Monthly Archives: February 2017

Roundtable discussions on Australia’s Indian Ocean Territories

oz-fed-gov-logo image

The Parliament’s External Territories Committee will host a roundtable discussion tomorrow from 9 am to 12:30 pm on the enduring strategic importance of the Indian Ocean Territories.

Committee Chair, Mr Ben Morton MP, said he is looking forward to holding our first hearing for the inquiry and gathering together departmental officials, subject area experts and academics.

“Christmas Island and the Cocos (Keeling) Islands may be small dots in the Indian Ocean, but the territories’ proximity to Asia and major shipping lines means they remain vital to Australia’s defence, trade and security interests,” Mr Morton said.

The Committee will examine different angles including maritime surveillance, military contingencies and regional cooperation, investment in government infrastructure, and implications for the territories’ residents.

Further information about the inquiry, including the submissions received and the hearing program can be accessed via the Committee’s inquiry website.

Media enquiries:
Please contact the Committee Chair, Mr Ben Morton MP on 08 9354 9633

For background:
Please contact the committee secretariat on (02) 6277 4355 or email [email protected]

Interested members of the public may wish to track the committee via the website. Click on the blue ‘Track Committee’ button in the bottom right hand corner and use the forms to login to My Parliament or to register for a My Parliament account.


Henry Sapiecha

Public hearing on Australian Cyber Security Centre relocation and fit out

aust gov logo white on black

The Parliamentary Standing Committee on Public Works will hold a public hearing in Canberra tomorrow to examine the proposed relocation and fit-out of the Australian Cyber Security Centre (ACSC) by the Department of Defence.

The proposed works will enable the personnel of the various agencies to be co-located, as well as providing additional space to facilitate joint initiatives between the ACSC, industry and academia. The estimated cost of the project is $38 million (excluding GST).

Full details on the project are available on the committee’s website:

NB the Parliamentary Standing Committee on Public Works is neither involved in the tendering process nor the awarding of contracts. Enquiries on those matters should be addressed to the Department of Immigration and Border Protection.

Public Hearing Details: 1:30pm to 2:30pm, Friday 10 February, Committee Room 1R3, Parliament House, Canberra

Members of the public are welcome to attend to observe proceedings. The hearing will also be webcast at

Media enquiries:
Office of the Chair, Mr Scott Buchholz MP (Greg Birkbeck): 0427 421 132

For background:
Parliamentary Standing Committee on Public Works
(02) 6277 4636, [email protected],

Interested members of the public may wish to track the committee via the website. Click on the blue ‘Track Committee’ button in the bottom right hand corner and use the forms to login to My Parliament or to register for a My Parliament account.


Henry Sapiecha

After a decade of silence, this SQL Slammer computer worm is back and researchers don’t know why

worms-pack image

A 14 year old computer worm has suddenly made a surprise comeback following a decade of almost no activity – and nobody knows why.

After it first appeared in January 2003, SQL Slammer carried out distributed denial of service (DDoS) attacks against tens of thousands of servers across the globe, using servers and routers to overload over 75,000 networks within 10 minutes of its emergence.

Exploiting a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000, the memory resident worm sends a formatted request to UDP port 1434 to infect the server. Once this occures, it rapidly spreads itself by sending its payload to random IP addresses and causing further DDoS attacks.

Microsoft released a patch to prevent SQL Slammer attacks, but now, almost a decade and a half after it first appeared in the wild, cybersecurity researchers at Check Point have noticed a sudden upsurge in this form of cyberattack. The spike is to such an extent SQL Slammer became one of the most common malware attacks during December.

SQL Slammer surged between November 28 and December 4, 2016 and attacked targets in 172 countries across the globe. The US was by far the most common target of the worm, accounting for 26 percent of SQL Slammer attacks, followed by the UK and Israel on seven percent each.

The IP addresses responsible for initiating the largest number of attempted attacks were registered in China, Vietnam, Mexico, and Ukraine, although outside of that there’s no indication of who revived the SQL Slammer attacks or why.

‘Could be an aberration, could be the start of something – it’s hard to speculate!’ said a Check Point spokesperson.

Where the most Slammer attached were launched from-MAP image

SQL Slammer isn’t the only old computer virus which has given organisations issues years after it first appeared; the eight year old Conficker virus is still responsible for a large number of attacks, accounting for over 500,000 incidents in a year.



Henry Sapiecha

Metasploit security kit now hacks IoT devices, hardware

This well supported hacking tool kit can now be linked to everything from fridges to cars in the search for vulnerabilities.

hack-keyboard-pirate-symbol image

The popular Metasploit hacking kit has been upgraded to tackle today’s Internet of Things (IoT) devices, granting researchers the opportunity to scour for bugs in modern vehicles.

Rapid7 Research director of transportation security Craig Smith announced on February 2 that the Metasploit framework can now link directly to hardware, permitting users to develop exploits to test their hardware and conduct penetration testing with less time wasted.

It is hoped that researchers will no longer have to build multiple tools to test today’s modern devices and overcome previous network limitations.

“Metasploit condensed a slew of independent software exploits and tools into one framework and now we want to do the same for hardware,” Smith says.

The open-source penetration testing software, available for free or as an extended, paid-for edition, is over a decade old but is still utilized by thousands of researchers worldwide. The framework currently boasts roughly 1,600 exploits and 3,300 penetration testing modules.

Due to the fresh update to the Hardware Bridge API, users are no longer limited to Ethernet network connections. Instead, researchers can build support directly into firmware or create a relay service through a REST API, which is necessary for some hardware tools including Software Defined Radio (SDR) that cannot communicate over Ethernet.

“Every wave of connected devices, regardless of whether you’re talking about cars or refrigerators, blurs the line between hardware and software. As we like to say, this hardware bridge lets you exit the Matrix and directly affect real, physical things,” said Smith. “We’re working to give security professionals the resources they need to test and ensure the safety of their products, no matter what side of the virtual divide they are on.”

The initial release focuses on IoT, with a particular slant towards automotive penetration testing. The bridge now includes modules for testing vehicle Controller Area Network (CAN) buses and users are also offered interactive commands for gathering information on vehicles being tested, such as speed and inbuilt security systems.

“If you are in security at an automaker, you are challenged to test things that are not exposed to traditional networks,” Smith told Dark Reading. “The hardware bridge allows security teams to add hardware testing to their QA process. It also allows red teams to have a central user interface to all of their hardware tools.”

Additional modules which target embedded, industrial, and hardware devices, including SCADA systems for industrial applications, will be added over time. Rapid7 also plans to add additional BUS systems, such as K-Line, in the future.

Rapid7 is asking users of the initial Metasploit release to provide feedback and suggest new automotive features for future versions.

club libido banner-22

Henry Sapiecha