{"id":13493,"date":"2014-04-22T12:15:22","date_gmt":"2014-04-22T02:15:22","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=13493"},"modified":"2015-04-13T16:54:04","modified_gmt":"2015-04-13T06:54:04","slug":"cyber-wrap-24","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/","title":{"rendered":"Cyber wrap"},"content":{"rendered":"<p><a href=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-12603\" src=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg\" alt=\"\" width=\"1024\" height=\"385\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg 1024w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385-205x77.jpg 205w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a>\u2018Catastrophic is the right word. On the scale of 1 to 10, this is an 11\u2019, <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2014\/04\/heartbleed.html\">says Bruce Schneier<\/a> of the <a href=\"http:\/\/heartbleed.com\/\">Heartbleed<\/a> bug that emerged since our last cyberwrap. Heartbleed has been revealed as a flaw in the OpenSSL code that, under normal conditions, encrypts and protects Internet traffic, like usernames, passwords, digital certificates, cookies and credit card numbers. The faulty code has been in place <a href=\"http:\/\/www.npr.org\/blogs\/alltechconsidered\/2014\/04\/08\/300602785\/the-security-bug-that-affects-most-of-the-internet-explained?utm_campaign=storyshare&amp;utm_source=share&amp;utm_medium=twitter\">since March 2012<\/a> and affects a huge swathe of the Internet including big names like Facebook, Google, Instagram, YouTube, Dropbox and Twitter. The bottom line seems to be <a href=\"http:\/\/www.nytimes.com\/2014\/04\/10\/technology\/flaw-calls-for-altering-passwords-experts-say.html\">change your passwords<\/a> now and then again once the websites you use have patched the flaw. Mashable have <a href=\"http:\/\/mashable.com\/2014\/04\/09\/heartbleed-bug-websites-affected\/?utm_cid=mash-com-Tw-main-link\">put together a list of popular sites<\/a> where password changes might be necessary. You can do your own searches <a href=\"https:\/\/filippo.io\/Heartbleed\/\">here<\/a>.<\/p>\n<p>While Heartbleed has been kicking around for over two years, the fallout is as yet \u2014and could remain\u2014 unknown. Aside from spurring fear and a flurry of password changes, the discovery shines a light on areas of the web that aren\u2019t usually given much thought. OpenSSL code isn\u2019t maintained by an esoteric tech business in Silicon Valley, but rather, by a <a href=\"http:\/\/www.newyorker.com\/online\/blogs\/elements\/2014\/04\/the-internets-telltale-heartbleed.html\">handful of volunteers<\/a> scattered across the globe. Recriminations have started as to the Australian government\u2019s response to Heartbleed, with <a href=\"http:\/\/www.zdnet.com\/heartbleed-heartache-this-was-not-a-drill-people-and-you-failed-7000028434\/\">fingerpointing directed<\/a> at the Attorney General\u2019s Department for not equipping CERT Australia with a solid public response.<!--more--><\/p>\n<p>Over to the US, and the Pulitzer Prize for Public Service was <a href=\"http:\/\/www.theguardian.com\/media\/2014\/apr\/14\/guardian-washington-post-pulitzer-nsa-revelations\">awarded<\/a> last week to <i>The Guardian<\/i> and <i>The Washington Post <\/i>for their stories on NSA surveillance. Peter W. Singer of Brookings <a href=\"http:\/\/www.csmonitor.com\/USA\/2014\/0414\/First-cyber-Pulitzer-honors-publishers-of-NSA-leaks-for-public-service-video\">believes<\/a> that the accolade amounts to the first &#8216;cyber Pulitzer\u2019, recognising that all issues are \u2018being reshaped by the cyber realm, whether it&#8217;s communications, commerce, critical infrastructure, or conflict\u2026\u2019. As the scandal <i>du jour<\/i>, the NSA revelations have provided a backdrop for seemingly any public conversation on intelligence or surveillance since June 2013. On Heartbleed, for example, it wasn\u2019t long before <a href=\"http:\/\/www.bloomberg.com\/news\/2014-04-11\/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html.\">some outlets<\/a> were reporting that the NSA knew about\u2014 and exploited\u2014 the vulnerability for intelligence collection purposes. While the <a href=\"http:\/\/www.washingtonpost.com\/blogs\/the-switch\/wp\/2014\/04\/11\/the-nsa-denies-it-knew-of-the-heartbleed-bug\/\">NSA<\/a> and the <a href=\"https:\/\/twitter.com\/stuartmillar159\/status\/454738423946153985\/photo\/1\">White House<\/a> both issued denials, it may be difficult for some to accept the official line in a post-Snowden era.<\/p>\n<p>On the Aussie cyber front, the Defence Science and Technology Organisation (DSTO) has <a href=\"http:\/\/www.zdnet.com\/australia-depending-on-vulnerable-cyber-environment-dsto-7000028379\/\">\u00a0released a consultation paper<\/a>, the responses from which will inform the development of a national security science and technology (S&amp;T) policy. The program will focus on \u2018aiding, enhancing and future-proofing the Australian Cyber Security Centre (ACSC) capability; advanced tools and techniques particularly for ACSC transition of technology and processes to national networks; and establishing national S&amp;T workforce and skills that are relevant and responsive to operational cyber security needs\u2019. Consultations will conclude 1 May. Take a look at the paper <a href=\"http:\/\/www.dsto.defence.gov.au\/attachments\/Policy-and-Program-consultation%20paper-April%202014.pdf\">here<\/a> (PDF).<\/p>\n<p>There\u2019s been some interesting research out in the past week. The prowess of the Syrian Electronic Army, Iran\u2019s role as an increasingly potent cyber player and China\u2019s expansive data theft campaigns were all key elements of the evolving cyber threat landscape identified in the Mandiant\u2019s <a href=\"https:\/\/www.mandiant.com\/blog\/mtrends-2014-threat-report-revealed\/\">M-Threats paper<\/a>. <a href=\"http:\/\/www.pewresearch.org\/fact-tank\/2014\/04\/14\/more-online-americans-say-theyve-experienced-a-personal-data-breach\/\">Pew Research Centre polls<\/a> show that 18% of American adults have had important personal information stolen online, up from 11% in July 2013. While we can look to increasing technical sophistication or malware proliferation to explain that jump, the only way to turn the tide is by replacing inaction with ownership when it comes to personal cyber security.<\/p>\n<p>Finally, Minister for Communications Malcolm Turnbull was on hand last Tuesday to help ASPI\u2019s <a href=\"http:\/\/cyberpolicy.aspistrategist.ru\/\">International Cyber Policy Centre<\/a> launch its inaugural <i>Cyber Maturity in the Asia-Pacific 2014<\/i> <a href=\"https:\/\/www.aspistrategist.ru\/publications\/cyber-maturity-in-the-asia-pacific-region-2014\">report<\/a> and <a href=\"http:\/\/cybermap.aspistrategist.ru\/\">interactive map<\/a>. The report looks beyond rhetoric of cyberwar and cybercrime, using the rubric of maturity to study the presence, implementation and operation of cyber-related structures, policies, legislation and organisations. The report looks at a spectrum of issue areas to build a more comprehensive understanding of the field and spur discussion and debate around how the region can constructively engage in cyberspace.<\/p>\n<p>With the hope that the report will be \u2018<a href=\"https:\/\/twitter.com\/ASPI_ICPC\/status\/455976364491800576\">suitably controversial<\/a>\u2019, the International Cyber Policy Centre team welcomes your input, comments, and criticisms. Join the discussion <a href=\"https:\/\/twitter.com\/ASPI_ICPC\/status\/451887352751722496\/photo\/1\">@ASPI_ICPC<\/a> using #cybermaturity.<\/p>\n<p><em style=\"line-height: 1.5em;\">David Lang is an intern in ASPI&#8217;s International Cyber Policy Centre.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u2018Catastrophic is the right word. On the scale of 1 to 10, this is an 11\u2019, says Bruce Schneier of the Heartbleed bug that emerged since our last cyberwrap. Heartbleed has been revealed as a &#8230;<\/p>\n","protected":false},"author":207,"featured_media":12603,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,777,95,784,647,649,31],"class_list":["post-13493","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cyber-maturity","tag-cyber-security","tag-dsto","tag-edward-snowden","tag-nsa","tag-united-states"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cyber wrap | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber wrap | The Strategist\" \/>\n<meta property=\"og:description\" content=\"\u2018Catastrophic is the right word. On the scale of 1 to 10, this is an 11\u2019, says Bruce Schneier of the Heartbleed bug that emerged since our last cyberwrap. Heartbleed has been revealed as a ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2014-04-22T02:15:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-04-13T06:54:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"385\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Lang\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Lang\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg\",\"width\":1024,\"height\":385},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/\",\"name\":\"Cyber wrap | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/#primaryimage\"},\"datePublished\":\"2014-04-22T02:15:22+00:00\",\"dateModified\":\"2015-04-13T06:54:04+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/cf4ff2cfb006f536b2f5f3b363b47ee2\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber wrap\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/cf4ff2cfb006f536b2f5f3b363b47ee2\",\"name\":\"David Lang\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4c76694186876290e4bc2df2ebc462c6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4c76694186876290e4bc2df2ebc462c6?s=96&d=mm&r=g\",\"caption\":\"David Lang\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/david-lang\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber wrap | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/","og_locale":"en_US","og_type":"article","og_title":"Cyber wrap | The Strategist","og_description":"\u2018Catastrophic is the right word. On the scale of 1 to 10, this is an 11\u2019, says Bruce Schneier of the Heartbleed bug that emerged since our last cyberwrap. Heartbleed has been revealed as a ...","og_url":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2014-04-22T02:15:22+00:00","article_modified_time":"2015-04-13T06:54:04+00:00","og_image":[{"width":1024,"height":385,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg","type":"image\/jpeg"}],"author":"David Lang","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"David Lang","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2014\/03\/cyber-logo-1024x385.jpg","width":1024,"height":385},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/","url":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/","name":"Cyber wrap | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/#primaryimage"},"datePublished":"2014-04-22T02:15:22+00:00","dateModified":"2015-04-13T06:54:04+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/cf4ff2cfb006f536b2f5f3b363b47ee2"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-24\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Cyber wrap"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/cf4ff2cfb006f536b2f5f3b363b47ee2","name":"David Lang","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4c76694186876290e4bc2df2ebc462c6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4c76694186876290e4bc2df2ebc462c6?s=96&d=mm&r=g","caption":"David Lang"},"url":"https:\/\/www.aspistrategist.ru\/author\/david-lang\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/13493"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/207"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=13493"}],"version-history":[{"count":4,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/13493\/revisions"}],"predecessor-version":[{"id":19698,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/13493\/revisions\/19698"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/12603"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=13493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=13493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=13493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}