No matter how much bad stuff happens on the Internet, we can't scare away the punters...
June 1st, 2009 --
No matter how hard we try, it's proving hard to steer ordinary people away from the Internet with spooky threat stats. Despite mounting risks on an information superhighway jammed up with malware, 419 scams, phishing and credit card fraud, the number of 'net users is still growing rapidly. All the way back in 1998, America's National Institute of Standards and Technology (NIST) categorised and analysed 237 computer attacks. The results of that analysis revealed such pearls as: 3 percent of the attacks enabled web sites to attack site visitors
How to pwn three letter agencies with Maltego...
May 29th, 2009 --
This week's episode is hosted by Vigabyte and brought to you by Check Point software. This week you'll be hearing an interview with Roelof Temmingh, the creator of Maltego. Maltego is seriously cool software that you'll probably want to have a play with. Roelof joins the podcast to talk about how you'd use his softeware to pwn a three letter agency.
AusCERT speed debate becomes hilarious, pseudo performance art farce...
May 27th, 2009 --
This speed debating panel from AusCERT's 2009 conference was loltastic. It takes about 15 minutes to really get going, but stick with it. Risky Business regulars Peter Gutmann and Paul Ducklin participated in this panel, as did host Patrick Gray. The debate was hosted by James O'Laughlin, who's probably best known in Australia as the host of the New inventors television program. He's a terrific moderator.
Geekonomics author David Rice "gives good con"...
May 27th, 2009 --
The following is a recording of David Rice's talk at AusCERT's 2009 conference. David is a sensational public speaker. Risky.Biz actually podcasted his keynote from the GovCERT conference in the Netherlands last year. This talk is similar, but sufficiently different to warrant posting here. David is best known as the author of Geekonomics: The Real Cost Of Insecure Software, and a consultant with Monterey Group. Enjoy!
Karl Hanmore packs his UNIX beard and heads stateside...
May 25th, 2009 --
AusCERT's operations manager Karl Hanmore has resigned from the organisation to take up a position with Microsoft in the USA. Hanmore joined AusCERT in 2005 following a five-year stint as the IT security manager of the Bank of Queensland. His new job at Microsoft, where he will be dubbed a senior security strategist, will see him pack his bags and move to Redmond.
Is that Facebook friend of yours real?
May 25th, 2009 --
The following audio is an excerpt from Maltego creator Roelof Temmingh's AusCERT presentation. Maltego is a very interesting bit of information visualisation software. If you haven't heard of it, check it out. We've all heard the saying that we all leave digital footprints on the web. Well, in this part of his talk Roelof talks about creating false footprints, or false online identities. It's seriously interesting stuff and not the sort of thing that you normally hear about at a security conference. We'll be posting an interview with Roelof at some point also.
How easy is it to recover data from your iPhone?
May 25th, 2009 --
In this recorded AusCERT presentation you'll hear Forward Discovery's Steve Whalen discussing forensic techniques for the iPhone. This is VERY niche stuff, mostly of interest to forensics guys and gals. That said, a lot of security people use iPhones so some may be interested to know what sort of techniques apply to a device they carry. Enjoy!
Hopes new template will help ISVs write more secure code...
May 25th, 2009 --
Our coverage of AusCERT's 2009 conference is sponsored by Microsoft, and so we're doing these sponsored interviews about Microsoft stuff. But that's ok, because it's all interesting! In this interview with Microsoft's Secure Development Lifecycle big kahuna, Steve Lipner, we discuss the company's decision to release an SDL template for Visual Studio that allows third party developers to use Microsoft's SDL workflow. It will hopefully mean fewer bugs in non-Microsoft Windows apps sometime in the future!
Peter Gutmann gives good con...
May 20th, 2009 --
The computer security industry has sometimes been compared unfavourably to the fashion industry, putting up flamboyant defences where it doesn't make any difference while paying no attention to the open barn door behind the curtain. Why do we allow three retries for passwords instead of two, or four, or thirty-eight? How effective are SSH fingerprints? And how's the ol' PKI thing doing?
Windows 7 gets some new security features...
May 20th, 2009 --
In this sponsored podcast from AusCERT's 2009 conference, Microsoft's Jeff Alexander discusses the features of Windows 7 that are likely to be of interest to security pros. DEP, BitLocker portable, AppLocker, UAC changes, the lot. Enjoy!
Fraudsters identify Australia as a soft target...
May 20th, 2009 --
International criminal syndicates are using stolen UK credit card data in Australia because it is yet to adopt modern transaction security measures. Cybercrime analyst Kimberly Zenz, of US-based firm iDefense, says the adoption of the EMV chip and pin credit card security standard in Europe means criminal syndicates are having difficulty using stolen card data there. But the same European card information can be used to rip off Australian merchants because the extended authentication made possible by EMV is unavailable here.
DDoS attacks a part of the Russian business landscape...
May 20th, 2009 --
Regular Risky Business guest Kimberly Zenz is in Australia for AusCERT and we caught up with her at the conference for this interview. We asked Kimberly about what she's been focussing out of personal and professional interest. Enjoy!
Phreaking's catching up. Scott McIntyre joins RB to explain how.
May 20th, 2009 --
Scott McIntyre of Dutch ISP XS4all talks to Risky Business about his battle against VoIP fraudsters. Between high-toll fraud and calling card scams, there's a number of ways fraudsters can turn your VoIP gateway into a source of cash for them, and misery for you.
A history of phone forensics and predictions for the future
May 19th, 2009 --
ASI Solutions Executive Manager of IT Security Services, Andrew Rourke, discusses mobile phone forensics -- a history, and the future. Enjoy!'s security team talk DDoS attacks at AusCERT
May 19th, 2009 --
In this AusCERT presentation,'s security team discusses the Russian DDoS scene. is Russia's largest ISP. Their English isn't perfect, but presenters Dmitry Levashev and Ruslan Stoyanov give an interesting talk here. Enjoy!
Microsoft's RMS and RSA's DLP get hitched
May 19th, 2009 --
In this podcast we chat to Microsoft's Keith Brintzenhofe. He manages the Information Protection and Control (IPC) product unit in the Identity & Security Division of Microsoft. He joined Risky Business 2 to explain Microsoft's collaboration with RSA on DLP and document rights management software. This is a sponsor podcast.
Wireless security has come a long way
May 19th, 2009 --
In this podcast interview,'s Neal Wise and Oliver Greiter argue wireless security has come a long way. Wise is a big-time wireless geek. He and Greiter did a presentation on wireless security on day one of AusCERT, which Risky.Biz, unfortunately, was unable to record. Still, check out this interview if you're keen on the latest developments in wireless trends.
Collaboration the key to infrastructure security...
May 19th, 2009 --
Paul Twomey is ICANN's President and CEO. In this keynote address recorded on day one of AusCERT's security conference, Twomey argues collaboration is the key to ensuring the long-term security of Internet infrastructure. UPDATE: The link to the audio file was incorrect in the original post. Fixed now.
Talks and interviews will go live today...
May 19th, 2009 --
It's day two at AusCERT's annual security conference on the Gold Coast, and Risky.Biz is ready to roll with recorded talks and interviews. We'll be publishing interviews with all our Risky Business favourites including Kimberly Zenz of iDefense, Auckland University's Peter Gutmann,'s Neal Wise, Queensland Police Superintendant Brian Hay, Geekonomics author David Rice and many, many more. All recorded content will be available through the Risky Business 2 RSS feed, which can be found here.
SDL may not make sense for web applications
May 15th, 2009 --
This week's podcast is hosted by Vigabyte virtual hosting and sponsored by Tenable Network Security. Risky Business 108 takes a look at the SDL as it applies to web applications. White Hat Security's Jeremiah Grossman joins the program to argue secure code, in the case of web applications, isn't necessarily cheaper code. It sounds like heresy, but Grossman makes some pretty compelling points during his interview.