Podcasts

The following is a complete recording of Christopher Hoff's AusCERT presentation. He's the chief security architect with Juniper Networks. He has a vendor-heavy background, but don't hold that against him -- he's got some very interesting ideas around virtualisation, cloud computing and deperimiterisation. His talk is about automating security at scale, but he starts off, off all things, with a history innovation in toilets, which surprisingly works pretty well.

Here he is: Christopher Hoff, chief security architect of Juniper Networks. Enjoy.

In this sponsor podcast we chat with Paul Ducklin of Sophos about the recent spate of Mac Malware. In light of malware like Flashback, is it fair to say the public perception that Mac computers are more secure has been busted?

The following is a complete recording of an absolutely fascinating presentation by Robert Clark -- the operational attorney for the US Army Cyber Command.

His presentation examines the legal regime surrounding cyberspace operations.

He looks at the legal underpinnings of computer network security; defense; exploitation; and, attack. It is absolutely riveting stuff and I hope to be catching up with Mr. Clark at some point during the conference to ask him about six million questions.

In this sponsor podcast we chat with Richard Byfield, co-founder and general manager of Datacom TSS.

Datacom TSS is a relatively new Australian company backed by the Datacom group, the large integrator. They're an independent company offering the usual stuff, like penetration testing and app review, but what makes them a little different are its founders.

They used to work in the security and intelligence community for the Australian government, which means they've spent a lot of time viewing the threat environment with a slightly different perspective to the rest of us. With that in mind, I thought it would be interesting to ask Richard what it was like for him to transition from his previous place of employment into the private sector. Here's what he had to say.

In this week's show we take a look at the big burning issue of BYOD.

Neal Wise of Assurance.com.au joins us to discuss some common approaches. Neal says one reason companies are starting to address the issue is because staff are already bringing devices in and connecting them to corporate resources regardless of company policy. In other words it's happening whether you like it or not.

This week's show is brought to you by Tenable Network Security -- if you need some vulnerability detection and management software, or some whiz bang security information event management kit, you'd best get your butt into gear and head to tenable.com.

In this week's sponsor interview Tenable Network Security CEO Ron Gula also weighs in on the debate. He says the BYOD phenomenon is doing a fantastic job at resuscitating NAC and NAP vendors.

Adam Boileau, as always, joins us for this week's news headlines.

On this week's show we're taking a look at basic opsec with an incident responder friend of ours. We'll be talking about some sensible strategies people can use when they're up to illegal stuff on the Internets, because, you know, watching all these guys getting busted for owning FBI websites from their own IPs is getting boring.

This is useful stuff to understand on the defensive side, too.

Plus Adam Boileau joins the show with his take on the week's news.

In this week's feature interview we're chatting with reverse engineer Jonathan Brossard about the theft of VMware source code from a third party. Lulzsec-linked hax0rs have owned up around 300mb of VMWare source and they say they're dropping it on May 5.

We believe them.

Predictably, VMware says it's no big deal, but Jonathan says that line is basically horseshit. He'll be joining us to tell us why.

Jonathan is the CEO of Toucan Systems and an organiser of Hackito Ergo Sum.

In this week's sponsor interview we're chatting with Adobe Software's product security chief Mr. Brad Arkin.

He'll be bringing us up to speed on what he's been up to over the last four weeks or so, and boy, has he been busy. They've been releasing silent auto-updaters for Flash player, open source malware triage tools, making major updates to Adobe Reader 9 for the poor souls who are unable to upgrade to 10; all sorts of good stuff.

Adam Boileau, as usual, joins the show for the week's news.

***EDITOR'S NOTE: There was a small error in this week's introduction script to the sponsor interview. Changes were made to Adobe Reader 9. The introduction script mistakenly said Adobe had introduced changes to Flash Player 9.

Risky Business has scooped another Lizzie award for excellence in IT media at this year's Mediaconnect IT Journalism Awards.

The podcast edged out competition from other IT publishers and the ABC to take the award for Best Technology Audio Program for the third year running.

Big thanks go out to all the listeners who make Risky Business a viable media outlet, the guests who take the time to appear on the show and to the sponsors who keep a roof over my head.

But of course biggest thanks of all go to Adam Boileau for his consistently insightful and lulzy turns as our regular news guest.

And congratulations to all the other winners.

We've got a jam-packed show this week! We'll be hearing from Ruxcon organiser Chris Spencer about a new conference he's putting together. It's called BreakPoint and he's trying to establish it as a truly international conference.

We'll also be chatting with Mark Dowd about his, shall we say, more interesting vulnerability disclosure practices.

And in this week's sponsor interview we're chatting with RSA Security's Ian Farqhuar about BYOD -- bring your own devices. He says it's possible to spin the BYOD phenomenon into a security positive, basically because you now have an excuse to treat all your endpoints as hostile. It makes sense.

Adam Boileau, as usual, joins us for the week's news headlines.

*********When I initially posted this episode I linked through to the wrong mp3.

Fixed now!

On this week's show we're taking a look at new laws in the United Kingdom that are designed to automate the collection of certain types of intelligence from telcos and ISPs.

The information itself has previously been accessible without warrant by UK intelligence agencies, but now they'll be able to bring up the data with a few keystrokes in real time.

That simple change could result in grave invasions of privacy, according to this week's guest, Roelof Temmingh of , the makers of Maltego.

Also this week Chris Gatford of HackLabs drops by for this week's sponsor interview. In it we discuss some statistics he's cobbled together from HackLabs last 100 or so penetration tests. They're not so much surprising as, you know, depressing.

Adam Boileau, as always, is along to discuss this week's news. And this, spectacular fail.