Podcasts

If people are wondering why on Earth Wikileaks' chief Julian Assange is apparently being pursued by the US Department of Justice, a new book by Forbes' London Bureau chief Parmy Olson might help to clear things up for you.

Assange likes to proclaim that the DoJ investigation is a case of the big bad gummint being out to persecute him for being a truth-teller, but if Olson's book (Amazon) is to be believed it looks like he's been a very naughty boy.

This excerpt [pdf] from the book, published by the pre-Wikileaks leak site Cryptome, describes verified IRC contact between LulzSec ringleader turned FBI snitch Sabu and Assange in which the latter apparently urged the digital outlaws to attack specific targets in Iceland.

Bad activist! No biscuit!

All this under the watchful eye of the FBI's inside man.

This is speculation, but if any of Wikileaks staff were "directing" LulzSec's illegal activities, particularly the exfiltration of stolen information from any of the group's victims -- like Stratfor, for example -- it's my guess the entire organisation is legally fux0red. IANAL, but read the excerpt and tell me if you arrive at the same hunch as me.

Encouraging an FBI snitch to attack systems in Iceland on your behalf when the heat is already on is remarkably daft.

I'll be interviewing Parmy about her book next week.

This week's feature audio is an excerpt from an AusCERT presentation I recorded last week. The talk, by Brad Barker of the HALO Corporation, discusses the Zeta drug cartel's use of technology and social media. HALO Corporation does everything from intelligence support to kidnap and ransom consulting. Barker has an interesting analysis of how civilian technology is altering methods of operation and the wider battlefield. It's good stuff.

Adobe's director of product security Brad Arkin will be along for this week's sponsor interview to talk about Apple's decision to block vulnerable versions of Flash Player in OS X. Brad also discusses Adobe's controversial -- and subsequently reversed decision -- to NOT patch its CS5 suite of products against a code execution bug.

Adam Boileau, as always, drops by to discuss the week's news headlines.

The following is the closing session from AusCERT's 2012 conference, the speed debate.

It's a chance to have a bit of a laugh at all things security and it's hosted by ABC personality Adam Spencer. Enjoy!

At AusCERT last week I caught up with Phil Piotrowski, a threat researcher with Sophos, as well as Rob Forsyth, a director of Sophos here in Australia.

Really what this chat is all about is interface. We cover a few topics; how users are finding it increasingly difficult to determine when a warning dialogue or popup is genuine or fake, how online crime syndicated are investing a great deal more effort into pretty graphics and good copywriting, and then we chat about how mobile operating systems like Android have succeeded by making extraordinarily complicated things appear very very simple, and what the security implications of that are.

The following is a recording Susan Landau's plenary presentation. She's a Visiting Scholar in the Computer Science Department at Harvard University. Prior to that she worked as a Distinguished Engineer at Sun Microsystems, and held faculty positions at the University of Massachusetts and Wesleyan University.

Her talk is titled Surveillance or Security? The Risks Posed by New Wiretapping Technologies.

In this sponsor podcast we're chatting with Declan Ingram, Principal Security Consultant with Datacom TSS.

Datacom TSS is a relatively new Aussie company that offers all the usual services, like penetration testing and app review, and we're going to chat with Declan about when those types of services can be best deployed. Dropping massive amounts of budget on pentesting might not be the best way to use your resources, he says.

The following is a recording of Mark Fabro's AusCERT plenary.

As soon as you listen to Mark for more than five minutes you'll quickly realise he really knows what he's talking about.

This talk is about performing incident response and forensic analysis on live SCADA networks. It's very interesting stuff and Mark is a great presenter.

Yesterday I caught up with SCADA security expert and AusCERT speaker Mark Fabro of Lofty Perch.

We spoke about attempts by governments to mandate minimum security requirements for critical infrastructure through regulation. I started off by asking him what regulation attempts in North America look like now.

In this sponsored podcast we chat with both Arbor Networks' Nick Race and Matt Hollis of Vocus.

We discuss the state of both application and volumetric based DDoS techniques.

As you'd no doubt be aware, Arbor makes DDoS mitigation equipment -- there's the enterprise stuff that blocks application-based attacks, like attacks that exhaust resources on the target, then there's the telco stuff that blocks the volumetric attacks -- a.k.a. bandwidth exhaustion attacks.

I started off by speaking with Matt Hollis of ASX - listed connectivity provider Vocus. These guys have some serious tubes, so they're used to seeing a lot of volumetric attacks. Then I got on the line with Arbor Networks' Nick Race to discuss app-based attacks.

In this interview we chat with Juniper Networks' chief security architect Christopher Hoff. I posted the audio of Chris's plenary talk yesterday... it was very interesting stuff, so check it out if you get a chance. He basically outlined his vision for security automation -- security at scale.

A part of that vision is advocating a more communication and integration between apps and infrastructure. He says apps should be able to interact directly with networking infrastructure through APIs. It sounds great, but could it be a disaster?