Podcasts

I've already podcasted Peter's presentation, but I thought a follow up interview was warranted. To cut a long story short, he does believe some crypto standards have been subverted by the NSA, but says some fears about government crypto-fiddling are misplaced. In general, he says, it's a lot easier for attackers to bypass encryption than it is for them to break it.

Peter knows crypto. He's a professor at Auckland University, has written crypto libraries and even had a hand in writing PGP.

I started off by asking Peter for his thoughts on the controversial dual elliptic curve number generator. Was it really backdoored by the NSA?

On the final day of AusCERT last week delegates were treated to a fascinating talk by Dr. Jason Fox, gamification expert and author of the book The Game Changer.

Jason's expertise is in finding out how to take the motivational aspects of games and apply them to work processes. We all know that sitting your staff down in a dimly lit auditorium to lecture them on spear phishing does precisely nothing to change user behaviour. But what if you made the hunt for spear phishing messages a game?

I sat down with Jason Fox after his presentation and recorded this interview.

This is a sponsor interview with Marc Eisenbarth, Arbor Networks' security architect and the manager of research for its Arbor Security Engineering and Response Team (ASERT).

I spoke to Mark about the massive influx of NTP-based DDoS traffic we've seen this year. Can we expect attackers to move on to other protocols and services like SNMP and Chargen? He thinks so. But it's not until we start seeing SNMP-based DDoS capabilities built into generic malware that we'll really have big problems.

This is a sponsor interview with Kate McInnes of Datacom TSS.

Kate is ex-DSD and currently serves as a principal consultant with Datacom TSS in Perth. She's been doing a bunch of work with a bunch of different organisations on preparing them for the looming G20 summit in Brisbane.

What do the threats look like? Where are they coming from? And what can be done about them?

You're about to hear a recording of Peter Gutmann's speech here which is all about crypto. Well, it's sort of about crypto. With newspapers filled with stories about the NSA subverting crypto standards, Peter asks us whether that really matters. Why would an attacker bother breaking crypto when they can just bypass it?

Peter is well positioned to do this talk. He's a researcher in the Department of Computer Science at the University of Auckland and works on the design and analysis of cryptographic security architectures and security usability.

He helped write PGP, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit. And luckily for us, he's a fairly regular guest on Risky Business.

You're about to hear my interview with Matt Jones, a security consultant who runs a small outfit named Volvent.

He's been working on a very interesting side project for a couple of years now. Essentially it's a social media analyser that identifies sources of high-quality information. Users can tap in a keyword and drill through the conversations on social media that actually matter -- the conversations that influence the influencers. The project was born of Matt's desire to never have to log in to Twitter again.

In this interview we're chatting with Neal Wise of Assurance.com.au. Don't let the accent fool you, Neal is based in Melbourne and has been for as long as I can remember, and he did a great talk here at the AusCERT conference called Hacking the Gibson, which was all about pwning supercomputers.

I warn you in advance that there are a few references from the movie Hackers in this interview... sorry about that... HACK THE PLANET!! .... but yeah, Neal has been doing some work involving supercomputers and I decided to interview him about them. They make excellent bitcoin mining boxes!

You're about to hear an interview I recorded with Bob Clark. He currently teaches law at the US Naval Academy, but he's been doing military law for a long time, even serving as the operational attorney for the US Army Cyber Command at one point.

I posted his talk yesterday... he touched on the Weev vs AT&T trial in that and I thought it would be interesting to get his perspective on the CFAA, precisely because it's not the sort of thing he normally concerns himself with. He has less of an agenda than a defence attorney or a prosecutor.

(If you haven't heard the episode of the regular Risky Business podcast where I had a chat with Weev and recapped that whole thing you might want to check it out because we reference it in this interview. It's here.)

David Litchfield is a very well known researcher in the field of database security. He's been at it for over a decade, and managed to be a permanent pain in Oracle's neck since he first started dropping database 0day a million years ago.

So I asked him what has changed in the field of database security. Has Oracle improved its procedures?

In this sponsor podcast we hear from FireEye's APAC CTO Bryce Boland about the effect next generation antimalware gear is having on the modus operandi of sophisticated attackers.

The possibility of burning their sweet, sweet 0days is actually turning some attackers away from well-resourced targets and towards secondary targeting; attacking their targets' partners and suppliers.