Podcasts

PRESENTATION: When is a cyberwar (drink!) a cyberwar (drink!)?
Bob Clark returns to AusCERT\u2026

This is a recording of a presentation by Bob Clark, who these days teaches at the US Naval Academy. He has a long history as a department of defence lawyer including a stint as the counsel for the US Army Cyber Command.

In this talk Bob covers some ground he has covered before -- looking at when an online action represents an act of war under the laws of armed conflict -- but also takes a look at some legal cases in the civilian world involving the CFAA.

We're going to kick things off with a recording of the opening keynote from the conference... this talk is by Felix "FX" Lindner of Recurity Labs.

Felix is a very well known hacker and researcher, and his talk is titled we come in peace, they don't. As you'll hear, he's not exactly Google's number one fan. Here he is, I hope you enjoy it!

This is a recording of Ed Felton's plenary session from AusCERT 2014.

Ed Felton is a professor of computer science and public affairs at Princeton's centre for information technology policy. From 2011 to 2012 he was the first Chief Technologist for the Federal Trade Commission. He's a very well known and highly regarded researcher and academic and he spoke at AusCERT on security in a surveilled world.

Our coverage continues now with an interview I recorded with Olivia Maree and Dave Jorm. Olivia holds a law degree and just finished a six month stint as a community manager with BugCrowd\u2026 Dave Jorm studies geology and mathematics at UQ and has worked in the software industry for around 14 years.

Some of you would remember the interview I did with Dave last year about his OSINT analysis of North Korea, I also recorded and published his AusCERT talk on that topic last year. Well, this year he returned to AusCERT with his pal Olivia Maree to do another North Korea-themed presentation. This time the pair presented a talk about the information cordon - how information gets in and out of the country. Between USB thumb drives attached to home-made air balloons to tiny radios smuggled in to the Democratic People's Republic of Korea, you'll hear that state control of information entering the country isn't what it used to be, and, you know, that's a pretty big deal. and yes, I know this isn't your typical info sec story but you all loved my interview with Dave last year so I figured you'd all want to hear about this anyway\u2026

I started off by asking Olivia how the regime seeks to control information flowing into North Korea\u2026

**************EDITOR'S NOTE: This post originally referred to Olivia Maree as a lawyer. While she has a law degree, Olivia has never worked as a lawyer or completed articles. Apologies for any confusion. The audio introduction to this interview is still incorrect and will not be updated. - PG

On this week's show we're chatting with Silvio Cesare about his new pastime of messing around with home alarm systems, garage door remotes and car immobilisers. How secure do you think your little key ring transmitters are? Well, not very. But the interesting thing is, the tools that you need to crack these things are now very cheap -- could we see thieves roaming the streets with software defined radios, opening up your neighbourhood's garages? Tune in to find out

This week's show is brought to you by HackLabs, an Australian penetration testing and security consulting firm. HackLabs head honcho Chris Gatford joins us in this week's sponsor interview to have a yarn about inadvertent disclosures.

It seems every week we're reading another story about sensitive information being uploaded to a web accessible directory and indexed by Google. It's true that there's no cure for stupid, but is there anything we can do to stop these things happening?

Adam Boileau, as always, joins the show to discuss the week's security news.

Show notes and links to everything can be found here.

On this week's show we're chatting with security researcher Charlie Miller about the work he's been doing with Chris Valasek on hacking cars. It's fun stuff, but yeah, it might make you want to go back to driving an older car.

This week's show is sponsored by BugCrowd. We've got a great interview with BugCrowd founder and CEO Casey Ellis about a really, really interesting little case study he went through involving a random bug-hunter who'd tried blackmailing a BugCrowd client. The solution they came up with was ingenious and spectacularly lulzy.

This week's show is brought to you by Adobe! Big thanks to Adobe for making this week's show possible.

And we've got an... err... *interesting* program for you this week... we'll be chatting with Andrew Auernheimer, aka weev, about the recent appeal victory that saw him out of prison after 14 months inside. Is he going to pull his head in after his scrape with the law?

He says no way!

Also this week we chat with Wade Baker of Verizon Business Security Solutions about the latest Verizon Data Breach Investigation Report and the nine attack patterns they've observed from 10 years of breach data.

Adam Boileau, as always, pops in to discuss the week's news headlines. Show notes are here.

It's a four day week this week and a four day next week so I'm afraid I couldn't organise feature interviews for both, so this week you're getting an extra long news section and a sponsor interview!

This week's show is brought to you by Senetas, makers of fine, fine layer 2 encryption gear. If you're planning a greenfields network you have absolutely no excuse to not check out their stuff, it rocks like a banana on its back. This week we're joined by Senetas CEO Andrew Wilson in the sponsor slot. He'll be talking about a privacy act readiness survey Senetas did that yielded some genuinely depressing results.

He also compares director-level attitudes to infosec to director-level attitudes to occupational health and safety issues 50 years ago. It's a really, really interesting take so do stick around for that.

Show notes are here.

This week's feature guest is the man with the Midas touch -- former McAfee president and current FireEye CEO Dave DeWalt. This is the guy who sold McAfee to Intel for $7.8 billion dollars, so I chat to him about a whole bunch of topics, from his thoughts on how Intel has handled that deal, through to Snowden, to the security business overall. It's a great chat with one of the most interesting executives in this whole industry.

Also this week we chat with Marcus Ranum who's in the sponsor chair on behalf of Tenable Network Security. He's along this week to look back on his very popular 2005 blog post "The six dumbest ideas in computer security". Are they still dumb? Unsurprisingly they are, but the landscape has shifted a bit. That's a great chat and it's coming up later.

Adam Boileau joins the program to discuss the Heartbleed bug and some other infosec news from the last week.

Show notes are here.

On this week's show we're taking a look at the Target/Trustwave suit. A couple of banks were suing Target and its alleged security auditor Trustwave over the massive credit card data breach last year. That suit has been withdrawn, possibly temporarily, and another has been filed on behalf of some other banks. We speak with former New York assistant DA and infosec law specialist Dave Stampley about these types of suits. Do they have legs?

This week we welcome a new sponsor -- Rapid7.

Rapid7 is launching an interesting campaign right now to try to fix the Computer Fraud and Abuse Act (CFAA) in America. They say it's stifling research. Rapid7's global security strategist Trey Ford joins the show to fill us in on that.

As news regulars Adam Boileau and The Grugq are both in Singapore for Syscan and probably nursing cripping hangovers, this week we're joined by a special guest in the news chair, Christopher Hoff. Hoff is the Vice President of Strategy for Juniper Networks' security business unit, but you may know him as Beaker on Twitter.