Arbor Networks' Scott Crane has a chat...
May 19th, 2014 --
Scott Crane is Arbor Networks product manager for its Pravail line of big data security analytics division. Scott was a part of the original PacketLoop team -- PacketLoop was an Australian start up that created some pretty impressive big data security analytics technology. It was so impressive that it wound up being acquired by Arbor Networks and is now sold under the Pravail brand.
May 16th, 2014 --
In this interview we're chatting with Neal Wise of Don't let the accent fool you, Neal is based in Melbourne and has been for as long as I can remember, and he did a great talk here at the AusCERT conference called Hacking the Gibson, which was all about pwning supercomputers. I warn you in advance that there are a few references from the movie Hackers in this interview... sorry about that... HACK THE PLANET!! .... but yeah, Neal has been doing some work involving supercomputers and I decided to interview him about them. They make excellent bitcoin mining boxes!
Peter Gutmann's plenary session from AusCERT 2014...
May 16th, 2014 --
You're about to hear a recording of Peter Gutmann's speech here which is all about crypto. Well, it's sort of about crypto. With newspapers filled with stories about the NSA subverting crypto standards, Peter asks us whether that really matters. Why would an attacker bother breaking crypto when they can just bypass it? Peter is well positioned to do this talk. He's a researcher in the Department of Computer Science at the University of Auckland and works on the design and analysis of cryptographic security architectures and security usability.
Arbor Networks' Marc Eisenbarth talks DDoS...
May 16th, 2014 --
This is a sponsor interview with Marc Eisenbarth, Arbor Networks' security architect and the manager of research for its Arbor Security Engineering and Response Team (ASERT). I spoke to Mark about the massive influx of NTP-based DDoS traffic we've seen this year. Can we expect attackers to move on to other protocols and services like SNMP and Chargen? He thinks so. But it's not until we start seeing SNMP-based DDoS capabilities built into generic malware that we'll really have big problems.
Matt reads Twitter so you don't have to...
May 16th, 2014 --
You're about to hear my interview with Matt Jones, a security consultant who runs a small outfit named Volvent. He's been working on a very interesting side project for a couple of years now. Essentially it's a social media analyser that identifies sources of high-quality information. Users can tap in a keyword and drill through the conversations on social media that actually matter -- the conversations that influence the influencers. The project was born of Matt's desire to never have to log in to Twitter again.
Get your SOE builds right, folks...
May 16th, 2014 --
This is a sponsor interview with Kate McInnes of Datacom TSS. Kate is ex-DSD and currently serves as a principal consultant with Datacom TSS in Perth. She's been doing a bunch of work with a bunch of different organisations on preparing them for the looming G20 summit in Brisbane. What do the threats look like? Where are they coming from? And what can be done about them?
What does a military cyber-lawyer think of what's happening in the civilian world?
May 16th, 2014 --
You're about to hear an interview I recorded with Bob Clark. He currently teaches law at the US Naval Academy, but he's been doing military law for a long time, even serving as the operational attorney for the US Army Cyber Command at one point. I posted his talk yesterday... he touched on the Weev vs AT&T trial in that and I thought it would be interesting to get his perspective on the CFAA, precisely because it's not the sort of thing he normally concerns himself with. He has less of an agenda than a defence attorney or a prosecutor.
Is state control faltering?
May 15th, 2014 --
Our coverage continues now with an interview I recorded with Olivia Maree and Dave Jorm. Olivia holds a law degree and just finished a six month stint as a community manager with BugCrowd… Dave Jorm studies geology and mathematics at UQ and has worked in the software industry for around 14 years.
The “other Ed” words it up...
May 15th, 2014 --
This is a recording of Ed Felton’s plenary session from AusCERT 2014. Ed Felton is a professor of computer science and public affairs at Princeton’s centre for information technology policy. From 2011 to 2012 he was the first Chief Technologist for the Federal Trade Commission. He’s a very well known and highly regarded researcher and academic and he spoke at AusCERT on security in a surveilled world.
But it’s not all good news…
May 15th, 2014 --
In this sponsor podcast we hear from FireEye’s APAC CTO Bryce Boland about the effect next generation antimalware gear is having on the modus operandi of sophisticated attackers. The possibility of burning their sweet, sweet 0days is actually turning some attackers away from well-resourced targets and towards secondary targeting; attacking their targets' partners and suppliers.
Bob Clark returns to AusCERT…
May 15th, 2014 --
PRESENTATION: When is a cyberwar (drink!) a cyberwar (drink!)? Bob Clark returns to AusCERT… This is a recording of a presentation by Bob Clark, who these days teaches at the US Naval Academy. He has a long history as a department of defence lawyer including a stint as the counsel for the US Army Cyber Command. In this talk Bob covers some ground he has covered before -- looking at when an online action represents an act of war under the laws of armed conflict -- but also takes a look at some legal cases in the civilian world involving the CFAA.
10 years on and Oracle’s report card still lacking…
May 15th, 2014 --
David Litchfield is a very well known researcher in the field of database security. He’s been at it for over a decade, and managed to be a permanent pain in Oracle’s neck since he first started dropping database 0day a million years ago. So I asked him what has changed in the field of database security. Has Oracle improved its procedures?
Dude doesn’t dig on the Google...
May 15th, 2014 --
We’re going to kick things off with a recording of the opening keynote from the conference... this talk is by Felix "FX" Lindner of Recurity Labs. Felix is a very well known hacker and researcher, and his talk is titled we come in peace, they don’t. As you’ll hear, he’s not exactly Google’s number one fan. Here he is, I hope you enjoy it!
All your remotes are belong to Silvio...
May 9th, 2014 --
On this week's show we're chatting with Silvio Cesare about his new pastime of messing around with home alarm systems, garage door remotes and car immobilisers. How secure do you think your little key ring transmitters are? Well, not very. But the interesting thing is, the tools that you need to crack these things are now very cheap -- could we see thieves roaming the streets with software defined radios, opening up your neighbourhood's garages? Tune in to find out
Get your links here!
May 9th, 2014 --
This week's show features an absolutely killer new track from Pilots. You can download it for free using the Triple J Unearthed link provided.
Charlie makes a good argument for driving a classic...
May 2nd, 2014 --
On this week's show we're chatting with security researcher Charlie Miller about the work he's been doing with Chris Valasek on hacking cars. It's fun stuff, but yeah, it might make you want to go back to driving an older car. This week's show is sponsored by BugCrowd. We've got a great interview with BugCrowd founder and CEO Casey Ellis about a really, really interesting little case study he went through involving a random bug-hunter who'd tried blackmailing a BugCrowd client. The solution they came up with was ingenious and spectacularly lulzy.
Links, music and more!
May 2nd, 2014 --
Show notes for episode 320 of Risky Business! Get all your links here!
April 24th, 2014 --
This week's show is brought to you by Adobe! Big thanks to Adobe for making this week's show possible. And we've got an... err... *interesting* program for you this week... we'll be chatting with Andrew Auernheimer, aka weev, about the recent appeal victory that saw him out of prison after 14 months inside. Is he going to pull his head in after his scrape with the law? He says no way!
Moar sigh...
April 24th, 2014 --
Here's a pile 'o links for you.
Risky Business pre-Easter edition!
April 17th, 2014 --
It's a four day week this week and a four day next week so I'm afraid I couldn't organise feature interviews for both, so this week you're getting an extra long news section and a sponsor interview!