terrorism on hold till then. twitter.com/politico/statu…

via Twitter Web Client (retweeted on 2:50 PM, Feb 26th, 2017 via TweetDeck)

@geofurb Goddammit how dare you ruin my world with “facts”. ;)

via TweetDeck in reply to geofurb

If only we had code to detect if us humans were mere simulations running inside a virtual machine.

via TweetDeck in reply to stilgherrian

Orcus can also tell when it’s running under a Hypervisor or another VM, and it’ll not run. [VM detection is cool, IMHO.]

via TweetDeck in reply to stilgherrian

Wow. Orcus allows you to write code live and have it executed on the victim machines. Ray calls Orcus a RAT plugin-builder.

via TweetDeck in reply to stilgherrian

Here’s Ray’s blog post about the Orcus RAT, i.e. what he’s talking about right now. researchcenter.paloaltonetworks.com/2016/08/unit42…

via TweetDeck in reply to stilgherrian

Ray tracks the evolution of a Windows RAT called Orcus that’s sold openly, and even comes with an Android botnet control app.

via TweetDeck in reply to stilgherrian

@R_Chirgwin I’ll see if I can get the screenshot from the presenter.

via TweetDeck in reply to R_Chirgwin

Ray is reminding us that hotels and travel agents are big targets, given they have so much personal data.

via TweetDeck in reply to stilgherrian

@indrora I think it’s down, but the price has been down for ages. I’ll check with the presenter.

via TweetDeck in reply to indrora

This blueprint was being offered for sale on the black market. Anyone know what it is? pic.twitter.com/rHxXZGhjpB

via Tweetbot for iΟS in reply to stilgherrian

Current prices for credit card details on the black market start at $1. [Shows how good card anti-fraud processes are getting.]

via TweetDeck in reply to stilgherrian

Would you like three Australian passport images, same number, different photo? pic.twitter.com/MmLPJZ0aSw

via Tweetbot for iΟS in reply to stilgherrian

This may come as a shock, but apparently some of the Bitcoin exchanges on the darknet are not legit, and just steal your coin.

via TweetDeck in reply to stilgherrian

Next speaker is Vicky Ray, threat intel researcher from Unit 42, “Predators Lurking in the deep web” 2017.apricot.net/program/speake…

via TweetDeck

APWG.EU should have some initial work on that project out by the end of July.

via TweetDeck in reply to stilgherrian

Nice upcoming APWG.EU project: “Am I a bot?” Tools for consumers to see if they’re part of a botnet.

via TweetDeck in reply to stilgherrian

APWG.EU is doing a global survey of financial institutions using biometrics for strong authentication. Results in 2018.

via TweetDeck in reply to stilgherrian

… but I really liked the first, uncropped version of THIS photo revealing the REALLY SECURE wi-fi password. ;)twitter.com/i/web/status/8…4duk

via TweetDeck in reply to stilgherrian

Second speaker from @AntiPhishing is Jorge Aguilà from APWG.EU.

via TweetDeck in reply to stilgherrian

Oh that 200ms figure was for pushing data up to @AntiPhishing’s database. Retrieving data takes 400ms. So snail. Very tortoise.

via TweetDeck in reply to stilgherrian

There’s around 150 users accessing the @AntiPhishing API.

via TweetDeck in reply to stilgherrian

URLs are just a small part of @AntiPhishing’s data. Yep, malicious URLs are shared between members in under 200 milliseconds.

via TweetDeck in reply to stilgherrian

Learning how much phishing-related (meta)data is shared by @AntiPhishing’s API globally in 180 milliseconds.

via TweetDeck in reply to stilgherrian

The latest @AntiPhishing Phishing Attack Trends Reports has just been released. antiphishing.org/resources/apwg…

via TweetDeck in reply to stilgherrian

Also, @AntiPhishing runs the
Symposium on eCrime Research. apwg.org/apwg-events/ec… [Wanna send me to Arizona in April?]

via TweetDeck in reply to stilgherrian

InternetHippo fox news: the president is actually a giant donut

trump (12 min later): when will the media report on my delicious cream filling

via Twitter for Mac (retweeted on 1:12 PM, Feb 26th, 2017 via TweetDeck)

First up (see what I did there?): Foy Shiver, “Sharing Threat Data & Promoting Cyber Safety with APWG” antiphishing.org

via TweetDeck in reply to stilgherrian

Sun plan: 0900-1700 ICT @FIRSTdotOrg Technical Colloquium 2017.apricot.net/program/schedu…; evening TBA. Mute to avoid.

via TweetDeck in reply to stilgherrian

@zzap @SheratonSaigon That’s certainly my impression so far, and already I see ten thousand things I want to explore outside post-cybers.

via Tweetbot for iΟS in reply to zzap

@OaaSvc I think that’s the only kind now.

via Tweetbot for iΟS in reply to OaaSvc

Oh dear God, the music playing right now is a soft piano and female lounge vocal cover of “Ring My Bell” and it’s very confusing.

via Tweetbot for iΟS

@jplonie Are you calling the government of the Socialist Government of Vietnam a banking cartel?

via Tweetbot for iΟS in reply to jplonie

@SnarkyPlatypus People keep saying that, but it can’t be worse than Bangkok.

via Tweetbot for iΟS in reply to SnarkyPlatypus

@spgassist Hey you know I was being ironic, right? :) I arrived last night and so far everything is delightful.

via Tweetbot for iΟS in reply to spgassist

@SnarkyPlatypus I’m doing that Fri to Mon, staying three nights somewhere on my own dime.

via Tweetbot for iΟS in reply to SnarkyPlatypus

If you’re quick, you would’ve seen that I have no idea what city I’m in.

via Tweetbot for iΟS in reply to stilgherrian

They’ve put me up at some rubbish so-called “hotel” named Saigon Sheraton. Six days of this will kill me.

via Tweetbot for iΟS in reply to stilgherrian

@kestert Perhaps, but not the easiest margin to leverage.

via TweetDeck in reply to kestert

@bigbadave I’m no expert, but I’m pretty sure that’s not how it works.

via TweetDeck in reply to bigbadave

So at SGN my visa cost USD 25, so I handed them USD 40. They gave me 300,000 VND in change. Who’s winning here, do..twitter.com/i/web/status/8…mo

via TweetDeck

BTW, is the Asia Pacific Regional Internet Conference on Operational Technologies and is obviously not at all geeky.

via TweetDeck in reply to stilgherrian

Sun plan, supplemental: I’ll be tweeting geekery and cyberstuff from Ho Chi Minh City through to Friday. Mute to avoid.

via TweetDeck in reply to stilgherrian

Sun plan, draft: 0900-1700 ICT @FIRSTdotOrg Technical Colloquium 2017.apricot.net/program/schedu…; evening TBA.

via TweetDeck

Can I just say, @ResignInShame @tim_rutter, that I have no idea who Tony Stark, and with to remain in this state of being.

via TweetDeck

@michaelneale That’s the People’s *Socialist* Helipad I’ll have you know.

via TweetDeck in reply to michaelneale

@oldozgeek It certainly looks like that from this angle. Yes, it’s a little smoggy atm, but maybe that’ll clear later, I’m inside today tho.

via TweetDeck in reply to oldozgeek

@gths Hah! That is amusing for the obvious reason.

via TweetDeck in reply to gths

@ResignInShame I love the helipad sticking out the side of it.

via TweetDeck in reply to ResignInShame

My first view of Ho Chi Minh City in daylight. pic.twitter.com/U8mnZEC2a8

via Tweetbot for iΟS

Sunday. If you are only the second one this time, who was the first? Sunday.

via Tweetbot for iΟS

I’ve just taken a proper look at my program for Sunday. It’s going to be an interesting one. And a long one. So it’s goodnight from HCMC.

via TweetDeck

DrSamWillis What an amazing job this man has. pic.twitter.com/uTGwNR0Mt6

via Twitter for iPhone (retweeted on 1:15 AM, Feb 26th, 2017 via TweetDeck)

@iain_chalmers I did do that, yes. But it’s OK, I’ve made it into the country OK.

via TweetDeck in reply to iain_chalmers

@awakening_heart Thanks, thought it’s a work trip and I’m not sure how my schedule will go.

via TweetDeck in reply to awakening_heart