Category Archives: Security

Whither the Australian tech scene

Sad state of affairs down under in tech land these days.

First: https://www.afr.com/technology/tech-firms-including-airtasker-hit-by-rd-incentive-crackdown-that-threatens-software-sector-20181129-h18j51

This one seems pretty damaging – not a body blow but isn’t good sign.

Now this: https://www.bloomberg.com/news/articles/2018-12-06/australia-moves-toward-passing-law-targeting-whatsapp-signal

But the fundamental fact remains that the powers being sought by law enforcement are ill-informed, badly drafted and a gross overreach,” Digital Rights Watch said in a statement. “This bill is still deeply flawed, and has the likely impact of weakening Australia’s overall cyber-security, lowering confidence in e-commerce, reducing standards of safety for data storage and reducing civil right protections.”

RMIT University’s Gregory said the effect of the laws would likely spread beyond terrorist or criminal activities and into private-sector investigations.

“It’s too rushed, too broad, not well-defined and ultimately will be misused,” he added. “People will also be able to use this not just for criminal law matters but also corporation law matters.”

Feels pretty dangerous and I wouldn’t want to be working in security down under.

Maybe this will all blow over but to me it doesn’t bode well for the Australian tech scene.

What Are You Risking for the Sake of Getting Your Salary Early? – Appknox

Be vigilant:

2017 has seen a massive turmoil of cybersecurity breaches impacting both the business and consumers. Be it WannaCry, Petya or Equifax, the rate of security breaches is rising in parallel to innovation. Talking about India, companies like Zomato, Reliance Jio, Indigo Airlines (Twitter Hack)

— Read on blog.appknox.com/what-are-you-risking-for-the-sake-of-getting-your-salary-early/

Hacking the Fish Tank

DarkTrace never ceases to amaze.

Check this report :: https://www.darktrace.com/resources/wp-global-threat-report-2017.pdf

Read #6:

Technological innovations keep businesses dynamic and pro table, their employees productive and creative, and their premises exciting and modern. A North American casino recently installed a high-tech sh tank as a new attraction, with advanced sensors that automatically regulate temperature, salinity, and feeding schedules.

To ensure these communications remained separate from the commercial network, the casino con gured the tank to use an individual VPN to isolate the tank’s data. However, as soon as Darktrace was installed, it identi ed anomalous data transfers from the sh tank to a rare external destination.

Anomalous activity detected:

  • Transfer of 10GB outside the network
  • No other company device had communicated with this external location
  • No other company device was sending a comparable amount of outbound data
  • Communications took place on a protocol normally associated with audio and video

The tank’s communication patterns included sporadic communications with company devices, but that activity was in line with similarly con gured IoT devices. The external data transfers, however, were deemed highly unusual by Darktrace’s AI algorithms.

The data was being transferred to a device in Finland where an attacker had managed to gain control over the tank. This was a clear case of data ex ltration, but far more subtle than typical attempts at data theft.

By targeting an unconventional device that had recently been introduced into the network, the attack managed to evade the casino’s traditional security tools. Darktrace’s Enterprise Immune System detected the threat because the technology does not make assumptions about where threats will arise. It detected a subtle anomaly that indicated a much larger threat, and it aided the casino in remediating the vulnerability. The incident demonstrates the need to have complete visibility of every user and device – including internet-connected sh tanks.

Interpol Panel – public invited

Interpol is having their yearly conference in Singapore and normally their is very little public interaction but this year I am moderating a panel that will bring Interpol, the private sector, the startup sector and the VC community together to discuss the future of AI, IOT, and how Interpol will work with the goverment and the private sector to help ensure public safety in a world where automation machines and autonomous cars will become the norm.

Going to be interesting.

For more info and the the email to RSVP – go here :: https://www.interpol-world.com/seedplus

Any questions? Ping me.