Lots of things... so many things...
July 12th, 2013 --
Here are the show notes for edition 288 of the Risky Business podcast. There are links to several stories below that we didn't have time to cover, but they're definitely worth reading. Enjoy!
Both types of bugs abound in this week's show...
July 5th, 2013 --
We've got a great show for you this week. Mark Dowd of Azimuth Security pops in to talk about the bugs he found in libraries used by secure telephony providers like Silent Circle. They're serious, serious bugs, and they were easy to find.
Big show, lots of topics!
July 5th, 2013 --
Big show this week! See below for links to this week's stories. You can find this week's podcast here.
Eddie keeps coughing up the goods...
June 28th, 2013 --
This week's show is a bit shorter than usual. We've got a discussion of the week's news then a great chat with Brian Contos, the VP and CISO of Blue Coat Systems Advanced Threat Protection Group.
Links to all the stuff...
June 28th, 2013 --
Here are links to items discussed in this week's episode of the Risky Business podcast. You can find that episode here.
Opsec for execs...
June 21st, 2013 --
In this week's show we talk opsec with international man of mystery The Grugq. In light of revelations the Internet lounge at the G20 summit was essentially an intelligence collection system set up by GCHQ, we thought we'd look at what travelling diplomats and executives can do to protect their data when entering a hostile environment where all infrastructure is assumed to be controlled by your adversary. There's some great practical advice in that segment, and it's after the news.
Music! Links! Laughter!
June 21st, 2013 --
If you're reading this from the Internet lounge at the G8 summit, we thoroughly recommend you listen to episode 285 of the Risky Business podcast. You can find it here. Here are links to all the news stories covered in ep 285, plus music!
The hippies have entered the building...
June 13th, 2013 --
In this week's feature interview we chat with author and speaker Richard Thieme about what they used to call the generation gap. NSA leaker Edward Snowden is "Internet generation". Are the ideals espoused by people like Snowden rooted in counter-cultural ideals or are they just generational norms? Are these ideas around online liberty becoming mainstream? Now that we have so many gen-Ys and millennials actually running the information infrastructure that powers our institutions, could we be on the cusp of serious changes in the way the establishment works? That is an interesting chat.
Links, music, Boileau on telly. We've got it all this week!
June 13th, 2013 --
Here are the show notes for this week's episode of Risky Business. Make sure you check out the last link -- it's Adam Boileau on television on New Zealand discussing PRISM. Good stuff! You can find episode 284 of the Risky Business podcast here. What is the NSA's PRISM program? (FAQ) | Security & Privacy - CNET News http://news.cnet.com/8301-1009_3-57588253-83/what-is-the-nsas-prism-prog... NSA Whistleblower Resurfaces to Say U.S. Hacked Hundreds in Hong Kong and China | Threat Level | Wired.com
Surveillance scandals and thought crimes. USA! USA!
June 7th, 2013 --
On this week's show we take a look at PRISM, the NSA's recently exposed massive surveillance program. Leaked PowerPoint slides from NSA describe a surveillance system that allows the agency to effortlessly capture a target's YouTube, Google, Facebook and Skype. This has been reported as these companies allowing the US government access to "back doors" on their systems.
All your creepy surveillance news is here...
June 7th, 2013 --
What a week it's been! Turns out all your packets are belong to the NSA... You'll find links to the news items discussed in Risky Business episode 283 below. You'll also find the articles we discussed in this week's feature section. Enjoy!
Are we entering a post-Anonymous era?
May 31st, 2013 --
This week's show is a cracker! We've got a great feature interview with journalist and author Parmy Olson about what the future might hold for Anonymous. Is it time for the Anonymous brand to be retired? The media has largely lost interest in its activities -- how could the hacktivism phenomenon bounce back to the same levels of notoriety as it experienced in 2011? Tune in to find out! This week's show is brought to you by Senetas, makers of absolutely kick-ass layer 2 encryption equipment.
The stories we discussed with The Grugq!
May 31st, 2013 --
Links to all the stories discussed in the 282nd edition of the Risky Business podcast. You can click through to the recording page here. ASIO blueprints, Defence documents stolen - Hackers - SC Magazine Australia - Secure Business Intelligence http://www.scmagazine.com.au/News/344763,asio-blueprints-defence-documen... Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies - The Washington Post
Journalist and author Parmy Olson's AusCERT speech...
May 29th, 2013 --
You're about to hear Parmy Olson's presentation from AusCERT's 2013 conference. Parmy is a journalist for Forbes, but she's also an author -- she wrote We Are Anonymous, Inside the Hacker world of LulzSec, Anonymous and the Global Cyber Insurgency. She got amazing access to the LulzSec crew and the book is well worth reading. In this presentation she looks at why these young men got involved in such risky activity. What drove them, and what does the future of Anonymous look like?
Everyone's favourite closing event!
May 29th, 2013 --
The following is a recording of the traditional closing event of the AusCERT event -- the speed debate. It's hosted by Australian television and radio presenter Adam Spencer, and it's a bit of light fun to end the whole thing on... debaters include Eugene Kaspersky, Bill Caelli, Charlie Miller, Scott McIntyre and more. I'll drop you in here as Adam sets the whole thing up. Enjoy.
Declan Ingram of Datacom TSS says yes...
May 29th, 2013 --
In this sponsor interview we're chatting with Declan Ingram of Datacom TSS. Datacom TSS is a Canberra-based, national security firm founded by ex Australian government security specialists. These guys specialise in dealing with highly skilled adversaries... Now, when they founded this business a few years ago, there was awareness in government that highly skilled adversaries were a real challenge... but it's really been 2013 where executives at the boardroom level have sat up and taken note of security issues, particularly the issue of APT.
Traditional military thinking doesn't translate to "cyber"...
May 29th, 2013 --
The following is a recording of Marcus Ranum's AusCERT keynote speech on CYBER WAR. Marcus was doing the circuit a few years ago with a talk titled "Cyber war is bullshit", which I think makes clear his position, but this one is titled Never Fight a Land War in Cyberspace. He basically argues that the application of traditional military thinking to the cyber domain is flawed. He also argues there's a massive money and power grab taking place as the military and the private sector defence base tries to set the agenda so it can profit from it.
A very meta interview with Paul Ducklin...
May 29th, 2013 --
In this sponsor interview with chat with Paul Ducklin of Sophos, and the topic is reflections -- 30 years on -- on the paper Reflections on Trusting Trust by Ken Thompson. So we're reflecting on reflections on trusting trust. I started off by asking Paul to recap the paper for people who aren't familiar with it.
The thinking behind CrowdStrike's sales pitch...
May 29th, 2013 --
Active defence is the new black. It's the issue of 2013. One of the organisations that helped put the issue on to the agenda is CrowdStrike, a business founded by some senior ex technologists from McAfee. CrowdStrike was founded on the premise that simply relying on defensive measures in information security isn't enough -- you need to be able to mess with your adversaries.
Day two keynote from AusCERT 2013...
May 24th, 2013 --
This is a recording of Mark Fabro's day two keynote speech from AusCERT. Mark is a control systems security expert and a terrific speaker. He's the president and chief security scientist for Lofty Perch, a control system security consultancy. He's extremely well plugged in to the SCADA security scene, he's done a bunch of strategy consulting to the US government. Basically Mark is Mr. SCADA. It's his thing.