Podcasts

In this presentation you'll hear Tor project leader Roger Dingledine talking all about Tor. Who uses it? Why? What's it good for?

For those who don't know what it is, Tor is a free-software anonymizing network that helps people around the world use the Internet in safety, the official blurb says.

Tor's 1600 volunteer relays carry traffic for several hundred thousand users including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, and soldiers and aid workers in the Middle East who need to contact their home servers without fear of physical harm.

So if you're based in Iran or China and don't want the government being able to identify your source IP, it's a pretty handy tool.

But governments are cottoning on to Tor and making efforts to block their citizens from using the Tor network. Roger discusses the changes the Tor project has made to combat these government restrictions. It's a good talk and I hope you enjoy it!

In this presentation, Cisco's Vice President and Chief Security Officer John Stewart tries to pin down where we're going to be in 2012. More devices doing more things! Malware embedded in video streams! All sorts of funky stuff!

In this podcast you'll hear an interview I did with ZScaler's Michael Sutton. In it he expresses frustration that criminals are able to so easily manipulate Google's search results for trending topics.

Sutton claims that malicious pages linked to trending topics are rising through Google's rankings almost immediately. In other words, the bad guys have gotten good at SEO.

But if Sutton and his colleagues can identify these pages from outside Google, why can't Google detect them? It's not exactly short on resources or cash.

In the following interview, Microsoft's Steve Adegbite joins me for this interview about the potential for a nanny state operating system.

With all this rogue AV stuff floating about, the Microsofties are encountering a few fairly significant dilemmas on how to deal with this stuff. Should the OS only accept certain, known brands of AV? Well, then they're acting as a gateway and telling people what they can and can't run. Can't do that. What about a warning system like they did with device drivers? Well, that wasn't much good in the end because people just ignored the warnings.

So what can Microsoft do about this rogue AV problem?

What you're about to hear is the speed debating panel from AusCERT's 2010 conference.

A highlight of the conference, this year's panel was hosted by Australian media personality guy Adam Spencer. Panelists were: Max Kilger, Scott McIntyre, Marcus J. Ranum, Roger Dingledine, Alastair MacGibbon, Paul Gampe and Tim Redhead.

In this interview you'll hear me having a quick chat to Stratsec's Ben Mosse about vulnerability mitigation in Windows. Cutting a long story short, he reckons measures like DEP and ASLR work quite well, and it's only a matter of time before more, similar protections are introduced.

Risky.Biz has confirmed IBM staff distributed malware-infected USB drives at the AusCERT security conference this week.

In a highly embarrassing admission, the company has sent a broadcast e-mail to all AusCERT attendees warning them of the security lapse.

"At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," the message reads. "Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

IBM is not the first company to distribute malware at AusCERT -- Australian telco Telstra did exactly the same thing in 2008.

Risky.Biz confirmed the authenticity of the e-mail message with IBM.

For all Risky.Biz coverage of AusCERT, click here.

For Risky.Biz podcast feeds click here.

The following is a recording of a presentation by Zscaler's Michael Sutton. The topic is Security risks in the next generation of offline Web applications. Basically the talk looks at persistent client side storage, as brought on by stuff like Google Gears and the Database Storage functionality included in HTML5.

It was one of the better talks.

In this presentation you'll hear Scott McIntyre talking about maintaining proportionality when dealing with matters of digital security.

Scott's the Chief Security Officer for Dutch ISP XS4all and serves on the board of directors for the Forum of Incident Response and Security Teams, or FIRST.

In this talk Scott argues that all the FUD out there is leading to over regulation. He also argues that CSIRT teams and incident handlers actually cause some security failures and that understanding the far reaching consequences to our actions is critical if we're ever going to have a safe Internet experience for the masses.

In this podcast you'll hear Marcus Ranum's keynote speech from day two of the conference. Marcus is Tenable Network Security's Chief Security Officer and he's widely credited as an early pioneer in firewall technology.

His talk is titled "Scenes from the 2010 US/China Cyber war".