Sneaky people talking about sneaky things... It's sneaky!
June 24th, 2009 --
In this episode of RB2 you'll hear a keynote from the Shaka Con security conference in Hawaii. BT security consultant Luck McComie discusses various methods of getting around corporate defences, both physical and digital. The talk is about corporate espionage, and it's well presented. Luke is a senior staff member (goon) at the DEFCON Security Conference and also contributes to several computer security organizations including the r00tcellar Security Team, 303 and Security Tribe.
Australian government Minister for the Digital Economy Stephen Conroy joins Risky Business...
June 19th, 2009 --
This week's show is a cracker -- we have a very special guest, Senator Stephen Conroy. The senator is Australia's Minister for Broadband, Communications and the Digital Economy and I caught up with him in Sydney last week to get his take on what he feels the role of government is when it comes to IT security.
Company dodges tough questions on response to fraud...
June 17th, 2009 --
As users of Australia's real estate website are being fleeced for thousands of dollars in a Western Union money transfer scam, the company has circled the wagons and is refusing to make a spokesperson available for interviews. Fraudsters are placing fake rental property listings for affordable apartments on the Domain site. Upon contacting the purported landlord, would-be renters are instructed to transfer money offshore in exchange for apartment keys that will never arrive.
Documentation for Centrelink's home-baked protocol "lacking"...
June 11th, 2009 --
This week's episode is hosted by Vigabyte and brought to you by Tenable Network Security. On this week's show we're looking back at an issue we covered a little while ago: PLAID. No, not the oh-so-groovy pattern, but Centrelink's home-baked authentication protocol. PLAID is a contactless smart card authentication protocol designed by Australia's welfare agency and released a couple of months ago. They're hoping to have it recognised as an ISO standard, but not everyone's convinced that's a good idea.
Nir Zuk knows stuff about stuff. Seriously.
June 4th, 2009 --
This week's show is hosted by Vigabyte and brought to you by Sophos. On this week's show we chat to an industry pioneer, Nir Zuk. He's widely credited as the creator of the first stateful inspection firewall. These days he works for the company he founded, Palo Alto Networks. We're chatting to Nir about his thoughts on security technologies -- everything from firewalls to IDS to DLP.
No more dollar-for-dollar funding on critical infrastructure testing from July 1...
June 3rd, 2009 --
The Attorney General's Department has confirmed it will cease its dollar-for-dollar subsidy of security testing services for companies operating "critical infrastructure" from July 1. The Computer Network Vulnerability Assessment program was designed to "to help organisations that own or manage critical infrastructure test the security of their computer networks and systems". To date, 32 CNVA projects have been approved with 30 projects proceeding.
No matter how much bad stuff happens on the Internet, we can't scare away the punters...
June 1st, 2009 --
No matter how hard we try, it's proving hard to steer ordinary people away from the Internet with spooky threat stats. Despite mounting risks on an information superhighway jammed up with malware, 419 scams, phishing and credit card fraud, the number of 'net users is still growing rapidly. All the way back in 1998, America's National Institute of Standards and Technology (NIST) categorised and analysed 237 computer attacks. The results of that analysis revealed such pearls as: 3 percent of the attacks enabled web sites to attack site visitors
How to pwn three letter agencies with Maltego...
May 29th, 2009 --
This week's episode is hosted by Vigabyte and brought to you by Check Point software. This week you'll be hearing an interview with Roelof Temmingh, the creator of Maltego. Maltego is seriously cool software that you'll probably want to have a play with. Roelof joins the podcast to talk about how you'd use his softeware to pwn a three letter agency.
AusCERT speed debate becomes hilarious, pseudo performance art farce...
May 27th, 2009 --
This speed debating panel from AusCERT's 2009 conference was loltastic. It takes about 15 minutes to really get going, but stick with it. Risky Business regulars Peter Gutmann and Paul Ducklin participated in this panel, as did host Patrick Gray. The debate was hosted by James O'Laughlin, who's probably best known in Australia as the host of the New inventors television program. He's a terrific moderator.
Geekonomics author David Rice "gives good con"...
May 27th, 2009 --
The following is a recording of David Rice's talk at AusCERT's 2009 conference. David is a sensational public speaker. Risky.Biz actually podcasted his keynote from the GovCERT conference in the Netherlands last year. This talk is similar, but sufficiently different to warrant posting here. David is best known as the author of Geekonomics: The Real Cost Of Insecure Software, and a consultant with Monterey Group. Enjoy!
Karl Hanmore packs his UNIX beard and heads stateside...
May 25th, 2009 --
AusCERT's operations manager Karl Hanmore has resigned from the organisation to take up a position with Microsoft in the USA. Hanmore joined AusCERT in 2005 following a five-year stint as the IT security manager of the Bank of Queensland. His new job at Microsoft, where he will be dubbed a senior security strategist, will see him pack his bags and move to Redmond.
Is that Facebook friend of yours real?
May 25th, 2009 --
The following audio is an excerpt from Maltego creator Roelof Temmingh's AusCERT presentation. Maltego is a very interesting bit of information visualisation software. If you haven't heard of it, check it out. We've all heard the saying that we all leave digital footprints on the web. Well, in this part of his talk Roelof talks about creating false footprints, or false online identities. It's seriously interesting stuff and not the sort of thing that you normally hear about at a security conference. We'll be posting an interview with Roelof at some point also.
How easy is it to recover data from your iPhone?
May 25th, 2009 --
In this recorded AusCERT presentation you'll hear Forward Discovery's Steve Whalen discussing forensic techniques for the iPhone. This is VERY niche stuff, mostly of interest to forensics guys and gals. That said, a lot of security people use iPhones so some may be interested to know what sort of techniques apply to a device they carry. Enjoy!
Hopes new template will help ISVs write more secure code...
May 25th, 2009 --
Our coverage of AusCERT's 2009 conference is sponsored by Microsoft, and so we're doing these sponsored interviews about Microsoft stuff. But that's ok, because it's all interesting! In this interview with Microsoft's Secure Development Lifecycle big kahuna, Steve Lipner, we discuss the company's decision to release an SDL template for Visual Studio that allows third party developers to use Microsoft's SDL workflow. It will hopefully mean fewer bugs in non-Microsoft Windows apps sometime in the future!
Peter Gutmann gives good con...
May 20th, 2009 --
The computer security industry has sometimes been compared unfavourably to the fashion industry, putting up flamboyant defences where it doesn't make any difference while paying no attention to the open barn door behind the curtain. Why do we allow three retries for passwords instead of two, or four, or thirty-eight? How effective are SSH fingerprints? And how's the ol' PKI thing doing?
Windows 7 gets some new security features...
May 20th, 2009 --
In this sponsored podcast from AusCERT's 2009 conference, Microsoft's Jeff Alexander discusses the features of Windows 7 that are likely to be of interest to security pros. DEP, BitLocker portable, AppLocker, UAC changes, the lot. Enjoy!
Fraudsters identify Australia as a soft target...
May 20th, 2009 --
International criminal syndicates are using stolen UK credit card data in Australia because it is yet to adopt modern transaction security measures. Cybercrime analyst Kimberly Zenz, of US-based firm iDefense, says the adoption of the EMV chip and pin credit card security standard in Europe means criminal syndicates are having difficulty using stolen card data there. But the same European card information can be used to rip off Australian merchants because the extended authentication made possible by EMV is unavailable here.
DDoS attacks a part of the Russian business landscape...
May 20th, 2009 --
Regular Risky Business guest Kimberly Zenz is in Australia for AusCERT and we caught up with her at the conference for this interview. We asked Kimberly about what she's been focussing out of personal and professional interest. Enjoy!
Phreaking's catching up. Scott McIntyre joins RB to explain how.
May 20th, 2009 --
Scott McIntyre of Dutch ISP XS4all talks to Risky Business about his battle against VoIP fraudsters. Between high-toll fraud and calling card scams, there's a number of ways fraudsters can turn your VoIP gateway into a source of cash for them, and misery for you.
A history of phone forensics and predictions for the future
May 19th, 2009 --
ASI Solutions Executive Manager of IT Security Services, Andrew Rourke, discusses mobile phone forensics -- a history, and the future. Enjoy!