Twitterganda is all the rage these days. I read about it. On Twitter.
June 26th, 2009 --
This week we're taking a look at the technology angle to this whole mess in Iran. We'll be chatting with Arbor Networks chief scientist Craig Labovitz about the filtering the government is doing over there, then we'll be checking in with Roelof Temmingh of Paterva. Paterva makes Maltego, the open source intelligence tool that many people are using to analyse various aspects of information flow in Iran-- including the spread of propaganda via Twitterbots.
If you think you're clever for avoiding social networking sites, think again, writes Maltego creator Roelof Temmingh...
June 25th, 2009 --
Years ago a friend told me I should have a blog and be on Facebook. To my eyes Facebook just looked like a badly organized dating club, and the idea of having to fire regular musings out into cyberspace via a blogocannon has never appealed. Figuring I was just too lazy to sign up for these services, my dear friend offered to register me anyway and just give me the passwords. Being a Google fanboy, he could sign me up as roelof.temmingh on Gmail and connect my newly created Facebook profile to that email account. That got my attention.
RB2 reporter Paul Craig makes his debut...
June 24th, 2009 --
In this interview Risky.Biz reporter Paul Craig talks to BT security consultant Luke McComie about corporate espionage. Luke presented a keynote on the topic at the Shaka Con conference in Hawaii. Throughout that presentation we heard how corporations don't adequately secure their physical environments, and this can lead to some pretty nasty consequences as far as information leakage goes. We heard Luke tell some war stories about slipping past security guards in that one.
Symantec Security Response Director Vincent Weafer talks malware and spam trends...
June 24th, 2009 --
This podcast entirely consists of a sponsored interview with Symantec's director of Security Response, Vincent Weafer. We're absolutely stoked to have Symantec on board -- with them sponsoring we now have the means to expand what we can offer you on Risky.Biz. Thanks to this relationship you'll be hearing regular podcasts from our new RB2 reporter, Paul Craig.
Sneaky people talking about sneaky things... It's sneaky!
June 24th, 2009 --
In this episode of RB2 you'll hear a keynote from the Shaka Con security conference in Hawaii. BT security consultant Luck McComie discusses various methods of getting around corporate defences, both physical and digital. The talk is about corporate espionage, and it's well presented. Luke is a senior staff member (goon) at the DEFCON Security Conference and also contributes to several computer security organizations including the r00tcellar Security Team, 303 and Security Tribe.
Australian government Minister for the Digital Economy Stephen Conroy joins Risky Business...
June 19th, 2009 --
This week's show is a cracker -- we have a very special guest, Senator Stephen Conroy. The senator is Australia's Minister for Broadband, Communications and the Digital Economy and I caught up with him in Sydney last week to get his take on what he feels the role of government is when it comes to IT security.
Company dodges tough questions on response to fraud...
June 17th, 2009 --
As users of Australia's Domain.com.au real estate website are being fleeced for thousands of dollars in a Western Union money transfer scam, the company has circled the wagons and is refusing to make a spokesperson available for interviews. Fraudsters are placing fake rental property listings for affordable apartments on the Domain site. Upon contacting the purported landlord, would-be renters are instructed to transfer money offshore in exchange for apartment keys that will never arrive.
Documentation for Centrelink's home-baked protocol "lacking"...
June 11th, 2009 --
This week's episode is hosted by Vigabyte and brought to you by Tenable Network Security. On this week's show we're looking back at an issue we covered a little while ago: PLAID. No, not the oh-so-groovy pattern, but Centrelink's home-baked authentication protocol. PLAID is a contactless smart card authentication protocol designed by Australia's welfare agency and released a couple of months ago. They're hoping to have it recognised as an ISO standard, but not everyone's convinced that's a good idea.
Nir Zuk knows stuff about stuff. Seriously.
June 4th, 2009 --
This week's show is hosted by Vigabyte and brought to you by Sophos. On this week's show we chat to an industry pioneer, Nir Zuk. He's widely credited as the creator of the first stateful inspection firewall. These days he works for the company he founded, Palo Alto Networks. We're chatting to Nir about his thoughts on security technologies -- everything from firewalls to IDS to DLP.
No more dollar-for-dollar funding on critical infrastructure testing from July 1...
June 3rd, 2009 --
The Attorney General's Department has confirmed it will cease its dollar-for-dollar subsidy of security testing services for companies operating "critical infrastructure" from July 1. The Computer Network Vulnerability Assessment program was designed to "to help organisations that own or manage critical infrastructure test the security of their computer networks and systems". To date, 32 CNVA projects have been approved with 30 projects proceeding.
No matter how much bad stuff happens on the Internet, we can't scare away the punters...
June 1st, 2009 --
No matter how hard we try, it's proving hard to steer ordinary people away from the Internet with spooky threat stats. Despite mounting risks on an information superhighway jammed up with malware, 419 scams, phishing and credit card fraud, the number of 'net users is still growing rapidly. All the way back in 1998, America's National Institute of Standards and Technology (NIST) categorised and analysed 237 computer attacks. The results of that analysis revealed such pearls as: 3 percent of the attacks enabled web sites to attack site visitors
How to pwn three letter agencies with Maltego...
May 29th, 2009 --
This week's episode is hosted by Vigabyte and brought to you by Check Point software. This week you'll be hearing an interview with Roelof Temmingh, the creator of Maltego. Maltego is seriously cool software that you'll probably want to have a play with. Roelof joins the podcast to talk about how you'd use his softeware to pwn a three letter agency.
AusCERT speed debate becomes hilarious, pseudo performance art farce...
May 27th, 2009 --
This speed debating panel from AusCERT's 2009 conference was loltastic. It takes about 15 minutes to really get going, but stick with it. Risky Business regulars Peter Gutmann and Paul Ducklin participated in this panel, as did host Patrick Gray. The debate was hosted by James O'Laughlin, who's probably best known in Australia as the host of the New inventors television program. He's a terrific moderator.
Geekonomics author David Rice "gives good con"...
May 27th, 2009 --
The following is a recording of David Rice's talk at AusCERT's 2009 conference. David is a sensational public speaker. Risky.Biz actually podcasted his keynote from the GovCERT conference in the Netherlands last year. This talk is similar, but sufficiently different to warrant posting here. David is best known as the author of Geekonomics: The Real Cost Of Insecure Software, and a consultant with Monterey Group. Enjoy!
Karl Hanmore packs his UNIX beard and heads stateside...
May 25th, 2009 --
AusCERT's operations manager Karl Hanmore has resigned from the organisation to take up a position with Microsoft in the USA. Hanmore joined AusCERT in 2005 following a five-year stint as the IT security manager of the Bank of Queensland. His new job at Microsoft, where he will be dubbed a senior security strategist, will see him pack his bags and move to Redmond.
Is that Facebook friend of yours real?
May 25th, 2009 --
The following audio is an excerpt from Maltego creator Roelof Temmingh's AusCERT presentation. Maltego is a very interesting bit of information visualisation software. If you haven't heard of it, check it out. We've all heard the saying that we all leave digital footprints on the web. Well, in this part of his talk Roelof talks about creating false footprints, or false online identities. It's seriously interesting stuff and not the sort of thing that you normally hear about at a security conference. We'll be posting an interview with Roelof at some point also.
How easy is it to recover data from your iPhone?
May 25th, 2009 --
In this recorded AusCERT presentation you'll hear Forward Discovery's Steve Whalen discussing forensic techniques for the iPhone. This is VERY niche stuff, mostly of interest to forensics guys and gals. That said, a lot of security people use iPhones so some may be interested to know what sort of techniques apply to a device they carry. Enjoy!
Hopes new template will help ISVs write more secure code...
May 25th, 2009 --
Our coverage of AusCERT's 2009 conference is sponsored by Microsoft, and so we're doing these sponsored interviews about Microsoft stuff. But that's ok, because it's all interesting! In this interview with Microsoft's Secure Development Lifecycle big kahuna, Steve Lipner, we discuss the company's decision to release an SDL template for Visual Studio that allows third party developers to use Microsoft's SDL workflow. It will hopefully mean fewer bugs in non-Microsoft Windows apps sometime in the future!
Peter Gutmann gives good con...
May 20th, 2009 --
The computer security industry has sometimes been compared unfavourably to the fashion industry, putting up flamboyant defences where it doesn't make any difference while paying no attention to the open barn door behind the curtain. Why do we allow three retries for passwords instead of two, or four, or thirty-eight? How effective are SSH fingerprints? And how's the ol' PKI thing doing?
Windows 7 gets some new security features...
May 20th, 2009 --
In this sponsored podcast from AusCERT's 2009 conference, Microsoft's Jeff Alexander discusses the features of Windows 7 that are likely to be of interest to security pros. DEP, BitLocker portable, AppLocker, UAC changes, the lot. Enjoy!