AusCERT, Australia's largest information security conference, dominates an extended Patch Monday podcast this week, with the latest on Stuxnet, the insecurities of internet routing and the drama that started with a Facebook hack and ended with a journalist being arrested.
I've selected just three AusCERT-related stories for the podcast. For more, see ZDNet Australia's complete AusCERT coverage.
First, Stuxnet — the worm targeted at Iran's nuclear program last year. It's the most sophisticated cyber weapon ever developed. Security analyst Eric Byres, one of the world's leading experts in protecting critical infrastructure, believes that we'll see Son of Stuxnet, a less sophisticated copycat malware, in as little as a year. He also believes that the "air gap" — physically separating critical infrastructure networks from the broader internet — won't be the answer to this emerging threat.
Second, internet routing. There are problems with the protocols used to route traffic around the internet, as we explained on Patch Monday in November 2010. Routers trust other routers to tell them what's going on, but mistakes happen. Geoff Huston, chief scientist at APNIC, goes one further, denigrating this process mapping by rumour. "If you get bad players, how do you tell who's lying?" he said. "Our vulnerability is horrifying, that in the face of determined malicious cyber warfare you won't have an internet tomorrow when it happens."
Third, Christian Heinrich's demonstration of a Facebook privacy hack at BSides Australia, which used as its target the Facebook account of another security researcher's wife. That in itself raises ethical questions. But subsequently, a journalist who reported the story was arrested, and his iPad was seized by Queensland police.
To help us understand the issues:
- Peter Black, who teaches internet and constitutional law at Queensland University of Technology, explains the Australian laws that apply.
- Adam Palmer, lead cybersecurity adviser for Norton and former US Navy JAG prosecutor, provides a US legal perspective.
- Ty Miller, chief technology officer of Pure Hacking, explains the boundaries of Ethical Hacking.
- Sean Morrissey, chief executive officer of Katana Forensics, a digital forensics firm specialising in iOS-based devices like iPhones and iPads, explains what can be done with an iPad in just two days.
- Colin Jacobs, chair of Electronic Frontiers Australia.
To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.
Running time: 59 minutes, 55 seconds.