Journalist and author Parmy Olson's AusCERT speech...
May 29th, 2013 --
You're about to hear Parmy Olson's presentation from AusCERT's 2013 conference. Parmy is a journalist for Forbes, but she's also an author -- she wrote We Are Anonymous, Inside the Hacker world of LulzSec, Anonymous and the Global Cyber Insurgency. She got amazing access to the LulzSec crew and the book is well worth reading. In this presentation she looks at why these young men got involved in such risky activity. What drove them, and what does the future of Anonymous look like?
Everyone's favourite closing event!
May 29th, 2013 --
The following is a recording of the traditional closing event of the AusCERT event -- the speed debate. It's hosted by Australian television and radio presenter Adam Spencer, and it's a bit of light fun to end the whole thing on... debaters include Eugene Kaspersky, Bill Caelli, Charlie Miller, Scott McIntyre and more. I'll drop you in here as Adam sets the whole thing up. Enjoy.
Declan Ingram of Datacom TSS says yes...
May 29th, 2013 --
In this sponsor interview we're chatting with Declan Ingram of Datacom TSS. Datacom TSS is a Canberra-based, national security firm founded by ex Australian government security specialists. These guys specialise in dealing with highly skilled adversaries... Now, when they founded this business a few years ago, there was awareness in government that highly skilled adversaries were a real challenge... but it's really been 2013 where executives at the boardroom level have sat up and taken note of security issues, particularly the issue of APT.
Traditional military thinking doesn't translate to "cyber"...
May 29th, 2013 --
The following is a recording of Marcus Ranum's AusCERT keynote speech on CYBER WAR. Marcus was doing the circuit a few years ago with a talk titled "Cyber war is bullshit", which I think makes clear his position, but this one is titled Never Fight a Land War in Cyberspace. He basically argues that the application of traditional military thinking to the cyber domain is flawed. He also argues there's a massive money and power grab taking place as the military and the private sector defence base tries to set the agenda so it can profit from it.
A very meta interview with Paul Ducklin...
May 29th, 2013 --
In this sponsor interview with chat with Paul Ducklin of Sophos, and the topic is reflections -- 30 years on -- on the paper Reflections on Trusting Trust by Ken Thompson. So we're reflecting on reflections on trusting trust. I started off by asking Paul to recap the paper for people who aren't familiar with it.
The thinking behind CrowdStrike's sales pitch...
May 29th, 2013 --
Active defence is the new black. It's the issue of 2013. One of the organisations that helped put the issue on to the agenda is CrowdStrike, a business founded by some senior ex technologists from McAfee. CrowdStrike was founded on the premise that simply relying on defensive measures in information security isn't enough -- you need to be able to mess with your adversaries.
Day two keynote from AusCERT 2013...
May 24th, 2013 --
This is a recording of Mark Fabro's day two keynote speech from AusCERT. Mark is a control systems security expert and a terrific speaker. He's the president and chief security scientist for Lofty Perch, a control system security consultancy. He's extremely well plugged in to the SCADA security scene, he's done a bunch of strategy consulting to the US government. Basically Mark is Mr. SCADA. It's his thing.
North Korean TV has less sex, more potato farming...
May 24th, 2013 --
The following is a recording of David Jorm's AusCERT presentation. You might have heard Dave preview his talk on last week's episode of the regular Risky Business podcast.
How to turn an executives phone into your own personal gateway…
May 24th, 2013 --
Datacom TSS is a Canberra-based, national security firm founded by ex Australian government security specialists. These guys specialise in dealing with highly skilled adversaries. One of their services is running some pretty intense Red Team exercises. The team at Datacom TSS recnetly ported its Red Team Trojan over to the Android platform, and it's surprisingly easy to trick people into installing it. You just email it to them and ask them to install the APK package.
Not new research, but a great talk...
May 24th, 2013 --
Some time ago security researcher Charlie Miller published some research that showed he could take over NFC-equipped phones just by holding them near a malicious RFID sticker. This talk takes you through his research process -- how he fuzzed devices, what he found… and how he came to realise that attacking the higher level functions of NFC functionality turned out to be the shortest path to victory.
Lots of money going into "cyber"...
May 24th, 2013 --
In this sponsor interview with chat with Casey Ellis, the founder of BugCrowd. BugCrowd is an Australian business, but Casey is currently in the USA where the appetite for information security investment opportunities is apparently hitting fever pitch. In this interview I ask him how one might get started off on the path to massive phatcash through their cybersecurity startup.
A global vulnerability analysis…
May 23rd, 2013 --
The following is a recording of HD Moore's AusCERT plenary, all about the research he's done scanning the entire Internet. HD is one of the smartest guys in the business, and it's a great talk. But you might actually need to slow it down a bit, because I don't think I've ever encountered anyone in my life who can speak as fast as HD does. He sometimes speaks at a pace that is faster than my ability to comprehend what he's saying. But as I say, it's a great talk -- it's called Global Vulnerability Analysis.
In some cases, yes!
May 23rd, 2013 --
In this sponsor interview with chat with Casey Ellis, the founder of BugCrowd. When Casey co-founded the business the idea was simple -- the company would host outsourced bug bounty programs for clients that didn't have the expertise to run their own. As some of you may know, the idea really took off, but what no one expected was for BugCrowd's registered testers to do a better job than many penetration testing teams.
Handy talk for CIOs and CSOs...
May 23rd, 2013 --
The following is a recorded presentation from AusCERT. It's by Al Blake, the Chief Information Officer of the Department of Sustainability, Environment, Water, Population and Communities. In it he talks about BYOD, basically, from an Australian government perspective. It's not an overly technical talk, but it is a good overview of what a CIO like him has to consider when allowing staff to use their own devices in a heavily regulated environment.
How far do decent crypto controls get us?
May 23rd, 2013 --
In this sponsor interview we chat with Paul Ducklin of Sophos about trends in code signing technology designed to combat malware. During the great "SSL wars" of 2011, when hackers like Comodohacker went cyber-berserk owning CAs and minting their own certificates for sites like Gmail and Facebook, valuable lessons were learned. It's becoming the norm for browsers to pin certs for well known websites... and now this same approach to certificate sanity checking is finding its way into code signing checks.
A call to action for infosec pros…
May 23rd, 2013 --
We're kicking off our AusCERT 2013 coverage today with the conference's opening keynote by Michael Jones, Google's chief technology advocate. He's charged with advancing technology to organise the world's information and make it universally accessible and useful. Michael has worked as chief technologist of Google Maps, Earth, was the CTO of Keyhole Corporation, the company that developed the technology behind Google Earth and was also CEO of Intrinsic Graphics, and was director of advanced graphics at Silicon Graphics.
Public satellite imagery yields a wealth of intelligence...
May 17th, 2013 --
This week's feature interview is with Dave Jorm, a Brisbane-based security geek and environmental science aficionado who's done some really interesting OSINT analysis of agricultural efficiency in North Korea with publicly available satellite data. He's presenting his findings at AusCERT's annual conference on the Gold Coast next week; he joins the podcast to talk about his work and the online community of North Korea watchers. Ok, so it's not exactly about infosec, but it's really interesting stuff and I hope you all enjoy it!
Awesome feature track this week. Check it out here!
May 17th, 2013 --
LulzSec guys go to the PMIA, ATM scam dudes gettin' smoked playing dominos... it's what you might call an "action week". You can find episode 281 of the Risky Business podcast here.
Special guests The Grugq, Singe, Charl and Andrew...
May 10th, 2013 --
This week's show was being produced on the road so it's a bit of a different format -- I did a longer than usual news panel session from the conference floor! Our news discussion panel consists of: The Grugq Dominic White, SensePost Charl van der Walt, SensePost Andrew MacPherson, Paterva (Maltego)
Pwnage! Malware! Cats and dogs living together!
May 10th, 2013 --
Lots of news to catch up on this week!