Don't want the TSA looking in your luggage? Pack heat! USA! USA!
July 23rd, 2009 --
This is the final of our podcast series recorded at Shaka Con. From next week on RB2 you'll hear reports prepared by our roving reporter Paul Craig on location at New Zealand's OWASP day. Shaka Con is a hacker conference held annually in Honalulu, Hawaii, and as you'll hear, the conference didn't limit itself to digital security. Lock picking aficionado Deviant Ollam was there to give a talk all about locks and curiously, how to fly with locked luggage.
Domain.com.au lies and says it first heard of rental scam two weeks ago...
July 23rd, 2009 --
After two months of its customers being ripped off blind by African criminals, real estate website Domain.com.au has discovered that merely publishing a new Website security policy isn't enough to magically solve the complex problem of rampant online fraud.
New Ncat utility could replace netcat...
July 17th, 2009 --
A new version of nmap has just been released by its creator, Gordon "Fyodor" Lyon, who describes it as the software's "most important release since 1997". The new package, nmap 5.0, includes Ncat, billed as a "a much more advanced and modern reimplementation of the beloved Netcat". Also included is Ndiff, which is designed to portscan networks and alert administrators to changes.
Naughty people doing bad things with evil technology...
July 14th, 2009 --
On this week's show we're joined by semi regular guest Adam Pointon. Adam's the CSO for a financial services company, so he has a fair bit of insight into both security technology and market-based technology. You may have heard by now that investment bank Goldman Sachs has claimed its trading algorithm has been stolen by one of its developers. Why is this a big deal? How would possession of that algorithm be advantageous to an attacker? Adam joins the show to tell us.
Panel of high-profile experts comes together in Sydney...
July 13th, 2009 --
F-secure flew its chief research officer, Mikko Hypponen, out to Australia last week to meet the press. The company hosted an event -- the F-Secure Future of the Digital Economy Forum -- and invited a bunch of very interesting panellists to discuss the state of information security today. They asked Risky Business to moderate and record the session. The panellists were: Mikko Hypponen, chief research officer, F-Secure Graham Ingram, managing director of AusCERT
The emergence of sophisticated ATM malware in Belarus could spell trouble for English speaking countries...
July 13th, 2009 --
If you were an Eastern European ATM, you would be feeling nervous at the moment, and rightfully so. First, Diebold warned Russian banks about malicious code installed their machines last January. Then in May, Trustwave reported on malware found on 20 ATMs in Russia and Ukraine, the earliest of which was first infected almost exactly two years ago, and which has been improved at least 16 times since then. Now Belorussian ATMs face another wave of malicious code, infecting what appears to be a high number of ATMs in urban areas.
Microsoft service black-bans MessageLabs customers...
July 6th, 2009 --
Microsoft is apparently blocking messages from MessageLabs' email servers destined for Windows Live accounts. Customers of the MessageLabs spam filtering and e-mail security service have been unable to send to Windows Live accounts, such as Hotmail addresses, since Friday.
Paul Craig chats to the ShakaCon laser masters...
July 3rd, 2009 --
If you're an avid RB2 listener you would have already heard the ShakaCon presentation by Andrea Barisani and Daniele Bianco on non-conventional keystroke sniffing techniques. Their presentation was on sniffing keystrokes through powerlines, or alternatively by using freakin' lasers attached to their frickin' heads to detect he sound of keystrokes and then work out what was being typed.
Pew pew, you are no match for hackers with lasers, pew pew...
July 3rd, 2009 --
This podcast is a ripper, it's a presentation by Andrea Barisani and Daniele Bianco. RB2 correspondent Paul Craig was in Hawaii last month for the ShakaCon security conference and he recorded this talk, which looks at side channel attacks using optical sampling of mechanical energy emissions and power line leakage. What does that mean? Hackers with freakin' laser beams on their freakin' heads is what it means. These guys have developed techniques for sniffing keystrokes out of power lines and via laser beams... you know, the ones on their freakin' heads!
Outsourcing meteor could mean trouble for planet infosec...
July 3rd, 2009 --
This week's edition of Risky Business is hosted by Vigabyte virtual hosting and brought to you by Check Point. On this week's show we'll be joined by Gartner analyst Andrew Walls, who's got some less than reassuring things to say about the security of your job in the long term. Apparently the great big destructive meteor, "outsourcing," is about to collide with planet infosec, and when that happens it'll be grim indeed.
Security and networking company Juniper yields to ATM vendor pressure...
June 30th, 2009 --
RISKY.BIZ EXCLUSIVE -- A demonstration in which security researcher Barnaby Jack would "jackpot" an ATM live on stage at the upcoming Black Hat security conference in Las Vegas has been pulled by his employer. Security and network device vendor Juniper Networks forced Mr. Jack to cancel his presentation, an anticipated highlight of the Black Hat event, following pressure from the affected ATM vendor. The demonstration would have seen the researcher hack an ATM live on stage, causing it to spit out cash, or "jackpot".
Twitterganda is all the rage these days. I read about it. On Twitter.
June 26th, 2009 --
This week we're taking a look at the technology angle to this whole mess in Iran. We'll be chatting with Arbor Networks chief scientist Craig Labovitz about the filtering the government is doing over there, then we'll be checking in with Roelof Temmingh of Paterva. Paterva makes Maltego, the open source intelligence tool that many people are using to analyse various aspects of information flow in Iran-- including the spread of propaganda via Twitterbots.
If you think you're clever for avoiding social networking sites, think again, writes Maltego creator Roelof Temmingh...
June 25th, 2009 --
Years ago a friend told me I should have a blog and be on Facebook. To my eyes Facebook just looked like a badly organized dating club, and the idea of having to fire regular musings out into cyberspace via a blogocannon has never appealed. Figuring I was just too lazy to sign up for these services, my dear friend offered to register me anyway and just give me the passwords. Being a Google fanboy, he could sign me up as roelof.temmingh on Gmail and connect my newly created Facebook profile to that email account. That got my attention.
RB2 reporter Paul Craig makes his debut...
June 24th, 2009 --
In this interview Risky.Biz reporter Paul Craig talks to BT security consultant Luke McComie about corporate espionage. Luke presented a keynote on the topic at the Shaka Con conference in Hawaii. Throughout that presentation we heard how corporations don't adequately secure their physical environments, and this can lead to some pretty nasty consequences as far as information leakage goes. We heard Luke tell some war stories about slipping past security guards in that one.
Symantec Security Response Director Vincent Weafer talks malware and spam trends...
June 24th, 2009 --
This podcast entirely consists of a sponsored interview with Symantec's director of Security Response, Vincent Weafer. We're absolutely stoked to have Symantec on board -- with them sponsoring we now have the means to expand what we can offer you on Risky.Biz. Thanks to this relationship you'll be hearing regular podcasts from our new RB2 reporter, Paul Craig.
Sneaky people talking about sneaky things... It's sneaky!
June 24th, 2009 --
In this episode of RB2 you'll hear a keynote from the Shaka Con security conference in Hawaii. BT security consultant Luck McComie discusses various methods of getting around corporate defences, both physical and digital. The talk is about corporate espionage, and it's well presented. Luke is a senior staff member (goon) at the DEFCON Security Conference and also contributes to several computer security organizations including the r00tcellar Security Team, 303 and Security Tribe.
Australian government Minister for the Digital Economy Stephen Conroy joins Risky Business...
June 19th, 2009 --
This week's show is a cracker -- we have a very special guest, Senator Stephen Conroy. The senator is Australia's Minister for Broadband, Communications and the Digital Economy and I caught up with him in Sydney last week to get his take on what he feels the role of government is when it comes to IT security.
Company dodges tough questions on response to fraud...
June 17th, 2009 --
As users of Australia's Domain.com.au real estate website are being fleeced for thousands of dollars in a Western Union money transfer scam, the company has circled the wagons and is refusing to make a spokesperson available for interviews. Fraudsters are placing fake rental property listings for affordable apartments on the Domain site. Upon contacting the purported landlord, would-be renters are instructed to transfer money offshore in exchange for apartment keys that will never arrive.
Documentation for Centrelink's home-baked protocol "lacking"...
June 11th, 2009 --
This week's episode is hosted by Vigabyte and brought to you by Tenable Network Security. On this week's show we're looking back at an issue we covered a little while ago: PLAID. No, not the oh-so-groovy pattern, but Centrelink's home-baked authentication protocol. PLAID is a contactless smart card authentication protocol designed by Australia's welfare agency and released a couple of months ago. They're hoping to have it recognised as an ISO standard, but not everyone's convinced that's a good idea.
Nir Zuk knows stuff about stuff. Seriously.
June 4th, 2009 --
This week's show is hosted by Vigabyte and brought to you by Sophos. On this week's show we chat to an industry pioneer, Nir Zuk. He's widely credited as the creator of the first stateful inspection firewall. These days he works for the company he founded, Palo Alto Networks. We're chatting to Nir about his thoughts on security technologies -- everything from firewalls to IDS to DLP.