SlideShare a Scribd company logo

NZITF & The first 48hours of Heartbleed, by Barry Brailey [APNIC 38]

APNIC
APNIC

NZITF & The first 48hours of Heartbleed, by Barry Brailey. A presentation given at APNIC 38.

Internet
1 of 16
New Zealand Internet Task Force Improving the cyber security posture of New Zealand Barry Brailey NZITF Chair
Overview • Introduc7on • How the first 48 hours unfolded in NZ
Who Am I? • Manager, Security Policy -­‐ .nz DNC • Chair – NZITF
What is the NZITF? The New Zealand Internet Task Force is a non-­‐ profit with the mission of improving the cyber security posture of New Zealand It is a collabora@ve effort based on mutual trust of it’s members
April 7th 2014 – What happened • Note – it was already April 8th in NZ • An NZITF member posts to our list – ‘hey -­‐ is this a thing?’ • And then the interna7onal media and mailing lists start to ‘light up’ • On and off list discussion……
Later that day….. • Gov’t agency – “we are assessing it now” (We are from the Government and we’re here to help) • Then………
24 hours later… • Morning of April 9th in NZ – s7ll nothing from Gov’t or (surprisingly) any local media a_en7on • NZITF Board member (eventually) says this is F*$%#D – we have to stand up a response
NZITF Gets Busy…… • Plough through what is out there • Open a conf call to get members involved and assess the scale etc • Use member’s media/comms teams to alert the Media (but manage their story) • Get the right (simple) advice out • Establish that the NZITF site is the defini7ve source for NZ on this
Test page and scanning • Get our own Test page up and start scanning for unpatched sites in NZ……. • STOP……..
Sec@on 252 -­‐ Accessing computer system without authorisa@on Every one is liable to imprisonment for a term not exceeding 2 years who inten7onally accesses, directly or indirectly, any computer system without authorisa7on, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.
Avoiding Jail…. • Linked to Qualys Test • Shared details about who had patched • Follow up advice and media • Ongoing discussion about the law • One NZ MSSP stated that within first 48 hours 40% of their customer base had been scanned for Heartbleed
During this…… • Tech company with a large customer base: “First 9me I have ever been truly pleased about being a MicrosoA stack company” “we will publish a “we were not affected” statement” ………..some9me later……. • Where’s your ‘not affected’ statement? “I just finished checking with our vendors and suppliers!”
So much Heartbleed! • Open SSL everywhere and these are the first guys to do a decent code review……..
Q&A info@nzio.org.nz barry@dnc.org.nz
Improving the cyber security posture of New Zealand

Recommended

Asheville City Schools Vision/Goals for 21st Century Schools
Asheville City Schools Vision/Goals for 21st Century SchoolsAsheville City Schools Vision/Goals for 21st Century Schools
Asheville City Schools Vision/Goals for 21st Century SchoolsBill Russell
 
IPv6: Outreach and Capacity Building
IPv6: Outreach and Capacity BuildingIPv6: Outreach and Capacity Building
IPv6: Outreach and Capacity BuildingRIPE NCC
 
Poster 4
Poster 4Poster 4
Poster 4Rotary 1010
 
Mutual Funds
Mutual FundsMutual Funds
Mutual FundsSadanand Pai
 
Mark Mulingbayan
Mark MulingbayanMark Mulingbayan
Mark Mulingbayanagsbgreenbusiness
 
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...mbard
 
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...APNIC
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing BugcrowdCasey Ellis
 

Recommended

Asheville City Schools Vision/Goals for 21st Century Schools
Asheville City Schools Vision/Goals for 21st Century SchoolsAsheville City Schools Vision/Goals for 21st Century Schools
Asheville City Schools Vision/Goals for 21st Century SchoolsBill Russell
 
IPv6: Outreach and Capacity Building
IPv6: Outreach and Capacity BuildingIPv6: Outreach and Capacity Building
IPv6: Outreach and Capacity BuildingRIPE NCC
 
Poster 4
Poster 4Poster 4
Poster 4Rotary 1010
 
Mutual Funds
Mutual FundsMutual Funds
Mutual FundsSadanand Pai
 
Mark Mulingbayan
Mark MulingbayanMark Mulingbayan
Mark Mulingbayanagsbgreenbusiness
 
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...
ALA Presentation on Broadband Deployment to Libraries -> September 27, 2007 A...mbard
 
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...
The NZITF, a 'trust group’ of volunteers in a country with no National C, by ...APNIC
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing BugcrowdCasey Ellis
 
Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityJose Fernandez
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBIBenjamin Ang
 
Security and Banking Sector of Nepal
Security and Banking Sector of NepalSecurity and Banking Sector of Nepal
Security and Banking Sector of NepalAbartan Dhakal
 
24 Hours After a Breach
24 Hours After a Breach 24 Hours After a Breach
24 Hours After a Breach LIFARS
 
Present to-nmmu-propella
Present to-nmmu-propellaPresent to-nmmu-propella
Present to-nmmu-propellaExo Futures
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandThorntongroup
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
 
VerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruzVerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruzTom Cruz
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunk
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleanerJohn Stauffacher
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.pptvikramjeet57
 
Presentation
PresentationPresentation
PresentationShanaaz Deo
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
A Study of Innovation by Phil Wheat
A Study of Innovation by Phil WheatA Study of Innovation by Phil Wheat
A Study of Innovation by Phil Wheatiasaglobal
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
IDNOG - 2014
IDNOG - 2014IDNOG - 2014
IDNOG - 2014Barry Greene
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 

More Related Content

Similar to NZITF & The first 48hours of Heartbleed, by Barry Brailey [APNIC 38]

Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityJose Fernandez
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBIBenjamin Ang
 
Security and Banking Sector of Nepal
Security and Banking Sector of NepalSecurity and Banking Sector of Nepal
Security and Banking Sector of NepalAbartan Dhakal
 
24 Hours After a Breach
24 Hours After a Breach 24 Hours After a Breach
24 Hours After a Breach LIFARS
 
Present to-nmmu-propella
Present to-nmmu-propellaPresent to-nmmu-propella
Present to-nmmu-propellaExo Futures
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandThorntongroup
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
 
VerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruzVerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruzTom Cruz
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunk
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.pptvikramjeet57
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
A Study of Innovation by Phil Wheat
A Study of Innovation by Phil WheatA Study of Innovation by Phil Wheat
A Study of Innovation by Phil Wheatiasaglobal
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 

Similar to NZITF & The first 48hours of Heartbleed, by Barry Brailey [APNIC 38] (20)

Frony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar CityFrony Fronius: Exploring ZigBee signals from Solar City
Frony Fronius: Exploring ZigBee signals from Solar City
 
Cybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBICybersecurity and Legal lessons after Apple v FBI
Cybersecurity and Legal lessons after Apple v FBI
 
Security and Banking Sector of Nepal
Security and Banking Sector of NepalSecurity and Banking Sector of Nepal
Security and Banking Sector of Nepal
 
24 Hours After a Breach
24 Hours After a Breach 24 Hours After a Breach
24 Hours After a Breach
 
Present to-nmmu-propella
Present to-nmmu-propellaPresent to-nmmu-propella
Present to-nmmu-propella
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - Ireland
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
 
VerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruzVerizonFinalPresentation_TomCruz
VerizonFinalPresentation_TomCruz
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
 
SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - Baylor
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt070614F-ISOAPresentation.ppt
070614F-ISOAPresentation.ppt
 
Presentation
PresentationPresentation
Presentation
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
A Study of Innovation by Phil Wheat
A Study of Innovation by Phil WheatA Study of Innovation by Phil Wheat
A Study of Innovation by Phil Wheat
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
IDNOG - 2014
IDNOG - 2014IDNOG - 2014
IDNOG - 2014
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Recently uploaded

Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 

Recently uploaded (20)

young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 

NZITF & The first 48hours of Heartbleed, by Barry Brailey [APNIC 38]

  • 1. New Zealand Internet Task Force Improving the cyber security posture of New Zealand Barry Brailey NZITF Chair
  • 2. Overview • Introduc7on • How the first 48 hours unfolded in NZ
  • 3. Who Am I? • Manager, Security Policy -­‐ .nz DNC • Chair – NZITF
  • 4. What is the NZITF? The New Zealand Internet Task Force is a non-­‐ profit with the mission of improving the cyber security posture of New Zealand It is a collabora@ve effort based on mutual trust of it’s members
  • 5. April 7th 2014 – What happened • Note – it was already April 8th in NZ • An NZITF member posts to our list – ‘hey -­‐ is this a thing?’ • And then the interna7onal media and mailing lists start to ‘light up’ • On and off list discussion……
  • 6. Later that day….. • Gov’t agency – “we are assessing it now” (We are from the Government and we’re here to help) • Then………
  • 7. 24 hours later… • Morning of April 9th in NZ – s7ll nothing from Gov’t or (surprisingly) any local media a_en7on • NZITF Board member (eventually) says this is F*$%#D – we have to stand up a response
  • 8. NZITF Gets Busy…… • Plough through what is out there • Open a conf call to get members involved and assess the scale etc • Use member’s media/comms teams to alert the Media (but manage their story) • Get the right (simple) advice out • Establish that the NZITF site is the defini7ve source for NZ on this
  • 9.
  • 10. Test page and scanning • Get our own Test page up and start scanning for unpatched sites in NZ……. • STOP……..
  • 11. Sec@on 252 -­‐ Accessing computer system without authorisa@on Every one is liable to imprisonment for a term not exceeding 2 years who inten7onally accesses, directly or indirectly, any computer system without authorisa7on, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.
  • 12. Avoiding Jail…. • Linked to Qualys Test • Shared details about who had patched • Follow up advice and media • Ongoing discussion about the law • One NZ MSSP stated that within first 48 hours 40% of their customer base had been scanned for Heartbleed
  • 13. During this…… • Tech company with a large customer base: “First 9me I have ever been truly pleased about being a MicrosoA stack company” “we will publish a “we were not affected” statement” ………..some9me later……. • Where’s your ‘not affected’ statement? “I just finished checking with our vendors and suppliers!”
  • 14. So much Heartbleed! • Open SSL everywhere and these are the first guys to do a decent code review……..
  • 16. Improving the cyber security posture of New Zealand