Podcasts

The following is a recording Susan Landau's plenary presentation. She's a Visiting Scholar in the Computer Science Department at Harvard University. Prior to that she worked as a Distinguished Engineer at Sun Microsystems, and held faculty positions at the University of Massachusetts and Wesleyan University.

Her talk is titled Surveillance or Security? The Risks Posed by New Wiretapping Technologies.

In this sponsor podcast we're chatting with Declan Ingram, Principal Security Consultant with Datacom TSS.

Datacom TSS is a relatively new Aussie company that offers all the usual services, like penetration testing and app review, and we're going to chat with Declan about when those types of services can be best deployed. Dropping massive amounts of budget on pentesting might not be the best way to use your resources, he says.

The following is a recording of Mark Fabro's AusCERT plenary.

As soon as you listen to Mark for more than five minutes you'll quickly realise he really knows what he's talking about.

This talk is about performing incident response and forensic analysis on live SCADA networks. It's very interesting stuff and Mark is a great presenter.

Yesterday I caught up with SCADA security expert and AusCERT speaker Mark Fabro of Lofty Perch.

We spoke about attempts by governments to mandate minimum security requirements for critical infrastructure through regulation. I started off by asking him what regulation attempts in North America look like now.

In this sponsored podcast we chat with both Arbor Networks' Nick Race and Matt Hollis of Vocus.

We discuss the state of both application and volumetric based DDoS techniques.

As you'd no doubt be aware, Arbor makes DDoS mitigation equipment -- there's the enterprise stuff that blocks application-based attacks, like attacks that exhaust resources on the target, then there's the telco stuff that blocks the volumetric attacks -- a.k.a. bandwidth exhaustion attacks.

I started off by speaking with Matt Hollis of ASX - listed connectivity provider Vocus. These guys have some serious tubes, so they're used to seeing a lot of volumetric attacks. Then I got on the line with Arbor Networks' Nick Race to discuss app-based attacks.

In this interview we chat with Juniper Networks' chief security architect Christopher Hoff. I posted the audio of Chris's plenary talk yesterday... it was very interesting stuff, so check it out if you get a chance. He basically outlined his vision for security automation -- security at scale.

A part of that vision is advocating a more communication and integration between apps and infrastructure. He says apps should be able to interact directly with networking infrastructure through APIs. It sounds great, but could it be a disaster?

The following is a full recording of a presentation by the University of Auckland's Peter Gutmann discussing contactless payment systems.

It's a nice overview that points out some of the dumber implementation mistakes that have been made by card brands and issuers.

There's a reference to a Shmoocon talk in this recording. You can find the whole thing here.

This is an interview with Robert Clark, the operational attorney for the US Army Cyber Command. I posted audio of his talk yesterday... he spoke a lot about international law as it applies to cyber war. But I wanted to pick his brains about something he briefly mentioned.

During his presentation he mentioned that espionage is actually legal under international law. I asked him to expand on that and we had a great chat about the legal aspects of online espionage.

In this sponsored Arbor Networks founder and CTO Rob Malan.

If you're lucky enough to have met Rob, you'd know that not only has he built a crazily successful business, but he's one of the most technologically savvy people you will ever meet. He lives and breathes his business, and lately he's been focussing on what he sees as a future problem area: Denial of service attacks against mobile 3G and 4G/LTE networks.

As you'll hear, Rob says the average mobile network is a bit of a disaster and there'll be plenty of opportunities for miscreants to wreak havoc on them.

The following is a complete recording of Mikko Hyppponen's opening keynote to the AusCERT 2012 conference. Mikko is the chief research officer for the Finnish antivirus firm F-Secure.

It takes him a few minutes to pick up steam, but I definitely recommend sticking with his talk. It starts out good and winds up fascinating. The title of his talk is The Enemy, and in it he examines three groups of attackers -- Criminals, Hacktivists and Nation States. It sounds like well worn material, but Mikko's take is definitely worth listening to.