Web application security gets attention, the same cannot be said for Web services security...
August 7th, 2009 --
In this interview, you'll hear Risky.Biz's New Zealand correspondent Paul Craig discuss Web services security with Lateral Security's Nick Von Dadelszen. We all hear a lot of talk about web application vulnerabilities, and not much at all about web services problems. The result is a lot of web services are wide open.
Can we combat fraud online and stay anonymous?
August 7th, 2009 --
Sydney's inaugural eCrime Symposium kicked off on Tuesday, and Risky Business was there with an audio recorder. We recorded this panel discussion while we were there and decided it'd make a good podcast. The speakers are Rachel Dixon, who's a technology executive here in Australia for online media group Viocorp, as well as being the deputy chair of consumer group Choice, Phil Argy, the head of the Technology Dispute Centre, and Sean Richmond from Sophos. The panel was hosted by Nigel Phair.
McAfee's Asia Pacific President believes genies can be put back in bottles...
July 30th, 2009 --
Readers of the Risky.Biz website would have heard by now that McAfee accidentally leaked the full contact information of 1400 registrants for its strategic security summit that was held in Sydney on July 17. McAfee's Asia Pacific President Steve Redman is this week's feature guest -- he joined the program to face the music for that one.
Faces are as red as the company logo at McAfee HQ today...
July 29th, 2009 --
Security software maker McAfee has accidentally e-mailed the full contact details of 1,400 IT security professionals to an unknown number of recipients. The marketing spreadsheet contained the full names, titles, organisation names, phone numbers and e-mail addresses of all who had registered for or attended the company's recent Strategic Security Summit on July 17 in Sydney.
Analysis of spyware pushed by UAE-based carrier onto Blackberrys
July 23rd, 2009 --
This week's show is hosted by Vigabyte and sponsored by Sophos. You'll hear from Sophos's Paul Ducklin later on in the show in this week's sponsor interview. This week's feature interview is with Chris Eng of Veracode, and we'll be chatting about his analysis of a nasty bit of blackberry spyware that was pushed out to all blackberry users on UAE-based carrier Etisalat. And of course we're joined by Adam Boileau for a discussion of the week's news.
Don't want the TSA looking in your luggage? Pack heat! USA! USA!
July 23rd, 2009 --
This is the final of our podcast series recorded at Shaka Con. From next week on RB2 you'll hear reports prepared by our roving reporter Paul Craig on location at New Zealand's OWASP day. Shaka Con is a hacker conference held annually in Honalulu, Hawaii, and as you'll hear, the conference didn't limit itself to digital security. Lock picking aficionado Deviant Ollam was there to give a talk all about locks and curiously, how to fly with locked luggage.
Domain.com.au lies and says it first heard of rental scam two weeks ago...
July 23rd, 2009 --
After two months of its customers being ripped off blind by African criminals, real estate website Domain.com.au has discovered that merely publishing a new Website security policy isn't enough to magically solve the complex problem of rampant online fraud.
New Ncat utility could replace netcat...
July 17th, 2009 --
A new version of nmap has just been released by its creator, Gordon "Fyodor" Lyon, who describes it as the software's "most important release since 1997". The new package, nmap 5.0, includes Ncat, billed as a "a much more advanced and modern reimplementation of the beloved Netcat". Also included is Ndiff, which is designed to portscan networks and alert administrators to changes.
Naughty people doing bad things with evil technology...
July 14th, 2009 --
On this week's show we're joined by semi regular guest Adam Pointon. Adam's the CSO for a financial services company, so he has a fair bit of insight into both security technology and market-based technology. You may have heard by now that investment bank Goldman Sachs has claimed its trading algorithm has been stolen by one of its developers. Why is this a big deal? How would possession of that algorithm be advantageous to an attacker? Adam joins the show to tell us.
Panel of high-profile experts comes together in Sydney...
July 13th, 2009 --
F-secure flew its chief research officer, Mikko Hypponen, out to Australia last week to meet the press. The company hosted an event -- the F-Secure Future of the Digital Economy Forum -- and invited a bunch of very interesting panellists to discuss the state of information security today. They asked Risky Business to moderate and record the session. The panellists were: Mikko Hypponen, chief research officer, F-Secure Graham Ingram, managing director of AusCERT
The emergence of sophisticated ATM malware in Belarus could spell trouble for English speaking countries...
July 13th, 2009 --
If you were an Eastern European ATM, you would be feeling nervous at the moment, and rightfully so. First, Diebold warned Russian banks about malicious code installed their machines last January. Then in May, Trustwave reported on malware found on 20 ATMs in Russia and Ukraine, the earliest of which was first infected almost exactly two years ago, and which has been improved at least 16 times since then. Now Belorussian ATMs face another wave of malicious code, infecting what appears to be a high number of ATMs in urban areas.
Microsoft service black-bans MessageLabs customers...
July 6th, 2009 --
Microsoft is apparently blocking messages from MessageLabs' email servers destined for Windows Live accounts. Customers of the MessageLabs spam filtering and e-mail security service have been unable to send to Windows Live accounts, such as Hotmail addresses, since Friday.
Paul Craig chats to the ShakaCon laser masters...
July 3rd, 2009 --
If you're an avid RB2 listener you would have already heard the ShakaCon presentation by Andrea Barisani and Daniele Bianco on non-conventional keystroke sniffing techniques. Their presentation was on sniffing keystrokes through powerlines, or alternatively by using freakin' lasers attached to their frickin' heads to detect he sound of keystrokes and then work out what was being typed.
Pew pew, you are no match for hackers with lasers, pew pew...
July 3rd, 2009 --
This podcast is a ripper, it's a presentation by Andrea Barisani and Daniele Bianco. RB2 correspondent Paul Craig was in Hawaii last month for the ShakaCon security conference and he recorded this talk, which looks at side channel attacks using optical sampling of mechanical energy emissions and power line leakage. What does that mean? Hackers with freakin' laser beams on their freakin' heads is what it means. These guys have developed techniques for sniffing keystrokes out of power lines and via laser beams... you know, the ones on their freakin' heads!
Outsourcing meteor could mean trouble for planet infosec...
July 3rd, 2009 --
This week's edition of Risky Business is hosted by Vigabyte virtual hosting and brought to you by Check Point. On this week's show we'll be joined by Gartner analyst Andrew Walls, who's got some less than reassuring things to say about the security of your job in the long term. Apparently the great big destructive meteor, "outsourcing," is about to collide with planet infosec, and when that happens it'll be grim indeed.
Security and networking company Juniper yields to ATM vendor pressure...
June 30th, 2009 --
RISKY.BIZ EXCLUSIVE -- A demonstration in which security researcher Barnaby Jack would "jackpot" an ATM live on stage at the upcoming Black Hat security conference in Las Vegas has been pulled by his employer. Security and network device vendor Juniper Networks forced Mr. Jack to cancel his presentation, an anticipated highlight of the Black Hat event, following pressure from the affected ATM vendor. The demonstration would have seen the researcher hack an ATM live on stage, causing it to spit out cash, or "jackpot".
Twitterganda is all the rage these days. I read about it. On Twitter.
June 26th, 2009 --
This week we're taking a look at the technology angle to this whole mess in Iran. We'll be chatting with Arbor Networks chief scientist Craig Labovitz about the filtering the government is doing over there, then we'll be checking in with Roelof Temmingh of Paterva. Paterva makes Maltego, the open source intelligence tool that many people are using to analyse various aspects of information flow in Iran-- including the spread of propaganda via Twitterbots.
If you think you're clever for avoiding social networking sites, think again, writes Maltego creator Roelof Temmingh...
June 25th, 2009 --
Years ago a friend told me I should have a blog and be on Facebook. To my eyes Facebook just looked like a badly organized dating club, and the idea of having to fire regular musings out into cyberspace via a blogocannon has never appealed. Figuring I was just too lazy to sign up for these services, my dear friend offered to register me anyway and just give me the passwords. Being a Google fanboy, he could sign me up as roelof.temmingh on Gmail and connect my newly created Facebook profile to that email account. That got my attention.
RB2 reporter Paul Craig makes his debut...
June 24th, 2009 --
In this interview Risky.Biz reporter Paul Craig talks to BT security consultant Luke McComie about corporate espionage. Luke presented a keynote on the topic at the Shaka Con conference in Hawaii. Throughout that presentation we heard how corporations don't adequately secure their physical environments, and this can lead to some pretty nasty consequences as far as information leakage goes. We heard Luke tell some war stories about slipping past security guards in that one.
Symantec Security Response Director Vincent Weafer talks malware and spam trends...
June 24th, 2009 --
This podcast entirely consists of a sponsored interview with Symantec's director of Security Response, Vincent Weafer. We're absolutely stoked to have Symantec on board -- with them sponsoring we now have the means to expand what we can offer you on Risky.Biz. Thanks to this relationship you'll be hearing regular podcasts from our new RB2 reporter, Paul Craig.