SlideShare a Scribd company logo

NZITF & The first 48hours of Heartbleed, by Barry Brailey [APNIC 38]

APNIC
APNIC

NZITF & The first 48hours of Heartbleed, by Barry Brailey. A presentation given at APNIC 38.

Internet
1 of 16
New Zealand Internet Task Force Improving the cyber security posture of New Zealand Barry Brailey NZITF Chair
Overview • Introduc7on • How the first 48 hours unfolded in NZ
Who Am I? • Manager, Security Policy -­‐ .nz DNC • Chair – NZITF
What is the NZITF? The New Zealand Internet Task Force is a non-­‐ profit with the mission of improving the cyber security posture of New Zealand It is a collabora@ve effort based on mutual trust of it’s members
April 7th 2014 – What happened • Note – it was already April 8th in NZ • An NZITF member posts to our list – ‘hey -­‐ is this a thing?’ • And then the interna7onal media and mailing lists start to ‘light up’ • On and off list discussion……
Later that day….. • Gov’t agency – “we are assessing it now” (We are from the Government and we’re here to help) • Then………
24 hours later… • Morning of April 9th in NZ – s7ll nothing from Gov’t or (surprisingly) any local media a_en7on • NZITF Board member (eventually) says this is F*$%#D – we have to stand up a response
NZITF Gets Busy…… • Plough through what is out there • Open a conf call to get members involved and assess the scale etc • Use member’s media/comms teams to alert the Media (but manage their story) • Get the right (simple) advice out • Establish that the NZITF site is the defini7ve source for NZ on this
Test page and scanning • Get our own Test page up and start scanning for unpatched sites in NZ……. • STOP……..
Sec@on 252 -­‐ Accessing computer system without authorisa@on Every one is liable to imprisonment for a term not exceeding 2 years who inten7onally accesses, directly or indirectly, any computer system without authorisa7on, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.
Avoiding Jail…. • Linked to Qualys Test • Shared details about who had patched • Follow up advice and media • Ongoing discussion about the law • One NZ MSSP stated that within first 48 hours 40% of their customer base had been scanned for Heartbleed
During this…… • Tech company with a large customer base: “First 9me I have ever been truly pleased about being a MicrosoA stack company” “we will publish a “we were not affected” statement” ………..some9me later……. • Where’s your ‘not affected’ statement? “I just finished checking with our vendors and suppliers!”
So much Heartbleed! • Open SSL everywhere and these are the first guys to do a decent code review……..
Q&A info@nzio.org.nz barry@dnc.org.nz
Improving the cyber security posture of New Zealand

Recommended

Asheville City Schools Vision/Goals for 21st Century Schools
Asheville City Schools Vision/Goals for 21st Century SchoolsAsheville City Schools Vision/Goals for 21st Century Schools
Asheville City Schools Vision/Goals for 21st Century Schools
Bill Russell
 
IPv6: Outreach and Capacity Building
IPv6: Outreach and Capacity BuildingIPv6: Outreach and Capacity Building
IPv6: Outreach and Capacity Building
RIPE NCC
 
Poster 4
Poster 4Poster 4
Poster 4
Rotary 1010
 
Mutual Funds
Mutual FundsMutual Funds
Mutual Funds
Sadanand Pai
 
Mark Mulingbayan
Mark MulingbayanMark Mulingbayan
Mark Mulingbayan
agsbgreenbusiness
 
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
mbard
 
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
APNIC
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing Bugcrowd
Casey Ellis
 

Recommended

Asheville City Schools Vision/Goals for 21st Century Schools
Asheville City Schools Vision/Goals for 21st Century SchoolsAsheville City Schools Vision/Goals for 21st Century Schools
Asheville City Schools Vision/Goals for 21st Century Schools
Bill Russell
 
IPv6: Outreach and Capacity Building
IPv6: Outreach and Capacity BuildingIPv6: Outreach and Capacity Building
IPv6: Outreach and Capacity Building
RIPE NCC
 
Poster 4
Poster 4Poster 4
Poster 4
Rotary 1010
 
Mutual Funds
Mutual FundsMutual Funds
Mutual Funds
Sadanand Pai
 
Mark Mulingbayan
Mark MulingbayanMark Mulingbayan
Mark Mulingbayan
agsbgreenbusiness
 
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
mbard
 
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
APNIC
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing Bugcrowd
Casey Ellis
 
Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar City
Jose Fernandez
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBI
Benjamin Ang
 
Security and Banking Sector of Nepal
Security and Banking Sector of NepalSecurity and Banking Sector of Nepal
Security and Banking Sector of Nepal
Abartan Dhakal
 
24 Hours After a Breach
24 Hours After a Breach 24 Hours After a Breach
24 Hours After a Breach
LIFARS
 
Present to-nmmu-propella
Present to-nmmu-propellaPresent to-nmmu-propella
Present to-nmmu-propella
Exo Futures
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - Ireland
Thorntongroup
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
TechSoup
 
VerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruzVerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruz
Tom Cruz
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
Mark Arena
 
SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - Baylor
Splunk
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
John Stauffacher
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 
070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt
vikramjeet57
 
Presentation
PresentationPresentation
Presentation
Shanaaz Deo
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
A Study of Innovation by Phil Wheat
A Study of Innovation by Phil WheatA Study of Innovation by Phil Wheat
A Study of Innovation by Phil Wheat
iasaglobal
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
TruShield Security Solutions
 
IDNOG - 2014
IDNOG - 2014IDNOG - 2014
IDNOG - 2014
Barry Greene
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC
 

More Related Content

Similar to NZITF & The first 48hours of Heartbleed, by Barry Brailey [APNIC 38]

Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
TechSoup
 
VerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruzVerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruz
Tom Cruz
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
TruShield Security Solutions
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 

Similar to NZITF & The first 48hours of Heartbleed, by Barry Brailey [APNIC 38] (20)

Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar City
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBI
 
Security and Banking Sector of Nepal
Security and Banking Sector of NepalSecurity and Banking Sector of Nepal
Security and Banking Sector of Nepal
 
24 Hours After a Breach
24 Hours After a Breach 24 Hours After a Breach
24 Hours After a Breach
 
Present to-nmmu-propella
Present to-nmmu-propellaPresent to-nmmu-propella
Present to-nmmu-propella
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - Ireland
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
 
VerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruzVerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruz
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
 
SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - Baylor
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt
 
Presentation
PresentationPresentation
Presentation
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
A Study of Innovation by Phil Wheat
A Study of Innovation by Phil WheatA Study of Innovation by Phil Wheat
A Study of Innovation by Phil Wheat
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
IDNOG - 2014
IDNOG - 2014IDNOG - 2014
IDNOG - 2014
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 

More from APNIC

More from APNIC (20)

APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 

Recently uploaded

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 

Recently uploaded (20)

Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 

NZITF & The first 48hours of Heartbleed, by Barry Brailey [APNIC 38]

  • 1. New Zealand Internet Task Force Improving the cyber security posture of New Zealand Barry Brailey NZITF Chair
  • 2. Overview • Introduc7on • How the first 48 hours unfolded in NZ
  • 3. Who Am I? • Manager, Security Policy -­‐ .nz DNC • Chair – NZITF
  • 4. What is the NZITF? The New Zealand Internet Task Force is a non-­‐ profit with the mission of improving the cyber security posture of New Zealand It is a collabora@ve effort based on mutual trust of it’s members
  • 5. April 7th 2014 – What happened • Note – it was already April 8th in NZ • An NZITF member posts to our list – ‘hey -­‐ is this a thing?’ • And then the interna7onal media and mailing lists start to ‘light up’ • On and off list discussion……
  • 6. Later that day….. • Gov’t agency – “we are assessing it now” (We are from the Government and we’re here to help) • Then………
  • 7. 24 hours later… • Morning of April 9th in NZ – s7ll nothing from Gov’t or (surprisingly) any local media a_en7on • NZITF Board member (eventually) says this is F*$%#D – we have to stand up a response
  • 8. NZITF Gets Busy…… • Plough through what is out there • Open a conf call to get members involved and assess the scale etc • Use member’s media/comms teams to alert the Media (but manage their story) • Get the right (simple) advice out • Establish that the NZITF site is the defini7ve source for NZ on this
  • 9.
  • 10. Test page and scanning • Get our own Test page up and start scanning for unpatched sites in NZ……. • STOP……..
  • 11. Sec@on 252 -­‐ Accessing computer system without authorisa@on Every one is liable to imprisonment for a term not exceeding 2 years who inten7onally accesses, directly or indirectly, any computer system without authorisa7on, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.
  • 12. Avoiding Jail…. • Linked to Qualys Test • Shared details about who had patched • Follow up advice and media • Ongoing discussion about the law • One NZ MSSP stated that within first 48 hours 40% of their customer base had been scanned for Heartbleed
  • 13. During this…… • Tech company with a large customer base: “First 9me I have ever been truly pleased about being a MicrosoA stack company” “we will publish a “we were not affected” statement” ………..some9me later……. • Where’s your ‘not affected’ statement? “I just finished checking with our vendors and suppliers!”
  • 14. So much Heartbleed! • Open SSL everywhere and these are the first guys to do a decent code review……..
  • 16. Improving the cyber security posture of New Zealand