Stuxnet, routing hacks and a seized iPad

Stuxnet, routing hacks and a seized iPad

Summary: AusCERT, Australia's largest information security conference, dominates an extended Patch Monday podcast this week, with the latest on Stuxnet, the insecurities of internet routing and the drama that started with a Facebook hack and ended with a journalist being arrested.

SHARE:
TOPICS: Security
0

AusCERT, Australia's largest information security conference, dominates an extended Patch Monday podcast this week, with the latest on Stuxnet, the insecurities of internet routing and the drama that started with a Facebook hack and ended with a journalist being arrested.

I've selected just three AusCERT-related stories for the podcast. For more, see ZDNet Australia's complete AusCERT coverage.

First, Stuxnet — the worm targeted at Iran's nuclear program last year. It's the most sophisticated cyber weapon ever developed. Security analyst Eric Byres, one of the world's leading experts in protecting critical infrastructure, believes that we'll see Son of Stuxnet, a less sophisticated copycat malware, in as little as a year. He also believes that the "air gap" — physically separating critical infrastructure networks from the broader internet — won't be the answer to this emerging threat.

Second, internet routing. There are problems with the protocols used to route traffic around the internet, as we explained on Patch Monday in November 2010. Routers trust other routers to tell them what's going on, but mistakes happen. Geoff Huston, chief scientist at APNIC, goes one further, denigrating this process mapping by rumour. "If you get bad players, how do you tell who's lying?" he said. "Our vulnerability is horrifying, that in the face of determined malicious cyber warfare you won't have an internet tomorrow when it happens."

Third, Christian Heinrich's demonstration of a Facebook privacy hack at BSides Australia, which used as its target the Facebook account of another security researcher's wife. That in itself raises ethical questions. But subsequently, a journalist who reported the story was arrested, and his iPad was seized by Queensland police.

To help us understand the issues:

  • Peter Black, who teaches internet and constitutional law at Queensland University of Technology, explains the Australian laws that apply.
  • Adam Palmer, lead cybersecurity adviser for Norton and former US Navy JAG prosecutor, provides a US legal perspective.
  • Ty Miller, chief technology officer of Pure Hacking, explains the boundaries of Ethical Hacking.
  • Sean Morrissey, chief executive officer of Katana Forensics, a digital forensics firm specialising in iOS-based devices like iPhones and iPads, explains what can be done with an iPad in just two days.

  • Colin Jacobs, chair of Electronic Frontiers Australia.

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 59 minutes, 55 seconds.

Topic: Security

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion