Podcasts

This speed debating panel from AusCERT's 2009 conference was loltastic. It takes about 15 minutes to really get going, but stick with it.

Risky Business regulars Peter Gutmann and Paul Ducklin participated in this panel, as did host Patrick Gray.

The debate was hosted by James O'Laughlin, who's probably best known in Australia as the host of the New inventors television program. He's a terrific moderator.

Anyway, I've chopped the whole thing down to about 50 minutes. Keep in mind this panel was held as the storms in Queensland peaked. The conference hall actually lost power when the panel was about to start.

Anyway, here it is, the Speed Debating panel from AusCERT's 2009 conference. Enjoy!

The following is a recording of David Rice's talk at AusCERT's 2009 conference. David is a sensational public speaker. Risky.Biz actually podcasted his keynote from the GovCERT conference in the Netherlands last year.

This talk is similar, but sufficiently different to warrant posting here.

David is best known as the author of Geekonomics: The Real Cost Of Insecure Software, and a consultant with Monterey Group. Enjoy!

Our coverage of AusCERT's 2009 conference is sponsored by Microsoft, and so we're doing these sponsored interviews about Microsoft stuff.

But that's ok, because it's all interesting!

In this interview with Microsoft's Secure Development Lifecycle big kahuna, Steve Lipner, we discuss the company's decision to release an SDL template for Visual Studio that allows third party developers to use Microsoft's SDL workflow.

It will hopefully mean fewer bugs in non-Microsoft Windows apps sometime in the future!

The following audio is an excerpt from Maltego creator Roelof Temmingh's AusCERT presentation.

Maltego is a very interesting bit of information visualisation software. If you haven't heard of it, check it out.

We've all heard the saying that we all leave digital footprints on the web. Well, in this part of his talk Roelof talks about creating false footprints, or false online identities.

It's seriously interesting stuff and not the sort of thing that you normally hear about at a security conference. We'll be posting an interview with Roelof at some point also.

In this recorded AusCERT presentation you'll hear Forward Discovery's Steve Whalen discussing forensic techniques for the iPhone. This is VERY niche stuff, mostly of interest to forensics guys and gals. That said, a lot of security people use iPhones so some may be interested to know what sort of techniques apply to a device they carry. Enjoy!

Hanmore joined AusCERT in 2005 following a five-year stint as the IT security manager of the Bank of Queensland. His new job at Microsoft, where he will be dubbed a senior security strategist, will see him pack his bags and move to Redmond.

"I will be heavily involved in relationships with various CERT teams globally, ensuring a smooth operational relationship between these teams and Microsoft," Hanmore told Risky.biz. "It's all about making sure that the end user and their support network have access to the information they need to remain secure online."

Hanmore described working at AusCERT as a highlight of his career.

AusCERT director Nick Tate says he will be missed. "It's clearly a great shame to be losing Karl," he says.

The resignation comes as a significant shake-up of the national CERT landscape looms.

The AusCERT organisation, which is technically a registered business name of the University of Queensland, will lose its title of national CERT. However, Tate says AusCERT will continue to provide services through the new, Attorney General-funded CERT program.

"We'll be providing some of the services for that," he says. "AusCERT is very much continuing... We're working on a service level agreement at the moment."

In this sponsored podcast from AusCERT's 2009 conference, Microsoft's Jeff Alexander discusses the features of Windows 7 that are likely to be of interest to security pros. DEP, BitLocker portable, AppLocker, UAC changes, the lot. Enjoy!

The computer security industry has sometimes been compared unfavourably to the fashion industry, putting up flamboyant defences where it doesn't make any difference while paying no attention to the open barn door behind the curtain.

Why do we allow three retries for passwords instead of two, or four, or thirty-eight? How effective are SSH fingerprints? And how's the ol' PKI thing doing?

This talk will look at some widespread examples of defending where the enemy isn't, including the underlying threat models (or lack thereof), the effectiveness of the defences, and the real-world pressures and externalities that affect them, along with various modest proposals for alternative approaches.

Scott McIntyre of Dutch ISP XS4all talks to Risky Business about his battle against VoIP fraudsters.

Between high-toll fraud and calling card scams, there's a number of ways fraudsters can turn your VoIP gateway into a source of cash for them, and misery for you.

Regular Risky Business guest Kimberly Zenz is in Australia for AusCERT and we caught up with her at the conference for this interview. We asked Kimberly about what she's been focussing out of personal and professional interest.

Enjoy!