Podcasts

On this week's show we'll be chatting with Forbes' London bureau chief Parmy Olson.

Parmy did a great job of covering the whole LulzSec fiasco last year for Forbes, but she's gone one better and written a book about the whole thing. It's called We Are Anonymous: Inside the hacker world of LulzSec and you know what? It's pretty good!

Actually, it's really, really good. I'm about a third of the way through a review copy. Parmy will joins us to talk about what it was like to stitch a story like this together.

This week's show is brought to you by those fine folk at HackLabs, a Sydney-based penetration testing firm. Its founder and big cheese Chris Gatford will be along in this week's sponsor interview to chat about two factor via cellphones.

There was a really interesting attack against 4chan through its hosting provider ClousdFlare this week that involved some telephone trickery. Do people place too much trust on out of band second factors? Find out in this week's sponsor interview!

Adam Boileau, as always, joins us to talk about ABSOLUTELY EVERYONE GETTING OWNED! Between LinkedIn, eHarmony and Last.fm getting popped, the US as good as claiming credit for Stuxnet, Flame man in the middling Windows Update and all sorts of other crazy stuff, well, it's been a hell of a week for news!

On this week's show we're taking a look at some research out of Cambridge University that's drawn a lot of attention. It involves a claim that researchers found a hardware back door on a Chinese-made FPGA (Field Programmable Gate Array).

That FPGA is apparently used in military hardware. You can find links to the draft paper and a write-up here.

So was this "back door" put there by super-secret Chinese cyber-warriors? Or is it something much less interesting like an undocumented debugging interface?

Peter Gutmann is this week's feature guest and he'll be telling us all about it.

This week's show is sponsored by SensePost.

SensePost is a South African security consultancy that also has a presence in Europe. They are some seriously, seriously smart people and we're thrilled to have them as a sponsor.

In this week's sponsor interview we're taking a look at some research the company has done into cloning RSA soft tokens. We all know that soft tokens are theoretically weak, but SensePost's Behrang Fouladi set his mind to actually reversing them and seeing just how easy it is. As it turns out, very.

Adam Boileau, as always, stops by to discuss the week's news.

If people are wondering why on Earth Wikileaks' chief Julian Assange is apparently being pursued by the US Department of Justice, a new book by Forbes' London Bureau chief Parmy Olson might help to clear things up for you.

Assange likes to proclaim that the DoJ investigation is a case of the big bad gummint being out to persecute him for being a truth-teller, but if Olson's book (Amazon) is to be believed it looks like he's been a very naughty boy.

This excerpt [pdf] from the book, published by the pre-Wikileaks leak site Cryptome, describes verified IRC contact between LulzSec ringleader turned FBI snitch Sabu and Assange in which the latter apparently urged the digital outlaws to attack specific targets in Iceland.

Bad activist! No biscuit!

All this under the watchful eye of the FBI's inside man.

This is speculation, but if any of Wikileaks staff were "directing" LulzSec's illegal activities, particularly the exfiltration of stolen information from any of the group's victims -- like Stratfor, for example -- it's my guess the entire organisation is legally fux0red. IANAL, but read the excerpt and tell me if you arrive at the same hunch as me.

Encouraging an FBI snitch to attack systems in Iceland on your behalf when the heat is already on is remarkably daft.

I'll be interviewing Parmy about her book next week.

This week's feature audio is an excerpt from an AusCERT presentation I recorded last week. The talk, by Brad Barker of the HALO Corporation, discusses the Zeta drug cartel's use of technology and social media. HALO Corporation does everything from intelligence support to kidnap and ransom consulting. Barker has an interesting analysis of how civilian technology is altering methods of operation and the wider battlefield. It's good stuff.

Adobe's director of product security Brad Arkin will be along for this week's sponsor interview to talk about Apple's decision to block vulnerable versions of Flash Player in OS X. Brad also discusses Adobe's controversial -- and subsequently reversed decision -- to NOT patch its CS5 suite of products against a code execution bug.

Adam Boileau, as always, drops by to discuss the week's news headlines.

The following is the closing session from AusCERT's 2012 conference, the speed debate.

It's a chance to have a bit of a laugh at all things security and it's hosted by ABC personality Adam Spencer. Enjoy!

At AusCERT last week I caught up with Phil Piotrowski, a threat researcher with Sophos, as well as Rob Forsyth, a director of Sophos here in Australia.

Really what this chat is all about is interface. We cover a few topics; how users are finding it increasingly difficult to determine when a warning dialogue or popup is genuine or fake, how online crime syndicated are investing a great deal more effort into pretty graphics and good copywriting, and then we chat about how mobile operating systems like Android have succeeded by making extraordinarily complicated things appear very very simple, and what the security implications of that are.

The following is a recording Susan Landau's plenary presentation. She's a Visiting Scholar in the Computer Science Department at Harvard University. Prior to that she worked as a Distinguished Engineer at Sun Microsystems, and held faculty positions at the University of Massachusetts and Wesleyan University.

Her talk is titled Surveillance or Security? The Risks Posed by New Wiretapping Technologies.

In this sponsor podcast we're chatting with Declan Ingram, Principal Security Consultant with Datacom TSS.

Datacom TSS is a relatively new Aussie company that offers all the usual services, like penetration testing and app review, and we're going to chat with Declan about when those types of services can be best deployed. Dropping massive amounts of budget on pentesting might not be the best way to use your resources, he says.

The following is a recording of Mark Fabro's AusCERT plenary.

As soon as you listen to Mark for more than five minutes you'll quickly realise he really knows what he's talking about.

This talk is about performing incident response and forensic analysis on live SCADA networks. It's very interesting stuff and Mark is a great presenter.

Yesterday I caught up with SCADA security expert and AusCERT speaker Mark Fabro of Lofty Perch.

We spoke about attempts by governments to mandate minimum security requirements for critical infrastructure through regulation. I started off by asking him what regulation attempts in North America look like now.