Are cyber cartels just... cartels?
September 4th, 2009 --
This week's episode is sponsored by Check Point software. On this week's show we're chatting to Alastair MacGibbon of Surete Group. He was the Australian Federal Police Agent who established the multi-jurisdictional Australian High Tech Crime Centre back in 2003. He was with the AFP for 15 years and spent the majority of his policing career working in drug enforcement. That included investigating criminal drug syndicates. He'll be along this week to dispel some of the current theories doing the rounds about online criminal activity.
When trivial bugs do the Power Rangers thing...
September 4th, 2009 --
Risky Business two is brought to you exclusively by Symantec, so big thanks to the team over there for making this podcast possible! In this week's special interview you'll hear Paul Craig discussing Web application vulnerability chaining with Mark "Pipes" Piper. Chaining is basically combining a whole bunch of trivial bugs into something quite critical. Paul did this interview at New Zealand's OWASP day.
List of 0day in Vulndisco's exploit pack gets an airing...
September 3rd, 2009 --
InteVyDis has released a list of exploits included in its VulnDisco exploit pack for CANVAS. It makes for pretty interesting reading. There are 211 exploits on the list, with 117 of them described as confirmed 0day. You can find the list here. As far as Risky.Biz is aware, these guys do not contact vendors and give them details on 0day they acquire. While to most that would seem the right thing to do, it's directly opposed to InteVyDis' commercial interests.
Arbor Networks manager of security research Jose Nazario joins Risky.Biz...
August 27th, 2009 --
This week's show is sponsored by Microsoft and hosted by Vigabyte virtual hosting. On this week's show we chat with Jose Nazario, the manager of security research for Arbor Networks. Jose is joining us to talk about the latest trends in botnet C&C. Apparently, using IRC is sooooo 2005 these days... We also talk to Stuart Strathdee from Microsoft in this week's sponsor segment. In it, we discuss alleged criminal mastermind and all round badass Albert "The SoupNazi" Gonzalez. Will his capture and prosecution be a deterrent or an inspiration to fraudsters?
World first "mathematically verified" microkernel. Whoah.
August 21st, 2009 --
This week's edition of Risky Business is brought to you by Sophos and hosted by Vigabyte virtual hosting. On this week's show we chat with Professor Gernot Heiser. He's the chief Technology Officer of OK-Labs, or Open Kernel Labs. The company makes software for embedded systems, and recently NICTA -- that's a government funded technology R&D lab -- has claimed to have mathematically verified one of the OK-labs kernels as being mathematically perfect. No buffer overflows. No null pointer dereferences. No divide by zeros. The Prof stops by to explain what this all means.
NoScript will not save you from Roberto and Nick's uber-cool technique...
August 21st, 2009 --
In this special interview you'll hear our New Zealand correspondent Paul Craig interviewing Security-Assessment.com's Roberto Suggi Liverani and Nick Freeman discuss their research into exploiting Firefox extensions. These guys were doing a review of a large web application and evaluation of a related firefox extension was in scope.
National two factor authentication scheme collecting dust...
August 14th, 2009 --
On this week's show we're chatting with CEO of Australia's Internet Industry Association, Peter Coroneos. Peter led the charge for a National 2FA scheme many years ago... it hasn't quite gotten off the ground yet, but Peter joins us shortly to discuss the scheme, how it got started and why it hasn't really gone anywhere yet.
Kevin Hogan gives his take on the current state of the badness...
August 14th, 2009 --
In this month's sponsored podcast here on Risky Business 2 we're chatting with Symantec's Senior Director of Global Security Response Operations Group, Kevin Hogan, about quite a few things. We'll be talking about the standardisation of many forms of malware, weaknesses in the packers the bad guys are using -- that's interesting -- and heaps of other stuff around online threats.
Recorded talk from OWASP day NZ...
August 7th, 2009 --
In this presentation from New Zealand's OWASP day, you'll hear Lateral Security's Nick Von Dadelszen describe testing methods for Web services. Unfortunately he does some demonstrations that don't really translate well via audio, but if this is already an area of interest to you, then you'll still find it valuable.
Web application security gets attention, the same cannot be said for Web services security...
August 7th, 2009 --
In this interview, you'll hear Risky.Biz's New Zealand correspondent Paul Craig discuss Web services security with Lateral Security's Nick Von Dadelszen. We all hear a lot of talk about web application vulnerabilities, and not much at all about web services problems. The result is a lot of web services are wide open.
Can we combat fraud online and stay anonymous?
August 7th, 2009 --
Sydney's inaugural eCrime Symposium kicked off on Tuesday, and Risky Business was there with an audio recorder. We recorded this panel discussion while we were there and decided it'd make a good podcast. The speakers are Rachel Dixon, who's a technology executive here in Australia for online media group Viocorp, as well as being the deputy chair of consumer group Choice, Phil Argy, the head of the Technology Dispute Centre, and Sean Richmond from Sophos. The panel was hosted by Nigel Phair.
McAfee's Asia Pacific President believes genies can be put back in bottles...
July 30th, 2009 --
Readers of the Risky.Biz website would have heard by now that McAfee accidentally leaked the full contact information of 1400 registrants for its strategic security summit that was held in Sydney on July 17. McAfee's Asia Pacific President Steve Redman is this week's feature guest -- he joined the program to face the music for that one.
Faces are as red as the company logo at McAfee HQ today...
July 29th, 2009 --
Security software maker McAfee has accidentally e-mailed the full contact details of 1,400 IT security professionals to an unknown number of recipients. The marketing spreadsheet contained the full names, titles, organisation names, phone numbers and e-mail addresses of all who had registered for or attended the company's recent Strategic Security Summit on July 17 in Sydney.
Analysis of spyware pushed by UAE-based carrier onto Blackberrys
July 23rd, 2009 --
This week's show is hosted by Vigabyte and sponsored by Sophos. You'll hear from Sophos's Paul Ducklin later on in the show in this week's sponsor interview. This week's feature interview is with Chris Eng of Veracode, and we'll be chatting about his analysis of a nasty bit of blackberry spyware that was pushed out to all blackberry users on UAE-based carrier Etisalat. And of course we're joined by Adam Boileau for a discussion of the week's news.
Don't want the TSA looking in your luggage? Pack heat! USA! USA!
July 23rd, 2009 --
This is the final of our podcast series recorded at Shaka Con. From next week on RB2 you'll hear reports prepared by our roving reporter Paul Craig on location at New Zealand's OWASP day. Shaka Con is a hacker conference held annually in Honalulu, Hawaii, and as you'll hear, the conference didn't limit itself to digital security. Lock picking aficionado Deviant Ollam was there to give a talk all about locks and curiously, how to fly with locked luggage.
Domain.com.au lies and says it first heard of rental scam two weeks ago...
July 23rd, 2009 --
After two months of its customers being ripped off blind by African criminals, real estate website Domain.com.au has discovered that merely publishing a new Website security policy isn't enough to magically solve the complex problem of rampant online fraud.
New Ncat utility could replace netcat...
July 17th, 2009 --
A new version of nmap has just been released by its creator, Gordon "Fyodor" Lyon, who describes it as the software's "most important release since 1997". The new package, nmap 5.0, includes Ncat, billed as a "a much more advanced and modern reimplementation of the beloved Netcat". Also included is Ndiff, which is designed to portscan networks and alert administrators to changes.
Naughty people doing bad things with evil technology...
July 14th, 2009 --
On this week's show we're joined by semi regular guest Adam Pointon. Adam's the CSO for a financial services company, so he has a fair bit of insight into both security technology and market-based technology. You may have heard by now that investment bank Goldman Sachs has claimed its trading algorithm has been stolen by one of its developers. Why is this a big deal? How would possession of that algorithm be advantageous to an attacker? Adam joins the show to tell us.
Panel of high-profile experts comes together in Sydney...
July 13th, 2009 --
F-secure flew its chief research officer, Mikko Hypponen, out to Australia last week to meet the press. The company hosted an event -- the F-Secure Future of the Digital Economy Forum -- and invited a bunch of very interesting panellists to discuss the state of information security today. They asked Risky Business to moderate and record the session. The panellists were: Mikko Hypponen, chief research officer, F-Secure Graham Ingram, managing director of AusCERT
The emergence of sophisticated ATM malware in Belarus could spell trouble for English speaking countries...
July 13th, 2009 --
If you were an Eastern European ATM, you would be feeling nervous at the moment, and rightfully so. First, Diebold warned Russian banks about malicious code installed their machines last January. Then in May, Trustwave reported on malware found on 20 ATMs in Russia and Ukraine, the earliest of which was first infected almost exactly two years ago, and which has been improved at least 16 times since then. Now Belorussian ATMs face another wave of malicious code, infecting what appears to be a high number of ATMs in urban areas.