Podcasts

In this interview we're chatting with Neal Wise of Assurance.com.au. Don't let the accent fool you, Neal is based in Melbourne and has been for as long as I can remember, and he did a great talk here at the AusCERT conference called Hacking the Gibson, which was all about pwning supercomputers.

I warn you in advance that there are a few references from the movie Hackers in this interview... sorry about that... HACK THE PLANET!! .... but yeah, Neal has been doing some work involving supercomputers and I decided to interview him about them. They make excellent bitcoin mining boxes!

You're about to hear an interview I recorded with Bob Clark. He currently teaches law at the US Naval Academy, but he's been doing military law for a long time, even serving as the operational attorney for the US Army Cyber Command at one point.

I posted his talk yesterday... he touched on the Weev vs AT&T trial in that and I thought it would be interesting to get his perspective on the CFAA, precisely because it's not the sort of thing he normally concerns himself with. He has less of an agenda than a defence attorney or a prosecutor.

(If you haven't heard the episode of the regular Risky Business podcast where I had a chat with Weev and recapped that whole thing you might want to check it out because we reference it in this interview. It's here.)

David Litchfield is a very well known researcher in the field of database security. He's been at it for over a decade, and managed to be a permanent pain in Oracle's neck since he first started dropping database 0day a million years ago.

So I asked him what has changed in the field of database security. Has Oracle improved its procedures?

In this sponsor podcast we hear from FireEye's APAC CTO Bryce Boland about the effect next generation antimalware gear is having on the modus operandi of sophisticated attackers.

The possibility of burning their sweet, sweet 0days is actually turning some attackers away from well-resourced targets and towards secondary targeting; attacking their targets' partners and suppliers.

PRESENTATION: When is a cyberwar (drink!) a cyberwar (drink!)?
Bob Clark returns to AusCERT\u2026

This is a recording of a presentation by Bob Clark, who these days teaches at the US Naval Academy. He has a long history as a department of defence lawyer including a stint as the counsel for the US Army Cyber Command.

In this talk Bob covers some ground he has covered before -- looking at when an online action represents an act of war under the laws of armed conflict -- but also takes a look at some legal cases in the civilian world involving the CFAA.

We're going to kick things off with a recording of the opening keynote from the conference... this talk is by Felix "FX" Lindner of Recurity Labs.

Felix is a very well known hacker and researcher, and his talk is titled we come in peace, they don't. As you'll hear, he's not exactly Google's number one fan. Here he is, I hope you enjoy it!

This is a recording of Ed Felton's plenary session from AusCERT 2014.

Ed Felton is a professor of computer science and public affairs at Princeton's centre for information technology policy. From 2011 to 2012 he was the first Chief Technologist for the Federal Trade Commission. He's a very well known and highly regarded researcher and academic and he spoke at AusCERT on security in a surveilled world.

Our coverage continues now with an interview I recorded with Olivia Maree and Dave Jorm. Olivia holds a law degree and just finished a six month stint as a community manager with BugCrowd\u2026 Dave Jorm studies geology and mathematics at UQ and has worked in the software industry for around 14 years.

Some of you would remember the interview I did with Dave last year about his OSINT analysis of North Korea, I also recorded and published his AusCERT talk on that topic last year. Well, this year he returned to AusCERT with his pal Olivia Maree to do another North Korea-themed presentation. This time the pair presented a talk about the information cordon - how information gets in and out of the country. Between USB thumb drives attached to home-made air balloons to tiny radios smuggled in to the Democratic People's Republic of Korea, you'll hear that state control of information entering the country isn't what it used to be, and, you know, that's a pretty big deal. and yes, I know this isn't your typical info sec story but you all loved my interview with Dave last year so I figured you'd all want to hear about this anyway\u2026

I started off by asking Olivia how the regime seeks to control information flowing into North Korea\u2026

**************EDITOR'S NOTE: This post originally referred to Olivia Maree as a lawyer. While she has a law degree, Olivia has never worked as a lawyer or completed articles. Apologies for any confusion. The audio introduction to this interview is still incorrect and will not be updated. - PG

On this week's show we're chatting with Silvio Cesare about his new pastime of messing around with home alarm systems, garage door remotes and car immobilisers. How secure do you think your little key ring transmitters are? Well, not very. But the interesting thing is, the tools that you need to crack these things are now very cheap -- could we see thieves roaming the streets with software defined radios, opening up your neighbourhood's garages? Tune in to find out

This week's show is brought to you by HackLabs, an Australian penetration testing and security consulting firm. HackLabs head honcho Chris Gatford joins us in this week's sponsor interview to have a yarn about inadvertent disclosures.

It seems every week we're reading another story about sensitive information being uploaded to a web accessible directory and indexed by Google. It's true that there's no cure for stupid, but is there anything we can do to stop these things happening?

Adam Boileau, as always, joins the show to discuss the week's security news.

Show notes and links to everything can be found here.

On this week's show we're chatting with security researcher Charlie Miller about the work he's been doing with Chris Valasek on hacking cars. It's fun stuff, but yeah, it might make you want to go back to driving an older car.

This week's show is sponsored by BugCrowd. We've got a great interview with BugCrowd founder and CEO Casey Ellis about a really, really interesting little case study he went through involving a random bug-hunter who'd tried blackmailing a BugCrowd client. The solution they came up with was ingenious and spectacularly lulzy.