Podcasts

What you're about to hear is the speed debating panel from AusCERT's 2010 conference.

A highlight of the conference, this year's panel was hosted by Australian media personality guy Adam Spencer. Panelists were: Max Kilger, Scott McIntyre, Marcus J. Ranum, Roger Dingledine, Alastair MacGibbon, Paul Gampe and Tim Redhead.

In this interview you'll hear me having a quick chat to Stratsec's Ben Mosse about vulnerability mitigation in Windows. Cutting a long story short, he reckons measures like DEP and ASLR work quite well, and it's only a matter of time before more, similar protections are introduced.

Risky.Biz has confirmed IBM staff distributed malware-infected USB drives at the AusCERT security conference this week.

In a highly embarrassing admission, the company has sent a broadcast e-mail to all AusCERT attendees warning them of the security lapse.

"At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," the message reads. "Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

IBM is not the first company to distribute malware at AusCERT -- Australian telco Telstra did exactly the same thing in 2008.

Risky.Biz confirmed the authenticity of the e-mail message with IBM.

For all Risky.Biz coverage of AusCERT, click here.

For Risky.Biz podcast feeds click here.

The following is a recording of a presentation by Zscaler's Michael Sutton. The topic is Security risks in the next generation of offline Web applications. Basically the talk looks at persistent client side storage, as brought on by stuff like Google Gears and the Database Storage functionality included in HTML5.

It was one of the better talks.

In this presentation you'll hear Scott McIntyre talking about maintaining proportionality when dealing with matters of digital security.

Scott's the Chief Security Officer for Dutch ISP XS4all and serves on the board of directors for the Forum of Incident Response and Security Teams, or FIRST.

In this talk Scott argues that all the FUD out there is leading to over regulation. He also argues that CSIRT teams and incident handlers actually cause some security failures and that understanding the far reaching consequences to our actions is critical if we're ever going to have a safe Internet experience for the masses.

In this podcast you'll hear Marcus Ranum's keynote speech from day two of the conference. Marcus is Tenable Network Security's Chief Security Officer and he's widely credited as an early pioneer in firewall technology.

His talk is titled "Scenes from the 2010 US/China Cyber war".

Our coverage of AusCERT's 2010 conference is sponsored by Microsoft, and there's a few Microsofties floating about here. Two of them, Karl Hanmore and Steve Adegbite, prepared this presentation, titled "Engagement between National and Government CERTs and the vendor community -- benefits and challenges."

It is, in part, a criticism of the way vendors and CERTS are actually dealing with each other.

In this podcast you'll hear a presentation by Frank Stajano of the University of Cambridge. In it he discusses seven principles for systems security derived from understanding scam victims.

He argues that by understanding the recurring behavioural patterns of victims that hustlers have learned to exploit, we can create systems that are more resistant to fraud.

Frank plays three videos in the talk. With two of them you can get by with the audio alone, but the first one has a significant visual component. The good news is I found the video on Youtube, and I've linked to it here.

You'll hear me, during this presentation, say something along the lines of "check out the video now" so you can pause the mp3 and watch the video. Sounds a bit involved, I know, but it's the only way I could think of to bring this presentation to you.

Here's the YouTube link again.

In this podcast we chat to two guys from Australian-based security firm Stratsec.

Ben Bromhead and Ken Hendrie spend their lives up to their armpits in Windows mobile devices -- they actually do the worldwide common criteria evaluations for Windows mobile devices right here in Australia. As a result, these guys know a thing or two about mobile device security.

In their presentation, titled simply "mobile security", the two looked at the common threats to mobile devices and some mitigations. I caught up with them after their presentation for this interview.

In this interview we check in with a bit of a legend, Whitfield Diffie. He's universally credited as one of the creators of public key infrastructure, and he was the opening keynote speaker at the AusCERT conference.

I grabbed Whit for an interview in the hotel lobby bar and started off by asking him if he's disappointed that PKI hasn't been universally adopted yet.