Windows 7 gets some new security features...
May 20th, 2009 --
In this sponsored podcast from AusCERT's 2009 conference, Microsoft's Jeff Alexander discusses the features of Windows 7 that are likely to be of interest to security pros. DEP, BitLocker portable, AppLocker, UAC changes, the lot. Enjoy!
Fraudsters identify Australia as a soft target...
May 20th, 2009 --
International criminal syndicates are using stolen UK credit card data in Australia because it is yet to adopt modern transaction security measures. Cybercrime analyst Kimberly Zenz, of US-based firm iDefense, says the adoption of the EMV chip and pin credit card security standard in Europe means criminal syndicates are having difficulty using stolen card data there. But the same European card information can be used to rip off Australian merchants because the extended authentication made possible by EMV is unavailable here.
DDoS attacks a part of the Russian business landscape...
May 20th, 2009 --
Regular Risky Business guest Kimberly Zenz is in Australia for AusCERT and we caught up with her at the conference for this interview. We asked Kimberly about what she's been focussing out of personal and professional interest. Enjoy!
Phreaking's catching up. Scott McIntyre joins RB to explain how.
May 20th, 2009 --
Scott McIntyre of Dutch ISP XS4all talks to Risky Business about his battle against VoIP fraudsters. Between high-toll fraud and calling card scams, there's a number of ways fraudsters can turn your VoIP gateway into a source of cash for them, and misery for you.
A history of phone forensics and predictions for the future
May 19th, 2009 --
ASI Solutions Executive Manager of IT Security Services, Andrew Rourke, discusses mobile phone forensics -- a history, and the future. Enjoy!'s security team talk DDoS attacks at AusCERT
May 19th, 2009 --
In this AusCERT presentation,'s security team discusses the Russian DDoS scene. is Russia's largest ISP. Their English isn't perfect, but presenters Dmitry Levashev and Ruslan Stoyanov give an interesting talk here. Enjoy!
Microsoft's RMS and RSA's DLP get hitched
May 19th, 2009 --
In this podcast we chat to Microsoft's Keith Brintzenhofe. He manages the Information Protection and Control (IPC) product unit in the Identity & Security Division of Microsoft. He joined Risky Business 2 to explain Microsoft's collaboration with RSA on DLP and document rights management software. This is a sponsor podcast.
Wireless security has come a long way
May 19th, 2009 --
In this podcast interview,'s Neal Wise and Oliver Greiter argue wireless security has come a long way. Wise is a big-time wireless geek. He and Greiter did a presentation on wireless security on day one of AusCERT, which Risky.Biz, unfortunately, was unable to record. Still, check out this interview if you're keen on the latest developments in wireless trends.
Collaboration the key to infrastructure security...
May 19th, 2009 --
Paul Twomey is ICANN's President and CEO. In this keynote address recorded on day one of AusCERT's security conference, Twomey argues collaboration is the key to ensuring the long-term security of Internet infrastructure. UPDATE: The link to the audio file was incorrect in the original post. Fixed now.
Talks and interviews will go live today...
May 19th, 2009 --
It's day two at AusCERT's annual security conference on the Gold Coast, and Risky.Biz is ready to roll with recorded talks and interviews. We'll be publishing interviews with all our Risky Business favourites including Kimberly Zenz of iDefense, Auckland University's Peter Gutmann,'s Neal Wise, Queensland Police Superintendant Brian Hay, Geekonomics author David Rice and many, many more. All recorded content will be available through the Risky Business 2 RSS feed, which can be found here.
SDL may not make sense for web applications
May 15th, 2009 --
This week's podcast is hosted by Vigabyte virtual hosting and sponsored by Tenable Network Security. Risky Business 108 takes a look at the SDL as it applies to web applications. White Hat Security's Jeremiah Grossman joins the program to argue secure code, in the case of web applications, isn't necessarily cheaper code. It sounds like heresy, but Grossman makes some pretty compelling points during his interview.
Cheap inner Sydney rents used as online fraud bait...
May 15th, 2009 --
Criminals are targeting Sydney house-hunters through Fairfax Digital's real estate website. Fraudsters are placing fake rental property listings for affordable inner Sydney apartments on the site. Upon contacting the purported landlord, would-be renters are being instructed to transfer money offshore in exchange for apartment keys that will never arrive.
New company plans aggressive expansion...
May 11th, 2009 --
Australian information security companies Stratsec and SIFT have merged. The new company employs a total of 65 people, with no staff being made redundant from either SIFT or Stratsec during the merger. The new company will retain the stratsec name and recruit 4-5 new staff immediately with a view to further expansion later this year, according to the new company's CTO and SIFT founder Nick Ellsmore.
Restructure claims senior MS security staffer... UPDATED with MS response 6pm 11/5/09
May 11th, 2009 --
Microsoft's senior security strategist, Steve Riley, has been made redundant. After more than 10 years working for Microsoft, Riley fell the victim to a restructuring program last Tuesday. "As a part of Microsoft’s second round of restructuring, my position was eliminated yesterday and my employment with Microsoft has ended," Riley wrote on his blog. "I'm certainly not disappearing... I'll remain involved in the security industry."
New research could have consequences for future software...
May 7th, 2009 --
Thanks to our sponsor Sophos, this week's edition of the Risky Business podcast is ready to download! This week's feature interview is pretty kickass; a chat with security megalegend Mark Dowd. We talk to Mark about his entry in Google's Native Client security competition. It's very interesting stuff that could really have implications for your job in a few years.
Straight from the horse's mouth. Nyeah.
May 6th, 2009 --
It's been 24 hours since Risky.Biz published a news story about several vulnerabilities -- CSRF and XSS bugs -- found in McAfee's secure vulnerability scanning service. The story has gone global, with outlets like and The Register picking it up.
Embarrassing vulnerabilities in McAfee websites poised to make headlines...
May 5th, 2009 --
Security software maker McAfee is an industry laughing stock following the disclosure of embarrassing security vulnerabilities in its websites. A Cross Site Request Forgery (CSRF) vulnerability uncovered in McAfee's "secure" vulnerability scanning portal would have allowed attacker to take control of client accounts. The portal is designed to scan customer websites for security vulnerabilities and fulfil some PCI DSS compliance requirements.
With news that four Swedes are heading to the clink for running The Pirate Bay website, Patrick Gray looks back at 10 years of illegal file sharing...
May 4th, 2009 --
This piece was written for the Australian Broadcasting Corporation and originally ran here. In June, Internet piracy as we know it turns 10.
Centrelink released draft auth protocol hoping for torture test...
May 1st, 2009 --
Centrelink's smart card architect, Glenn Mitchell, has invited all and sundry to break its new authentication protocol, PLAID. Australia's welfare agency released the the draft implementation of PLAID last month. It created the new protocol because off-the-shelf solutions didn't match Centrelink's "business needs," Mitchell says. He now hopes crypto-geeks all over the world will rip into the software, now in its second draft. "We need to make sure it's as secure as we believe it to be," he told the Risky Business podcast. "There may be issues... if anyone does any issues with it then we're more than happy to take feedback on board and see what we can do to review it."
The Australian government hopes its new protocol will be the standard of the future...
May 1st, 2009 --
This week's edition of Risky Business is brought to you by Tenable Network Security and hosted by Vigabyte virtual hosting at discounted rates.