Dave and Jim were a couple of drinking buddies who worked as aircraft mechanics in Sydney. One day, the airport was fogged in and they were stuck in the hangar with nothing to do.

Dave said, “man, I wish we had something to drink!”
Jim says, “me too. Y’know, I’ve heard you can drink jet fuel and get a buzz. You wanna try it?”

So they pour themselves a couple of glasses of high octane booze and get completely smashed. The next morning, Dave wakes up and is surprised at how good he feels. In fact he feels GREAT! NO hangover! NO bad side effects. Nothing!

Then the phone rings. It’s Jim. Jim says, “hey, how do you feel this morning?”
Dave says, “I feel great, how about you?”
Jim says, “I feel great, too. You don’t have a hangover?”
Dave says, “No, that jet fuel is great stuff - no hangover, nothing. We ought to do this more often.”

“Yeah, well there’s just one thing.”
“What’s that?”
“Have you farted yet?”
“No.”
“Well, DON’T! ‘Cause I’m in fucking London!”

The Government, in its new initiative to become the world’s leading Nanny State, has decided that it is their right and duty to tell us what we can and cannot think, say and see on the Internet and other media. And remember kids, these people mostly live in Canberra, the most boring city in the world. Need I say more?

What has happened recently? (Historically? See here). Well ..

• Bulletproof Networks hosts the very popular Internet forum, whirlpool.net.au. ACMA don’t like Whirlpool, particularly as a lot of discussion about Australian ISPs performance and their views on Internet Censorship, happens on there. A user posted a link to an anti-abortion website which apparently is on ACMAs blacklist. Bulletproof was immediately issued with a takedown notice and a threat of being fined $11,000 per day. Out of the blue of course, because ACMA’s blacklist is kept secret. More information reported in The Australian newspaper

• Somewhere on the Internet, somebody has posted Denmark’s blacklist. Someone else submitted a link to ACMA aiming to highlight the futility of maintaining a secret blacklist. ACMA responded by blocking access to that website, and their press release about it. US Tech Blog Wired takes up the story.

• Someone claims to have located a copy of the ACMA Blacklist. It has been reported by the Sydney Morning Herald that the blacklist has been posted on the Internet. It is found to contain perfectly legal websites, such as a that of a dentist, a tour operator, a YouTube profile and a MySpace page.  Senator Conroy quickly issued a press release denying its the blacklist and threatens:

“ACMA is investigating this matter and is considering a range of possible actions it may take including referral to the Australian Federal Police. Any Australian involved in making this content publicly available would be at serious risk of criminal prosecution.”

• Coincedentally, whistleblower website, WikiLeaks, has been inaccessible from a number of Australian locations today. Not one to draw conclusions, but they are quoted in The Australian:

While Wikileaks is used to exposing secret government censorship in developing countries, we now find Australia acting like a democratic backwater. History shows that secret censorship systems, whatever their original intent, are invariably corrupted into anti-democratic behavior

• Finally, respected organisation for press freedom Reporters sans frontières, has put South Korea and Australia on its “Under Surveillence” list in its 2009 Internet Enemies report, due to their recent measures that endanger online free expression. Australia now joins states like Zimbabwe, Sri Lanka and Yemen in holding that dubious honour.

Chief Censor Sentator Conroy has aleady admitted his fitering scheme will be used to block legal material as well as illegal material (you know, the kind of stuff you can buy on the top shelves of newsagents - except if you live near a mining site, then its right by the cash register instead). The initial law was strictly to block illegal material such as Child Pr0n* and material that incites terrorism and other evil stuff like that. However now the somebody-please-think-of-the-children thought police have got their way and this has been expanded to “inappropriate” sites … legal gambing sites for example, like BetFair.com, are apparently on the blacklist. Of course, it would not suprise me if the Aussie equivelent of the RIAA, the ARIA, and the MPAA are fevereshly lobbying their cause, persuading Conroy to block peer-to-peer technologies in this filter, fresh on their success in New Zealand.

Unfortunately, the fact that the Nanny State forgets is that as soon as you make something illegal, all that happens is its driven underground. Techologies already exist that will bypass such censorship. Look at drug smuggling which is rife thoughout the world and mostly illegal. Even worse, they also make it more difficult for the authorites to locate and capture the bastards involved in activities such as terrorism and child pr0nography.

My previous position, that this funding should be diverted to the AFP and international legal authorities to track down, capture and castrate (no anasthetic)  people involved in these dispicable acts and then lock them up for life, still stands.

Restricting debate and enforcing your views through legal means on others in a Nanny State solution only drives the problem further underground. More debate here, and here, and here … while we still can.

Identity

I’ve just watched Prime Minister Rudd address the Australian Parliment (ironically, via the BBC) where I was pleasently suprised to hear, quite early in his speech [Link Available Soon], that the Government will direct its departments to provide assistance to people re-establish their legal identity. Things like passports, birth certificates, marriage certificates and so on are difficult enough to get hold of, but even worse when all of your “identity sources” are destroyed in disasters such as these fires or the floods ravaging Northern Queensland. Being able to provide a positive and trusted identity “token” (drivers license, passport, etc) about yourself is nowadays a virtual prerequisite to living a normal life in todays society. If you have none - how do you identify yourself? PM Rudd paused from reading his speech to convey, in his personal tone, this difficulty to the rest of Parliament. This is the first time I have ever heard a senior politician even understand this difficulty, simplistic as it may sound. Maybe its because he saw The Chasers’ Julian Morrow demonstrate how easy it is at a recent Identity Fraud conference in Sydney.

However - this got me thinking, as of course I work in the Information Security and Identity spaces. What provisions will the Commonwealth put into place to stop those evil people take advatage of this tragedy to assume the identities of victims? How do you prove your identity when your primary sources have been destroyed? There is an excellent case study of an affluent lady in NSW [Citation Needed] who has lost her home (including title deeds), car, digital identities, bank accounts, and so forth after having her identity stolen by a criminal gang whilst she was abroad. (The suspected Russian-based gang proceeded to sell everything she owned, obtained passports and birth certificates in her name,  bankrupted her and racked up massive debts in her name, and she is still fighting to this day to clear her credit record years later - which nobody seems to know how to do, due to the lack of legaslative process in Australia).  And all from stealing mail from her mailbox. Australians - put an unbreakable lock on your mailbox or get a PO Box, is all I can say.

Although its not proof of identity, people born in England and Wales can order as many copies of their birth certificates as they like (well - to be accurate - certified copies of an entry in the register of births and deaths) over the internet. A very useful service. Indeed, I’ve ordered quite a few copies of my own, based on only knowing basic information about my parents and where I was born. What is a scary thought is that this can then be used to apply for an identity elsewhere, for example my Australian Citizenship, my passports in multiple countries and even my French Carte de Sejour (itself a de facto Identity card).  I don’t know what processes there are in place to stop you, or anyone else, doing that with such a copy. I bet you that the various governments around the world don’t check the validity of every birth certificate copy they are presented with.

Whilst digital identity is a complex area, we must also not forget the issues around dealing with the offline world. Identity theft and fraud is a growing crime, not just done by neer-do-wells, but also in a profitable manner by the organised gangs. And they’ve been doing it for years. All we can do as individuals is to protect our own identity as best we can. Something I will blog about in the near future.

Australian National Disaster Support

Many Australians, including myself, have dug deep and already donated well over $15m in less than 24 hours of the appeal fund being set up by the Red Cross and the Victorian Government. Fires also continue to burn in not only Victoria, but also South Australia and New South Wales. With over 173 confirmed dead in the fires, the toll continuing to rise and many more injured, losing loved ones, pets, their homes and/or their businesses. Once the immediate situation has passed it will take a long time for those affected to recover, both physically and psycologically. I urge anybody reading this blog to please donate to this very good cause. As always, Australians, all donations over $2 are tax deductable (they email you a tax receipt) and for those abroad, the relative weakness of the Aussie Dollar at the moment means your donation will go much futher. Thankyou for your support.

Some think its only a Koala, but I think this guy is actually a close relative of the Koala - you know from the line of Koalas and Dropbears that interbred … can’t remember the latin name but it was something like dropbearuskoalainfestcityus. Other species of Dropbear have also been sighted recently, but not so far into the CBD.

Scientists thought that this particular species of dropbear had been killed out after they concreted over the CBD. Just seen in the Courier-Mail that there is now concern because these dropbears only came out between dusk and dawn, its very rare to see one in attack mode during daylight hours.

Brisbane City Council have warned everyone in the CBD today to wear dropbear repellent, or if you can’t get hold of it (there’s a run of repellent at the chemists apparently), smear some Vegemite on your nose. They hate the taste of it, hence why they don’t attack Australians unless desperate (they can sense it coming through our heads).

Security is not just about information security, or network security. Its also about people - a lot of information about an organisation is held within the minds of its employees and contractors. How would your organisation survive with the loss of key personnel due to a natural disaster or incident such as a dropbear attack? Today’s incident has highlighted the need for Queensland-based organisations to include the likelihood of this in their business continuity planning strategies.

For those of you who don’t know (and, given the lack of reporting in the mainstream media about the subject, I wouldn’t be suprised), the Australian Government is currently undergoing trials to enforce filtering of “illegal and objectionable material” at the Australian ISP level. What does this mean in practice? They want to filter your internet access using methods that just don’t work, just like the governments of China, Saudi Arabia, Iran, and many others do - but without the people to validate what is being filtered properly.

Remember, this is the same population of civil “servents” that has made it illegal for you, the Australian citizen, to purchase fireworks without having to physically travel to Canberra. Which, of course, is punishment in itself.

The policy will be enforced by two levels of blacklists - one of which is mandatory for all internet connections, the other is an “opt out” for those who need their fix of “restricted’ online porn, up to R18 level. However, even the Government’s own trials have shown a shockingly high false-positive rate, which means that the filters have incorrectly filtered innocent information even using the deep-packet-inspection technology that is quite advanced compared to the URL-and-IP-address-blocking that you are used to when trying to get to Facebook from your work desk (and you already know how to get around that, don’t you?)

ACMA have not detailed the governence around this “solution”. And where does it stop? What will stop Big Media (the Music and Movie industries) from lobbying - hard - to block all technologies used to distribute files online, because they *might* be used to distribute Rhianna’s latest album? (Hint: get the videos instead, she is gorgeous).  What else will they add? Any websites or people critical of Government policies, similar to the Freedom Fries debacle of the US Government when France refused, correctly I might add, to support the invasion of Iraq based upon failed intelligence about WMDs? Given the Australian Government’s useless performance at yesterdays climate change talks, I wouldn’t be suprised that most environmental groups suddenly have their websites filtered due to lobbying by the Resources sector.

I tried to make an argument on the government’s consultation blog about this, but must admit I got into one of my infamous rants that also included Telstra’s ablility to slow down the information economy. But I was also happy to see that many other Australians have found the blog and submitted similar messages. Many more have also signed petitions and will be attending protests in each Australian Capital tomorrow (Saturday).

Prime Minister Rudd, I voted for you because I thought you would bring much-needed change to Australia. The Apology, and signing Kyoto were very good starts. But your Government’s recent actions - the lack of them in particular with regards to Climate Change, the lack of action against the Japanese slaughter of whales in Australian oceans, and of course the Great Australian Firewall - is starting to make me think that the other lot wern’t so bad after all. It is true that Australians do NOT have any freedom of speech protections - something I think you should fix and protect our freedoms just like every other democracy. As a fellow Queenslander I don’t want to stop supporting you, but you are making that a difficult position to maintain.

BTW - With regards to the Child Porn issue. I do not condone this. I would happily work with the Australian Government (contact me) on addressing this issue. My personal view is to set up a dedicated unit in the AFP (or similar) tackling this issue, to monitor, gather evidence, capture and prosecute each and every single cretin who is involved with this. I alledge (got that lawyers, I alledge - I don’t have proof!) you guys already have the technologies to do this, and in fact are already doing this, (example here), for National Security interests. Why not leverage the same technologies, resources and do something similar in the non-classified environment?

Back to the Child Pornogrophers … once these bastards are found guilty in a court of law, based upon the evidence collected asbove, I propose they are castrated - without anasthetic any medical support - using blunt, rusted, metal knives and left to rot in a cell. That is the minimum punishment that these sick bastards deserve. Lets stop this problem at the source.

Now it is a completely fair call to hear comments from Americans such as Who cares? Its our president we’re voting for, not yours. However, for better or for worse, the United States pretty much the only superpower left since the end of the Cold War.

By basically ignoring the will of the United Nations (who unfortunately are good at talking, but not at action), the USA pretty much sets the agenda for the world. For whatever reason, we all suffer when the US decides to set that agenda -whether its illegal wars in the Middle East, or dodgy economic practices and fraudulent activites in the financial sector, or blatantly ignoring the issues of global warming and the destruction of the natural environment; we all collectively have to suffer for the actions of their elected government. America sneezes, the rest of the world catches the ‘flu.

So … three Icelandic guys came up with a thought experiement. Today anyone can vote at iftheworldcouldvote.com. And it is very interesting the results so far. Wether this is a result of media portrayal (unlikely - given most global media outlets are not biased like the US ones are) or by a global disenchantment with the US Administration (which reflects on peoples views about the US in general), i don’t know. But as of the time of writing, and evene acknowledging that the result isn’t totally scientific, 97% of the world wants Obama to be the next president. Time for change.

I believe the world should wake up. The past eight years of a single country’s administration ignoring world opinion on a variety of issues and taking unilateral action. The United Nations needs to get more teeth, or at least another superpower to provide a balance. China in particular could become that superpower, but I personally don’t agree with the communist ideals. Russia seems to be going backwards into the cold war scenario under its current leadership (even if he is no longer the president).

I believe that if Europe could get its act together, stop the internal bickering, put the past in the past (the UK and France are the guilty parties here - move on!) and speak with a common voice, it would be the ideal counterbalance to keep the US in check. And hopefully, we don’t have to suffer the past eight years of agony again.

To the citizens of the United States of America from Her Sovereign Majesty Queen Elizabeth  II

In light of your total failure in recent years to nominate anywhere near competent candidates for President of the USA and thus to govern yourselves, we hereby give notice of the revocation of your independence, effective immediately.

(Note to G. W. Bush : It is OK for you to look up ‘revocation’ in the Oxford English Dictionary if you have one. Whatever you do, please don’t try and ‘ad lib’ what you think this word might mean. It’s just too painful for everyone involved.)

Her Sovereign Majesty Queen Elizabeth II will resume monarchical duties over all states, commonwealths, and territories (except Kansas, which she does not fancy).

Your new Prime Minister, Gordon Brown, will appoint a Governor for America without the need for further elections.

Congress and the Senate will be disbanded.  A questionnaire may be circulated next year to determine whether any of you noticed.

To aid in the transition to a British Crown dependency, the following rules are introduced with immediate effect:

1. The letter ‘U’ will be reinstated in words such as ‘colour,’ ‘favour,’ ‘labour’ and ‘neighbour.’  Likewise, you will learn to spell ‘doughnut’ without skipping half the letters,  and the suffix ‘-ize’ will be replaced by the suffix ‘-ise.’  Generally, you will be expected to raise your vocabulary to acceptable levels.  (look up ‘vocabulary’).

2. Using the same twenty-seven words interspersed with filler noises such as ”like’ and ‘you know’ is an unacceptable and inefficient form of communication. There is no such thing as US English. We will let Microsoft know on your behalf.  The Microsoft spell-checker will be adjusted to take into account the reinstated letter ‘u” and the elimination of  ‘-ize.’

3. July 4th will no longer be celebrated as a holiday.

4. You will learn to resolve personal issues without using guns, lawyers, or therapists.  The fact that you need so many lawyers and therapists shows that you’re not quite ready to be independent.  Guns should only be used for shooting grouse.  If you can’t sort things out without suing someone or speaking to a therapist, then you’re not ready to shoot grouse.

5. Therefore, you will no longer be allowed to own or carry anything more dangerous than a vegetable peeler.  Although a permit will be required if you wish to carry a vegetable peeler in public.

6. All intersections will be replaced with roundabouts, and you will start driving on the left side with immediate effect.  At the same time, you will go metric with immediate effect and without the benefit of conversion tables.   Both roundabouts and metrication will help you understand the British sense of humour.

7. The former USA will adopt UK prices on petrol (which you have been calling gasoline) of roughly $10/US gallon.  Get used to it.

8. You will learn to make real chips.  Those things you call French fries are not real chips, and those things you insist on calling potato chips are properly called crisps.  Real chips are thick cut, fried in animal fat, and dressed not with catsup but with vinegar.

9. The cold, tasteless stuff you insist on calling beer is not actually beer at all.  Henceforth, only proper British Bitter will be referred to as beer, and European brews of  known and accepted provenance will be referred to as Lager.  Australian beer is also acceptable, as they are pound for pound the greatest sporting nation on earth and it can only be due to the beer.  They are also part of the British Commonwealth - see what it did for them.  American brands will be referred to as Near-Frozen Gnat’s Urine, so that all can be sold without risk of further confusion.

10. Hollywood will be required occasionally to cast English actors as good guys.  Hollywood will also be required to cast English actors to play English characters.  Watching Andie Macdowell attempt English dialogue in Four Weddings and a Funeral was an experience akin to having one’s ears removed  with a cheese grater.

11. You will cease playing American football.  There is only one kind of proper football; you call it soccer.  Those of you brave enough will, in time, be allowed to play rugby (which has some similarities to American football, but does not involve stopping for a rest every twenty seconds or wearing full kevlar body armour like a bunch of nancies).

12. Further, you will stop playing baseball.  It is not reasonable to host an event called the World Series for a game which is not played outside of America.  Since only 2.1% of you are aware there is a world beyond your borders, your error is understandable.  You will learn cricket, and we will let you face the Australians first to take the sting out of their deliveries.

13. You must tell us who killed JFK.  It’s been driving us mad.

14. An internal revenue agent (ie. tax collector) from Her Majesty’s Government will be with you shortly to ensure the acquisition of all monies due (backdated to 1776).

15. Daily Tea Time begins promptly at 4 pm with proper cups, with saucers, and never mugs, with high quality biscuits (cookies) and cakes; plus strawberries (with cream)  when in season.

God Save the Queen!

PS:  Only share this with friends who have a good sense of humour (NOT humor)!

If you had purchased £1000 of Northern Rock shares one year ago it would now be worth £4.95, with HBOS, earlier this week your £1000 would have been worth £16.50, £1000 invested in XL Leisure would now be worth less than £5, but if you bought £1000 worth of Kronenbourg 1664 Lager one year ago, drank it all, then took the empty cans to an aluminium re-cycling plant, you would get £214. So based on the above statistics the best current investment advice is to drink heavily and re-cycle.

hmmm … you heard the man … but i would qualify this by recommending Guinness instead of Kronenbourg  … because the cans have higher aluminium content and the beer is so much better.

Of course, the Internet community has sought to help her understand the context and to correct a such an evil accusation as well as reprimand her for not correctly crediting the author of the image in her article. In a mature manner, of course.

Whilst I normally wouldn’t bother with this kind of thing, look at the other cra… erm …rubbish she has wriiten in works of fiction like The Sun and The Daily Mail over the years. Particularly this shocker about “nazi racoons” invading mother England.

So, just for you Julie, with credit due to Daniel Hoffman-Gill (as I can’t be fussed capping my own lolracoon):

What a tw@.

Although an interesting debate, I’m not going to go into a rant about this today. What has caught my eye though as an article in todays Australian IT highlighting that a survey reveals that the majority of Australian Organisations are confident in the security of their IT systems, have rarely had that tested and can withstand all types of attacks.

Although I would like to see the details of the survey, this statement scares me. The article describes how:

[…] organisations have reached a level of comfort with security, as most internal security projects have been completed.

“We hear from the security vendors that the end of the world is coming, but businesses just don’t believe it,” Hydrasight analyst Michael Warrilow says.

It’s not surprising that organisations feel that way, as they have invested a lot to improve network security, he says.

As Information Security practitioners this proves to me that we have still failed to get our message across to Businesses Leaders. Even though the IT Industry has spent (and earnt) millions of dollars in implementing nertwork security products, all they do is protect computer networks and boxes. And only then if they are implemented and configured properly. And don’t have any users.

Australian organisations seem to have been consistently told by Software Vendors and IT Consultants that implementing some software or hardware will automagically make you secure. But what this view of the world fails to address is that whilst our technology my be OK, Information Security also needs to encompass securing information in People, Management, Processes and Strategy. Its far more difficult do this - and its not something you can “implement”.

Organisations need to address Information Security proactively, to make it a living, breathing part of their culture, instead of effectively wasting money on “tools” or “products” that do this for you.  Bob Blakely of the Burton Group makes a strong, well-reasoned argument of how the current buzzword of “Governence, Risk and Compliance” products are marketed and sold by the IT vendors (such as here, here, here and here).  He correctly states that buying this stuff will not give you Governence, Risk or Compliance that their salesmen will implicitly promise. At best, all these tools will give you are some pretty pictures of summarised data that an Operations person will find useful when preparing a presentation to his bosses. Information Governence, Risk Management and Compliance Management are all business processes that need to be owned and driven by the Business, but organisations tend to only do so when forced by an external entity (e.g. through Legislation or Commercial Obligations).

Of course, this stuff is hard. It will take time. But the first step, I feel, is for organisations to take the ownership of Information away from the ownership of Technology. Information is a business asset that can be stored and managed using various technologies; but needs to have its own management lifecycle and risk management processes.

Lets face it … fundamentally, if I wanted to get some sort of information out of a company, would it be easier for me to hack through its IT network or web based applications; or would I just pretend to be a consultant and become employed by them and grab it from the inside. Or even better walk into their offices pretending to be a courier, or contractor, or salesman and flirt excessively with the stressed office manager or receptionist. Kevin Mitnick proved that its easier to “hack” the process or the people - but still organisations put all of their eggs into one basket by securing the technology.

As the article correctly states:

“Organisations might think they’ve solved the problem but the threats are increasing and they’re going beyond technology to target people,” he says.

“Complacency is the enemy in this situation.”

I