Scott's always good for a laugh!
May 18th, 2011 --
You're about to hear a full presentation recorded at the AusCERT conference. Scott McIntyre is a recent immigrant to Australia... he used to work for XS4all in the Netherlands, but these days he works as the Senior Technology Architecture Specialist in Security Operations for Telstra in Melbourne. His presentation is all about his views though, not those of Telstra. Disclaimer. Etc.
What is hip... tell me tell me if you think you know...
May 18th, 2011 --
Our coverage of the conference is brought to you by the fine folks at Microsoft -- without their support, there would be no AusCERT podcasts, so big thanks to MS!
It's all just a bit out of control...
May 18th, 2011 --
Well, hasn't this been an interesting AusCERT... If you haven't heard by now, Fairfax IT journalist Ben Grubb was briefly detained by QLD police yesterday afternoon in connection to a BSides Australia security presentation delivered on Sunday. The presentation, by Christian Heinrich, demonstrated a brute-force attack against Facebook's Content Distribution Network. I didn't see the presentation myself, but the long and short of it is the vulnerability demonstrated allows the attacker to obtain Facebook users' private photos. So how did the police become involved?
Where's the BeEF, chief?
May 16th, 2011 --
In this interview we're chatting with Wade Alcorn. By day he's NGS Security's general manager for Asia Pacific, but by night he's out there maintaining BeEF -- the browser exploitation framework. If you haven't heard of beef it's a very cool tool. If you can get someone to load it into your browser, either by them visiting a site you control directly, or alternatively through some sort of cross site scripting bug, then you can get the browser to do all sorts of stuff for you -- like portscan the victim's LAN, attack JBOss servers and stuff like that.
Is Smart Grid security stupid?
May 16th, 2011 --
This podcast is an AusCERT talk by Ian Appleby. He's the Information Security Manager at Endeavour Energy and he's responsible for the security of its Corporate and SCADA Systems. The talk is on Risk Management in a Smart Metering Environment.
Man of mystery joins Risky Business...
May 16th, 2011 --
In this interview we hear from Tim Hudson, an independent cryptography dude, who, as you'll hear, may or may not have worked on Queensland's Smart Card drivers license project. Absurdly, on legal advice, he can't actually tell us if he worked on that project. There were mutterings in the Queensland state parliament some time ago about a project consultant criticising the rollout... the minister responsible also said something about the department exploring legal options to shut said critic up. Geez, I wonder if it was Tim?
He didn't write Stuxnet. Honest.
May 16th, 2011 --
You're about to hear a presentation by Jason Larsen, a security researcher at the Idaho National Laboratory. The INL is run by the US Department of Energy and is home to the National SCADA Testbed (NSTB) and the Industrial Control System CERT(ICS-CERT).
Comedian and ID theft victim Bennett Arron entertains at AusCERT...
May 16th, 2011 --
You're about to hear an excerpt from the opening keynote from the AusCERT conference by comedian Bennett Arron. Several years ago Bennett Arron was in serious debt. He owed thousands of pounds to mobile phone companies, catalogues and department stores. But it wasn’t him! As it turned out, he was a victim of Identity Theft. Years later, he wound up writing a comedy show about his experience... he eventually directed and presented a Documentary for Channel 4 called How To Steal An Identity. In it he actually stole the identity of the then Home Secretary, Charles Clarke.
Google's Parisa Tabriz joins the show...
May 13th, 2011 --
This week's show was cut together from Johannesburg, South Africa! In it we discuss Google's latest bug bounty initiative -- they're not just offering cash for bugs in software products, these days they're also offering cash for bugs in their online properties. Got an auth bypass for Gmail? Ka-ching! This week's show is brought to you by Astaro. Jack Daniel of Astaro joins us to talk about restricting certain content types from SOEs. Do we really need Flash in our operating environments anymore? Can we just drop it and gain some security?
Advanced Persistent Recreation?
April 28th, 2011 --
This week's show is a bit shorter than usual. We'll check in with Adam Boileau to discuss the week's news headlines and catch up with Tenable Network Security CEO Ron Gula in this week's sponsor interview. Between those two we cover the Playstation Network hack, the kidnapping of Ivan Kaspersky, Microsoft's decision to coordinate the disclosure of vulnerabilities in non-MS products and much, much more!
THAR SHE BLOWS: Verizon Business releases its latest data breach investigation report...
April 21st, 2011 --
On this week's show we're taking a look at Verizon Business Security Solutions' annual Data Breach Investigation Report. We'll be joined by both Bryan Sartin for a global perspective on the report, and by his Australian counterpart Mark Goudie, who'll give us a local perspective. You can have a squiz at the report here.
Joanna Rutkowska and crew release new Linux distro...
April 18th, 2011 --
This is something I haven't seen picked up much by the tech press writ large: Invisible Things Lab, headed by Joanna Rutkowska, has released a new Linux distro called Qubes. UPDATE: Qubes has been around in alpha form for a bit, but this is the first beta release...
Brian Snow joins the show to smacktalk risk-based security...
April 15th, 2011 --
This week's show is a doozie! We're joined by Brian Snow to discuss risk-based security. Brian, who was the technical director of information assurance for the NSA in the US, recently contributed to a security review of US Department of Energy Nuclear Weapons Facilities. (You can download the unclassified version of the report here for free with registration.) The review sought to understand if Probabilistic Risk Assessment (PRA) methodologies could be used to improve the cost effectiveness of the DoE's security.
Winners in Australia's technology media awards announced...
April 11th, 2011 --
Risky Business has been judged Australia's Best Technology Audio Program for a second year in a row. The Lizzies, Australia's awards for technology journalism, are run by media services company MediaConnect, with each gong judged by a panel of three technology journalists. Risky.Biz edged out entries from Sydney-based radio station 2GB, CNet/ZDNet and others. Big thanks to the listeners, sponsors, guests and everyone who's helped out since the podcast launched back in early 2007.
All about pcapr.net...
April 8th, 2011 --
Episode 190 of the Risky Business podcast is brought to you by our good buddies at Astaro. Astaro's Jack Daniel joins us in this week's sponsor interview to talk about the evolution of firewalls. We try to predict what they're going to look like, five or ten years out. No surprises for guessing convergence is going to be a big thing. In this week's feature interview we chat with Kowsik Guruswamy of muDynamics about a project his company kicked off called pcapr.net
MySQL next on the pwnz0riz3d list...
March 31st, 2011 --
This week's show is brought to you by NetWitness. The minting of some dodgy SSL certificates has the whole security world in a bit of a tizz, but this week's feature guest thinks much of the resulting media coverage is missing the point. Why are browsers designed to make Boolean trust decisions? Why do they completely trust CA issued certs? Peter Gutmann of the University of Auckland joins me to discuss. Adam Boileau pops in for the week's news, as always.
Attacks undermine confidence in RSA, Comodo...
March 25th, 2011 --
On this week's show we're mostly focussing on news! It's been a massive week in news -- we've had AT&T users' Facebook data being re-routed through China, we've had more speculation on the RSA hack, Comodo has been busted dishing out trusted SSL certificates for gmail.com to a box in Iran, there's a stack of SCADA 0day being dropped, there's people going to prison, giant rats eating entire data centres.... ok, well I made the last bit up, but the rest of it, if you can believe it, is true!
Plus much, much more...
March 18th, 2011 --
It's episode 187, the homicide edition, and RSA conveniently falls victim to a drive by. Thanks guys! This week's show is a ripper. We've got two feature guests -- Kimberly Zenz of iDefense and Paul Ducklin of Sophos. We talk about everything from recent disinformation and social media manipulation campaigns in the Middle East and Belarus, the breach of RSA by parties unknown wielding those mysterious "APTs". Allegedly.
More LIGATT shenanigans...
March 16th, 2011 --
Well it's official. I've made it: Gregory D Evans has ripped off my work! Risky.Biz's pal Jericho from Attrition.org recently drew my attention to a book published by Evans and LIGATT Publishing called "Hi-Tech Hustler Scrapbook". From what I can tell, it's just a collection of news and feature articles written by other people. Three of my articles from years ago made it into Evans' "scrapbook": "Cyber Terrorism 'Merely a Theory'," November 11, 2003, ZDNet Australia "Beware the Crime Lords of the Internet," May 31, 2005, The Age
Is chip and PIN really broken?
March 11th, 2011 --
This week's show is jam-packed! We'll be chatting with Andrea Barisani about a presentation he did with Daniele Bianco at CanSecWest this week. They're both from Inversepath, and the title of their talk was "Chip and PIN is definitely broken". Is it? Find out after the news. Also this week we chat with CSO Adam Pointon. What can you do when your executives want to use their iPad or other mobile device on your network? Is it possible to create a security policy for consumer devices on your network? Well, yeah, it is, as it turns out.