Security

0

Over the last few weeks we've seen the government increase the rhetoric around the need to access encrypted messages sent using services such as Telegram, WhatsApp, iMessage and others. The government's view is bad guys are sending messages to coordinate attacks and law enforcement can't eavesdrop, with a warrant, to these conversations in order the thwart the bad guys. On the other side, there's the continued erosion of our right to privacy. CCTV on our streets, metadata retention rules and other measures mean we are monitored more than ever before. But does the government need to have a way to "break" encryption?

1

Plenty of ink and pixels have been, and will continue to be, spilt over the government's plan to force technology companies to hand over encrypted data without creating backdoors into systems or somehow weakening privacy provisions. Already, we've heard that the government could make laws that trump the laws of mathematics and there are plenty of critics as to whether the government's plans could make things a lot worse for everyone while making bugger all difference to criminals. But is there a solution?

1

Citing a UN report that says Australia is lagging on cybersecurity cooperation, Labor's spokeswoman on cyber security and defence says our fall from fourth place to seventh is "a direct result of the Turnbull government's failure to effectively implement its own cyber security strategy and engage with international partners". Is she right?

0

While many people focus on the logical security around their data, physical security gets a lot less attention. Locking down the electronic components of physical security is an area that's forgotten once it's installed. Tony Vizza, from IT security consultant Sententia, says there's a huge gap between what we should be doing with our physical security and what we actually do.

0

Experts at a security round table event in Sydney yesterday said business owners are too focussed on what's going on now, inside their businesses, and not looking at outside threats. As a result, when events such as WannaCry and NoPetya strike, they are unprepared and get hit hard.

0

Last week's Medicare number leak is a prime example of what can happen when an employee or other trusted party with systems access turns rogue. In truth, if just 80 or so Medicare numbers have been purchased, as has been widely reported, then Medicare has got off lightly. But how big a deal are internal threats? And can we do anything about them?

3

Over the last eight years a lot of things have changed. And amongst all the new gadgets, technical advancement and rise of cloud-based technologies there has been one major shift - the commercialisation of cybercrime. Which makes the government's cluelessness about cyber risk even more confounding. Today, we learn that the Health Professionals Online Services (HPOS) system has not been updated since it was implemented eight years ago.

0

Following the WannaCry and Petya/GoldenEye/NoPetya ransomware events, you'd think software companies would be quick to remove the need for SMB 1. This was the protocol exploited by the malware developers that allowed those attacks to spread so quickly. Microsoft has released a lit of developers still demanding SMB 1 support.

0

It's no secret the web is filled with shady folks eager to take a peek at your sensitive information. Of course, you can shut them out by using a VPN, but what good does that do you when it slows your browsing speed to a crawl? That's where HideMyAss! VPN is different, and two-year subscriptions are on sale for over half-off.

2

Authentication and identity are still, despite more than six decades of computing, a serious challenge for those designing secure systems. Over recent years, fingerprint scanners have become far better to the point where the TouchID scanner on my iPhone works flawlessly. But if the rumours are right, the next iPhone will use facial recognition.

0

REA Group's CISO Craig Templeton has been in the job for just a few months. While the information security business has been largely focussed on technical skills, Templeton told his team they needed to develop a new ability; the Jedi Mind Trick. I spoke with Templeton about this and some of the challenges he sees when it comes to security and privacy.

1

Last week, the Attorney General told anyone who'd listen that Australia would be taking the global lead on dealing with access to encrypted communications. That pesky need for citizens to have access to privacy was hampering the ability of security agencies to do their jobs. While we were all wondering how that might happen, the government has responded.

0

It's said necessity is the mother of invention. About 15 years ago, Dr Gernot Heiser, from Data 61, looked ahead and, despite being fit and healthy, could foresee a day when he might need an implanted, life-supporting device such as a pacemaker. And he didn't like the idea the it might be attacked remotely. So, he set out to build a trustworthy computing platform that could not be hacked.