Risky Business: The official podcast of AusCERT ‘08
Sponsored by Microsoft…
|
PRESENTATION: Daniel Klein — Your life may depend on securityMay 23rd, 2008In this AusCERT talk self-described security geek Daniel Klein paints a disturbingly bleak picture of the state of IT security. It’s a shame this is just an audio presentation — the slides he was showing were quite funny — usually photos of stupid people doing stupid things. But the talk is definitely worth listening to. PRESENTATION: The bug marketplace with Charles MillerMay 23rd, 2008In this AusCERT presentation, Independent Security Evaluators’ Charles Miller discusses the bug marketplace. Miller is well known as an iPhone hacker and winner of this year’s PWN2OWN competition in Las Vegas. This talk gives us a rare insight into the legal bug trading environment, which is usually obscured by non disclosure agreements and general paranoia. INTERVIEW: How to destroy the Internet with Danny McPhersonMay 22nd, 2008In this interview Risky Business spoke to Arbor Networks’ Chief Research Officer, Danny McPherson. Danny also serves on the MPLScon Advisory Board, the FCC’s Network Reliability and Interoperability Council (NRIC) and is active in the network and security operations and research communities. He’s a bizarre hybrid — a twisted split between a security guy and a network guy! In February Danny enjoyed a 15 minutes of fame of sorts when he blogged about a snafu at a Pakistani ISP that saw YouTube knocked offline for two hours. Globally. The Pakistani ISP had been asked by the government to block YouTube. An admin decided to blackhole it with a BGP announce. Unfortunately, routers upstream from the pakistani ISP swallowed the BGP announce as well, and the whole thing propagated around the world until YouTube was completely offline. So in this interview I spoke to Danny about the Internet as critical infrastructure — as you’ll hear, he believes the way the internet address space is configured gives the bad guys a little wiggle room when it comes to routing attacks. PRESENTATION: “All singing all dancing” Cyberstorm II — Steve Stroud, Attorney General’s DepartmentMay 22nd, 2008In this quick AusCERT presentation, the Australian Attorney General Department’s Steve Stroud talks about Cyberstorm II — the global cyber war game. Cyberstorm is a full-scale war game involving governments and private sector organisations from Canada, USA, Australia, Britain and New Zealand. It’s designed to test the resilience of our infrastructure under a full blown cyber attack. As you’ll hear, most organisations didn’t follow their incident response plans during the exercise — they were too busy putting out spot fires to notice the whole house was on fire. INTERVIEW: David Weisbrot, Australian Law Reform Commission, on privacy lawMay 22nd, 2008In this interview, with Australian Law Reform Commission President David Weisbrot talks privacy law. The ALRC has been asked to recommend changes to existing privacy laws in Australia, and its report is due to be handed to the Attorney General next week. It looks almost certain that Australia will get mandatory data breach disclosure laws similar to those introduced in the USA. But, as you’ll hear, disclosure of data loss will only be mandatory if there’s a serious risk the information will be misused. It’s a different approach. INTERVIEW: David Litchfield, NGS SoftwareMay 21st, 2008In this interview database security legend David Litchfield from NGS Software talks about his latest research and development efforts. We caught up with Litchfield at the last AusCERT conference as well. When we interviewed him back in 2007, he told us about his plans to launch FEDS — the forensic examiner’s database scalpel. Well, Litchfield says it should be released in the next few months. We talk about FEDS in this interview and also talk about lateral SQL injection, a vulnerability class he recently unveiled. We also talked to David about the recent spate of SQL injection attacks that have compromised half a million hosts… enjoy! INTERVIEW: Kimberly Zenz, iDefense Russia analystMay 21st, 2008Here Risky Business host Patrick Gray talks to Kimberly Zenz, iDefense’s Russia expert. You can hear her full AusCERT presentation here. In this interview we find out how Zenz, based in the USA, became a recognised expert on Russian cybercrime, and where she sees malware hosting providers like the Russian Business Network heading. PRESENTATION: iDefense Russia expert Kimberly Zenz on cybercrimeMay 21st, 2008In this AusCERT presentation, iDefense’s Kimberly Zenz talks about Russian cyber crime. Zenz is iDefense’s Russia analyst. She speaks multiple languages — including fluent Russian — and routinely travels into interesting places all around the world in an effort to understand the who and the why behind cyber attacks. She’s an expert on the Russian Business Network and Russian electronic fraud in general. PRESENTATION: Colin Whittaker, APACS Head of Security, talks biometrics…May 21st, 2008Welcome to this special audio presentation from AusCERT. In the following presentation you’ll hear Colin Whittaker, the head of security for APACS, the UK payments association, trying to determine whether biometrics are really ready for use in banking and payments. INTERVIEW: William Cheswick, AT&TMay 20th, 2008In this interview, Risky Business host Patrick Gray talks to Bill Cheswick, who’s been doing security research since the 1980s. He was a speaker at AusCERT this year, and you can find his talk here. The interview is pretty wide ranging, touching on new approaches to security in desktop virtualisation, the quality of Brian Snow’s AusCERT address and much more. Cheswick is a lot of fun, so check it out! |
