Interesting developments in the connectivity world…

Photo Credit: Gloria Garcia / Flickr (CC: by-nc-nd)The Australian Government has just dropped the ban hammer on Chinese Telecommunications equipment company Huawei and it’s going to be interesting to see how this plays out across the Tasman here in New Zealand…

Given the traditional “copy our West Island cousins” approach versus the “but they’re part of a free trade agreement” view of China (as of 30 minutes ago, the Prime Minister was still comfortable) – Government backed Kordia has an agreement with Huawei Marine for additional cable connectivity to the intertubes  however, that cable touches down in Sydney so is the connectivity now off the table?

Huawei already has a foot in the door through agreements with Enable Networks in Christchurch and the middle of the North Island

/popcorn

Ubuntu Upgrade Day: 11.04 – 11.10 ‘Oneiric Ocelot’

Yay! My favorite Linux distro gets a facelift today with Ubuntu 11.04 making way for the newly released version 11.10 ‘Oneiric Ocelot’. From past history lessons, I do tend to stray on the side of caution, so only one of my machines will be getting the upgrade treatment this week and I’ll hold off with the others until any post update issues shake out.

For those who haven’t given Linux a try yet – I’d strongly suggest giving Ubuntu a go – it has a nice interface and can be skinned to look and feel quite similar to some of the other major operating systems you may already be familiar with. Follow this download link and grab the file.

If you just want to kick the tyres and have a quick look, there are some easy to follow instructions on the download page for making a ‘Live CD’ or a bootable USB stick that you can drop into your current machine and check out.

For those already running Ubuntu, upgrading is as easy as following the instructions on this page, or by entering the command:

update-manager -d

from a terminal window (or from a command via <Alt> + <F2> ). At the time of writing, the update files hadn’t made it to the New Zealand servers so you may want to hold off a little, or change your region under the ‘Settings’ option.

Good luck, enjoy (and don’t forget to make a backup of your data files BEFORE you start…)

The best exploits are old exploits

Image Credit: "Old school" from Clothesline - NZ Clothing and Design (BUY THE TSHIRT)Last week I had a really interesting meeting with one of the Security Advisors from Microsoft prior to the release of their Security Intelligence Report (SIR) – Volume 11.

While we were specifically discussing different things in this meeting, one of the side conversations came back to the issues surrounding legacy software and it’s ongoing support and there’s some really interesting numbers making up the latest analysis of exploits being leveraged against the systems Microsoft monitor in creating these reports.

While “zero-day” vulnerabilities are the things making the news (at least in the industry press), they accounted for less than 1% of malicious activity.

One of the more worrying stats for me was the leveraging of exploits where updates were available. Around 6% of incidents were exploiting issues for which a vendor had already released an update to fix. Further to this, 3.2% of the overall incidents were for issues resolved more than a year ago! The reality is, people are simply not updating their software and I’m really not sure where the problem sits.

Given the author of the study is Microsoft, it’s safe to assume that the measurements are against Windows based systems – these systems have had Operating System and Application updates built in to it’s default operation for many, many years now – however I still come across machines ‘in the wild’ with update indicators sitting right next to the system clock on the task bar, simply begging to be clicked so that the machine can be updated. The patches are set to download by default, they come from very well distributed file caches so the downloads are as fast as possible – so why are they not being applied? This phenomenon is not isolated to home PCs where the owner may not know why (or how) these patches should be applied, it’s also apparent in managed environments such as corporates and schools.

Before anyone starts to feel too comfortable because *you* have your operating system all up to date, it’s not just the base system which is under attack. Even as far back as 2009, these SIR reports were demonstrating that;

“Around 90 percent of vulnerabilities during the second half of last year were in applications…” – DarkReading / Microsoft SIR, April 2009

And that trend (though, perhaps not that percentage) continues today. In fact, it is the applications which users are loading on to their systems which are bringing with them the vulnerabilities from which the malicious are launching their attacks. We see this in the additional functionality vendors are inserting into base operating systems on phones, we see it in application software which destroys the myth that certain platforms are invulnerable. even to the point where helpdesk staff representing the company were specifically prohibited from assisting customers (a position they later reversed).

So – what does one do in the face of these threats? Do we rely on the background downloading and patching of our systems, or do we take an active stance in protecting our machines, choosing what and when to apply updates – just in case “something weird” happens?

But, gentle reader, the greatest threat to the integrity of your system is not it’s operating system, it it not the applications you have installed, it is something even harder to ‘update’, something that will not be ‘patched’ on a regular basis from a central source… the greatest threat, the threat responsible for almost 45% of the attacks analysed in this latest Microsoft SIR – is you and I. We of the “between the keyboard and the chair”, us of the “Layer 8 in the OSI model”, the wet-ware, the users. But trying to resolve that threat vector is fodder for perhaps another article at another time.

Getting Ubuntu to Boot *AFTER* installing Windows 7

Photo Credit: fallsroad - http://www.flickr.com/photos/fallsroad/13240207/From Google, and the various Linux community forums, this is a fairly common problem so, in an effort to be more useful than those who simply post a link to the GRUB man page, or an article which spells out how dumb it is to install Windows AFTER Ubuntu – I thought I’d drop my experience and the resolution here – I’m bound to need it at some point in the future.

The Fix:

While the suggested Boot-Repair GUI didn’t do the trick for me, the following  did result in an eventual #WIN.

  • Boot from a Ubuntu LIVE CD/USB
  • From a terminal, enter the following
    • sudo fdisk -l
    • This will identify the device / drive. For me (and most users) this will tend to be /dev/sda
    • If you are still uncertain you can also run sudo blkid for more details and review the partition labels & sizes
  • Mount the Ubuntu boot partition
    • sudo mount /dev/sdXY /mnt
    • e.g. sudo mount /dev/sda1 /mnt
  • Run grub-install as below to drop the GRUB2 files back onto the boot partition where they should reside
    • sudo grub-install --root-directory=/mnt /dev/sdX
    • e.g. sudo grub-install --root-directory=/mnt /dev/sda
  • Reboot (into your freshly resurrected Ubuntu installation)
  • Open a terminal and refresh the GRUB2 menu with:
    • sudo update-grub
  • That’s it.. you SHOULD now have both Ubuntu and Windows 7 detected at boot and be able to choose between them.

Thanks to the Ubuntu Community for this page – and all the others which pointed to different solutions and variants of this fix. If the above doesn’t work for you, Google is your friend – there’s a heap more articles out there which should offer you an eventual solution.

NetHui 2011 – Day 1: Digital Citizenship – 21st Century Parenting

21st Century Parenting – Challenges and Solutions

Lee Chisholm, Operations manager, NetSafe

This was an obvious choice as a session for me to attend, and it opened with an attention grabbing quote…

“Three times as many smart phones every minute are activated than there are babies being born” – Hans Vestberg, CEO of Ericsson

This quote sets the stage for the overwhelming influx of technologies into our lives and especially the lives of our children. The problem is, parents are being fed these lines time and again to the point where many throw in the towel and give up trying to stay current with what their children are doing.

Even more worrisome than the parents giving up, is the parents abdicating the responsibility of teaching and modelling these skills to schools. Schools do not have the resources to do this stuff alone

Continue reading “NetHui 2011 – Day 1: Digital Citizenship – 21st Century Parenting”

NetHui 2011 – Day 1: Innovation & Emerging Issues – Privacy Issues

Privacy Issues for business in the new digital age

Marie Shroff (Privacy Commissioner)

This session started with a fizz and a whimper, I think based more on the usual audience for the Privacy Commission than the subject matter itself. I did enjoy the comics though 🙂

  • Customers are starting to take an ACTUAL interest in their privacy (~80-90% are concerned or ‘very concerned’)
  • Media starting to pick up on these stories as the articles drive interest
  • Bigger companies are starting to see the moral and ethical necessity to adopt privacy
  • Expectation of future tweaking suggestions for privacy act
  • “Value your CIO as your would your CFO”
  • Despite the cloud context, people are expecting the same flexibility and control over their data as when it was locally domicilled

The discussion that followed was interesting

Continue reading “NetHui 2011 – Day 1: Innovation & Emerging Issues – Privacy Issues”

NetHui 2011 – Day 1: Globalisation, the Internet and the Law – The Internet as a Revolutionary Tool

Session Lead by: Brian Calhoun, Independent Consultant and co-chair of NZRise Inc

 “I see a gradual slide toward corporate and government control…by control I mean content”

The session started with a discussion of TOR / BitCoin / BitTorrent – all created specifically to circumvent control systems that were already in existence. The question then posed to the room was:

“How long before our government moves to block/disable these things? […] What is your bottom line? How pissed off do you need to get before you take action?”

Continue reading “NetHui 2011 – Day 1: Globalisation, the Internet and the Law – The Internet as a Revolutionary Tool”

NetHui 2011 – Day 1: Digital Citizenship – Cyber-Bullying

Digital Citizenship – Combating Cyber-bullying & Harassment

Stream led by: John Fenaughty (NetSafe)

Perhaps the most notable example of standing up against bullying of recent times is that of 16-year old Australian Casey Haynes story (YouTube “Fat Kid takes on Bully”) a video that went viral both online and via traditional prime time media.

When asked, 33.2% of youth surveyed reported they had experienced some form of cyber-bullying in the past year and 52.9% of those had found it distressing.

That’s 17.6% of New Zealand youth surveyed having experienced ‘distressing cyber-bullying’ in the past year – it’s an offensive statistic for anyone wishing to better the environment in which we work, entertain and educate ourselves.
Continue reading “NetHui 2011 – Day 1: Digital Citizenship – Cyber-Bullying”

NetHui 2011 – Day 1: Digital Citizenship – Cyber-Safety

Digital Citizenship – Cybersafety

Stream led by: Martin Cocker (NetSafe) – NetHui Digital Citizenship Forum

Martin started off the session by outlining there things are in New Zealand, as well as providing a context for the terminology which would follow. In this regard, Digital Citizens were defined as those using technologies to have:

  • Greater productivity (via use of technology)
  • A better education experience
  • Connections with e-government
  • The responsibility to “Balance” the digital society
    • Politically, we can vote out non-performers
    • Commercially, we can only influence via our adoption and usage of technologies.
    • We can’t vote for everyone (politically) but we can influence via usage and adoption

Continue reading “NetHui 2011 – Day 1: Digital Citizenship – Cyber-Safety”

NetHui 2011

NetHui 2011So – the Net Hui is on at Aucklands Sky City Convention Center and, given the line up of people and the subjects being discussed it’s something I decided I need to be at so, startig tomorrow – I am taking 3 days of Annual leave and heading off to the conference as “Rob – Interested Internet User” and certainly not as “Rob – [Employee of Company]“.

Since I first made the decision to attend, I’ve been relieved to learn that at least two of my collegues will be attending in their  official employee capacity – so I’m sure that we’ll compare notes at some point in the ensuing weeks.

Given the nature of these conferences, I will be trying to take notes as best that I can, but for future readers of these entries (myself included) the NetHui is showing some excellent intentions to make note-taking collaborative and also release materials from the conference in addition to the live video streaming of the session they are planning on.

For more details on the event – click here, for my notes on each day, follow the links below:

Enjoy, and feel free to comment below, or against the relevant article. I’ll also work on providing links to others coverage of the event from this post.