NFC on mobile phones is a new phenomenon and opens a lot of possibilities for research, particularly when talking about mobile payment platforms. Lateral Security's Nick discusses the good, the bad and the ugly of mobile NFC. RAW AUDIO.

In this week's feature we chat to Patrick Webster about his tangle with First State Superannuation. This is a story we've covered on the show over the last few weeks. If you haven't heard what happened, Pat spotted a bug in First State Super's statements system, probed it, let them know 12 hours later and then wound up with the police on his door! Since then the whole saga has turned into a pretty big deal here in Australia. The police and civil actions against Webster have both been dropped and First State Super -- and its administrator -- has wound up in a bunch of trouble.

This week's feature interview is with Ian De Villiers of the South African security firm Sensepost. Ian recently dropped a couple of interesting SAP security tools at 44con in London and ZACon in South Africa. SAP makes Enterprise Resource Planning (ERP) solutions... CRM, SCM, PLM... you know, all that three-lettered, thick client enterprise stuff. It's everywhere and as it turns out, one of the only things that has saved it from thorough examination in the past has been the obscurity of its protocol.

Australian security researcher Patrick Webster has received a letter from commercial law firm Minter Ellison demanding he turn over his computer to its client First State Superannuation. The legal threat follows Webster's disclosure of a serious and trivially exploitable security vulnerability in First State Superannuation's website to the company in September. Listen to my interview with First State Superannuation's Chief Executive Michael Dwyer AM here.

By now you've likely read about the German Chaos Computer Club's (CCC) reverse engineering of the so-called "Bundestrojaner," or "federal trojan". Someone found a copy of a remote access trojan in the wild, claimed it was government spyware and submitted it to CCC for analysis. The resulting publications give us a bit of an insight into at least one country's alleged "computer tapping" capabilities.

There's no feature interview in this week's show, instead we're focussing on news instead! And what a week it's been. Browser makers have slayed the SSL BEAST attacks, Goldman Sachs' CEO got dox'd, as did Sgt. Douchebag of the NYPD. You know the one... he's the guy who maced a bunch of peaceful protestors in the face. Microsoft even got in on the action and dox'd the operator of the Kelihos botnet! Meanwhile if you're a Cisco admin you're likely having a tough week, as are the folks at Diebold, who apparently STILL can't make secure e-voting machines.

Over the last couple of weeks you may have spotted some news stories floating about claiming cybercrime costs society US$388bn annually, with Australia alone suffering A$4.6bn in yearly losses. If the numbers are to be believed, these reports say, that means cybercrime costs us nearly as much as the global trade in illicit drugs. It's a sensational claim and makes an awesome headline, but any way you slice or dice the numbers they just simply don't stack up.

The following is a recording of a panel discussion about Wikileaks that took place at the Splendour in the Grass music festival in Woodford, QLD, Friday, 29 July 2011. Moderating the panel is The Chaser's Julian Morrow. On the panel: * Nicholas Hayden, Hungry Beast, ABC TV * Marc Fennell, Hungry Beast, ABC TV * Grace Morgan, Julian Assange's Australia-based solicitor * Suelette Dreyfus, Author, Underground * Patrick Gray, Host of the Risky Business podcast * Christine Assange, Julian Assange's mother The recording is unedited. Enjoy!

On this week's show we take a look at the security of browser JIT engines with two extremely smart guys: Chris Rohlf and Yan Ivnitskiy of Matasano Security. They presented a paper in Vegas all about attacking clientside JIT compilers. It's good, old-fashioned security research -- the type of research that's increasingly being withheld from the public these days. What is a JIT compiler? How does it work? Do they present inherent security problems? Tune in to find out!