Paul Wallbank – Brilliant Communications

Category: security

  • Silos and security in the internet of things

    Silos and security in the internet of things

    Last week Deloitte launched its list of  500 fastest growing Asia-Pacific Technology companies.

    At the Australian media briefing on the list and the company’s predictions for the telecommunications market in 2014 Deloitte’s Jolyn Barker and Eric Openshaw discussed the some of the implications of the report.

    During the briefing Openshaw was asked about the risks of vendors creating their own Internet of Things standards to lock customters into proprietary platforms.

    Openshaw isn’t convinced, “over time when technologies develop out of significant players in an attempt to create or extend a vertical stack, over time the market tends to revolt against that.”

    “There’s usually one or two forces working against that, either the market revolts against it and insists on a new standard or the stack is too successful and regulators will come in and say ‘we don’t like your stack, dismantle it’ .”

    His view is that in the long term issues of vendor lock-in and proprietary platforms fix themselves. “One way or another, these things can be problematic in the short run but typically over time they are resolved.”

    Where Openshaw does see risks with  lying in the security of machine to machine technologies.

    “The security aspect just can’t be overstated in terms of how important it is,” says Openshaw. “When we have demonstrations now of being able to hack a pacemaker, that’s a problem.”

    “So the security issues on these networks is important.”

    The interplay between the software, network protocols and security is going to be complex and may well be what makes or breaks some vendors products.

    It’s still early days to fully appreciate all the risks with the internet of machines, but securing networks and devices will be one of the most important tasks ahead for the industry.

    Similar posts:

    • No Related Posts
  • Discussing Cryptolocker and Internet of Things security on ABC Radio

    Discussing Cryptolocker and Internet of Things security on ABC Radio

    If you missed the program, you can listen to the segments through Soundcloud.

    Tuesday morning with Linda Mottram on ABC 702 I’ll be discussing Cryptolocker ransomware, the security of the Internet of Machines and the tech industry’s call for less internet surveillance.

    It’s only a short spot from 10.15am and I’m not sure we’ll have time for callers, but one of the big takeaways I’ll have for listeners is the importance of securing your systems against malware, there’s also some security ideas for business users as well.

    We’ll probably get to mention the ACCC’s warnings on smartphone apps and the current TIFF bug in Windows as well.

    If you’re in the Sydney area, we’ll be live on 702 from 10.15, otherwise you can stream it through the internet.

    Similar posts:

    • No Related Posts
  • Potentially unwanted applications – what are we are installing on our smartphones?

    Potentially unwanted applications – what are we are installing on our smartphones?

    One of the notable things about the technology industries is there are always new terms and concepts to discover.

    During a visit to Sophos’ Oxford headquarters last month, the phrase ‘Potentially Unwanted Applications’ – or PUAs – raised its head.

    PUAs come from the problem application developers have in making money out of apps or websites. The culture of free or cheap is so ingrained online that it’s extremely hard to make a living out of writing software.

    As result, developers and their employers are engaging in some cunning tricks to get customers to download their apps and then to monetize them, particularly in the Android world which lacks the tight control Apple exercises over the iOS App Store.

    “What’s interesting about Android,” says Sophos Labs’ Vice President President Simon Reed, “is it’s attracting aggressive commercialisation.”

    The fascinating thing Reed finds about this ‘aggressive commercialisation’ is where the distinction lies between malware and monetisation and when does an app or developer cross that line.

    Reed’s colleagues Vanja Svajcer & Sean McDonald explore where that line lies in a paper titled Classifying PUAs in the Mobile Environment which they submitted to the Virus Bulletin Conference last October.

    In that paper Svajcer and McDonald discuss how these applications have developed, the motivations behind them and the challenge for anti virus companies like Sophos and Kaspersky in categorising and dealing with them.

    The authors also flag that while the bulk of the revenue generated by these apps comes from advertising, there are serious privacy risks for users as developers try to monetize the data many of these packages scrape from the phones they’re installed on.

    Svajcer and McDonald do note though that potentially unwanted applications aren’t really anything new, we could well classify many of the drive by downloads that plagued Windows 98 users at the beginning of the century as being PUAs.

    What we do need to keep in mind though that what is driving the development of PUAs is users’ reluctance to pay for apps and that it’s going to take a big change in customer attitudes for this problem to go away.

    For businesses, this is something managers are going to have to consider as they move their line of business applications onto mobile devices, as Marc Benioff proposed at the recent Dreamforce conference.

    Sophos’ Simon Reed believes potentially unwanted apps won’t be such a problem in the workplace however. “Consumers may have a different tolerance towards PUAs than commercial organisations,” he says.

    The prevalence of PUAs on mobile devices does underscore though just how careful organisations have to be with who and what can access their data. It’s another challenge for CIOs.

    Similar posts:

    • No Related Posts
  • Greetings from the scammers

    Greetings from the scammers

    The notorious “419 scams” have been around since the early days of the consumer internet.

    419 scams are the elaborate internet frauds that try to convince people they unexpectedly come into money. Once a gullible victim takes the bait, they are duped into paying a range of ‘facilitation fees’ and costs that drains their saving.

    The term 419 scam comes from the Nigerian criminal code that covers this crime, which was appropriate as most — although not all — of these emails originated from the country.

    For a while in the early 2000s, internet users became used to receiving a few 419 scam emails every day but by the middle of the decade they largely dried up as the even the most gullible and greedy idiots became wise to the schemes.

    That’s not to say they have completely vanished, this morning quite a distasteful one landed in my inbox.

    Greetings,
    I wish to seek your assistance to execute a business deal. I am Paul Williams a Contract Agent based in London. I require your consent to present you as next of kin to a client of mine, who died along with his wife and Two kids in the Asian Typhoon Haiyan in the Philippines leaving behind a large sum of money without a next of kin. With your co-operation and information available to me you can make a claim on the funds as the next of kin to my deceased client. After release of the funds to you by the financial institution where it is lodged, we can share according to a percentage we agree upon. If you may be of assistance, please reply for further co-operation.
    Best Regards,

    Paul Williams.

    It’s unlikely that Paul Williams exists and even if he did it’s unlikely he’d have anything to do with this unsavory scam that most people would immediate bin when they receive it.

    Binning the message was my reaction as well, but as I was about to, it occurred to me that there are enough venal, stupid people in the world who would agree to be involved in such a deal.

    No doubt if you asked them they’d say defrauding the deceased family’s estate is a victimless crime as the money would only end up with the government anyway, these people would swear blind they are honest, honourable folk and no doubt they would think they are rather clever.

    It’s worth reflecting that dishonest, venal and somewhat dim people do occasionally get their come-uppance in today’s world.

    Similar posts:

    • No Related Posts
  • Will the internet’s insecurities damage economic growth?

    Will the internet’s insecurities damage economic growth?

    “No country is cyber-ready” warns Melissa Hathaway, author the Cyber-Readiness Report.

    Hathaway’s warning is that the economic benefits of the internet are being lost to the various vulnerabilities in our information infrastructure.

    Dutch research company TNO claims that the Netherlands lost up to 2% of their GDP to cybercrime in 2010 and Hathaway claims similar losses are being incurred in other developed countries.

    Supporting Hathaway’s views at a function in Sydney today, Cisco System’s Senior Vice President and Chief Security Officer, John Stewart, made a frightening observation about corporate networks.

    “Every single customer we have checked with, and these are the Fortune 2000, has high threat malware operating in their environment – every single one of them.”

    So the bad guys are in our networks and causing real economic damage. The question for businesses and governments is how do we manage this threat and mitigate any losses?

    On our more intimate level, how do we manage our own systems and online behaviour to limit our personal or business losses?

    Hathaway makes the point that the internet was never intended to do the job we now expect it to do and as consequence security was never built into the net’s design.

    Today, we rely upon the internet regardless of its lack of inbuilt security. With everyone from governments through to organised crime and petty scammers wanting to peek at our data, we have to start taking security far more seriously.

    Similar posts:

    • No Related Posts