Podcasts

You're about to hear a recording of Peter Gutmann's speech here which is all about crypto. Well, it's sort of about crypto. With newspapers filled with stories about the NSA subverting crypto standards, Peter asks us whether that really matters. Why would an attacker bother breaking crypto when they can just bypass it?

Peter is well positioned to do this talk. He's a researcher in the Department of Computer Science at the University of Auckland and works on the design and analysis of cryptographic security architectures and security usability.

He helped write PGP, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit. And luckily for us, he's a fairly regular guest on Risky Business.

You're about to hear my interview with Matt Jones, a security consultant who runs a small outfit named Volvent.

He's been working on a very interesting side project for a couple of years now. Essentially it's a social media analyser that identifies sources of high-quality information. Users can tap in a keyword and drill through the conversations on social media that actually matter -- the conversations that influence the influencers. The project was born of Matt's desire to never have to log in to Twitter again.

In this interview we're chatting with Neal Wise of Assurance.com.au. Don't let the accent fool you, Neal is based in Melbourne and has been for as long as I can remember, and he did a great talk here at the AusCERT conference called Hacking the Gibson, which was all about pwning supercomputers.

I warn you in advance that there are a few references from the movie Hackers in this interview... sorry about that... HACK THE PLANET!! .... but yeah, Neal has been doing some work involving supercomputers and I decided to interview him about them. They make excellent bitcoin mining boxes!

You're about to hear an interview I recorded with Bob Clark. He currently teaches law at the US Naval Academy, but he's been doing military law for a long time, even serving as the operational attorney for the US Army Cyber Command at one point.

I posted his talk yesterday... he touched on the Weev vs AT&T trial in that and I thought it would be interesting to get his perspective on the CFAA, precisely because it's not the sort of thing he normally concerns himself with. He has less of an agenda than a defence attorney or a prosecutor.

(If you haven't heard the episode of the regular Risky Business podcast where I had a chat with Weev and recapped that whole thing you might want to check it out because we reference it in this interview. It's here.)

David Litchfield is a very well known researcher in the field of database security. He's been at it for over a decade, and managed to be a permanent pain in Oracle's neck since he first started dropping database 0day a million years ago.

So I asked him what has changed in the field of database security. Has Oracle improved its procedures?

In this sponsor podcast we hear from FireEye's APAC CTO Bryce Boland about the effect next generation antimalware gear is having on the modus operandi of sophisticated attackers.

The possibility of burning their sweet, sweet 0days is actually turning some attackers away from well-resourced targets and towards secondary targeting; attacking their targets' partners and suppliers.

PRESENTATION: When is a cyberwar (drink!) a cyberwar (drink!)?
Bob Clark returns to AusCERT\u2026

This is a recording of a presentation by Bob Clark, who these days teaches at the US Naval Academy. He has a long history as a department of defence lawyer including a stint as the counsel for the US Army Cyber Command.

In this talk Bob covers some ground he has covered before -- looking at when an online action represents an act of war under the laws of armed conflict -- but also takes a look at some legal cases in the civilian world involving the CFAA.

We're going to kick things off with a recording of the opening keynote from the conference... this talk is by Felix "FX" Lindner of Recurity Labs.

Felix is a very well known hacker and researcher, and his talk is titled we come in peace, they don't. As you'll hear, he's not exactly Google's number one fan. Here he is, I hope you enjoy it!

This is a recording of Ed Felton's plenary session from AusCERT 2014.

Ed Felton is a professor of computer science and public affairs at Princeton's centre for information technology policy. From 2011 to 2012 he was the first Chief Technologist for the Federal Trade Commission. He's a very well known and highly regarded researcher and academic and he spoke at AusCERT on security in a surveilled world.

Our coverage continues now with an interview I recorded with Olivia Maree and Dave Jorm. Olivia holds a law degree and just finished a six month stint as a community manager with BugCrowd\u2026 Dave Jorm studies geology and mathematics at UQ and has worked in the software industry for around 14 years.

Some of you would remember the interview I did with Dave last year about his OSINT analysis of North Korea, I also recorded and published his AusCERT talk on that topic last year. Well, this year he returned to AusCERT with his pal Olivia Maree to do another North Korea-themed presentation. This time the pair presented a talk about the information cordon - how information gets in and out of the country. Between USB thumb drives attached to home-made air balloons to tiny radios smuggled in to the Democratic People's Republic of Korea, you'll hear that state control of information entering the country isn't what it used to be, and, you know, that's a pretty big deal. and yes, I know this isn't your typical info sec story but you all loved my interview with Dave last year so I figured you'd all want to hear about this anyway\u2026

I started off by asking Olivia how the regime seeks to control information flowing into North Korea\u2026

**************EDITOR'S NOTE: This post originally referred to Olivia Maree as a lawyer. While she has a law degree, Olivia has never worked as a lawyer or completed articles. Apologies for any confusion. The audio introduction to this interview is still incorrect and will not be updated. - PG