Podcasts

Our coverage of AusCERT's 2010 conference is sponsored by Microsoft, and there's a few Microsofties floating about here. Two of them, Karl Hanmore and Steve Adegbite, prepared this presentation, titled "Engagement between National and Government CERTs and the vendor community -- benefits and challenges."

It is, in part, a criticism of the way vendors and CERTS are actually dealing with each other.

In this podcast you'll hear a presentation by Frank Stajano of the University of Cambridge. In it he discusses seven principles for systems security derived from understanding scam victims.

He argues that by understanding the recurring behavioural patterns of victims that hustlers have learned to exploit, we can create systems that are more resistant to fraud.

Frank plays three videos in the talk. With two of them you can get by with the audio alone, but the first one has a significant visual component. The good news is I found the video on Youtube, and I've linked to it here.

You'll hear me, during this presentation, say something along the lines of "check out the video now" so you can pause the mp3 and watch the video. Sounds a bit involved, I know, but it's the only way I could think of to bring this presentation to you.

Here's the YouTube link again.

In this podcast we chat to two guys from Australian-based security firm Stratsec.

Ben Bromhead and Ken Hendrie spend their lives up to their armpits in Windows mobile devices -- they actually do the worldwide common criteria evaluations for Windows mobile devices right here in Australia. As a result, these guys know a thing or two about mobile device security.

In their presentation, titled simply "mobile security", the two looked at the common threats to mobile devices and some mitigations. I caught up with them after their presentation for this interview.

In this interview we check in with a bit of a legend, Whitfield Diffie. He's universally credited as one of the creators of public key infrastructure, and he was the opening keynote speaker at the AusCERT conference.

I grabbed Whit for an interview in the hotel lobby bar and started off by asking him if he's disappointed that PKI hasn't been universally adopted yet.

In this sponsor podcast you'll hear an excerpt from Crispin Cowan's talk. Crispin works for Microsoft, but he used to be a vocal Microsoft critic and Linux fundamentalist.

These days he spends his time trying to retrofit Windows with decent security. He works for the Windows core team.

I'll drop you into the talk here where he's explaining how certain bad things happened to Windows and the Microsoft ecosystem, namely, how interoperability concerns hampered the software company's ability to secure Windows.

In this podcast you'll hear me speaking with Assurance.com.au's Neal Wise about the seven deadly sins of mobility. Neal's a penetration tester and a complete and utter wireless nerd. He's a regular on the show and as it turns out he's a standby speaker for this year's AusCERT conference. If anyone winds up too hungover on Wednesday to speak, Neal will step in.

You'll have most likely heard that Google has been busted collecting payload data from wireless networks as its vans drove around doing Google Street view videos... so I asked Neal for his take on that also. Enjoy.

This week's show is sponsored by Check Point Software.

In it we check in with Belgium-based security guy, spare-time researcher and noodler Didier Stevens.

We're talking to Didier about a weird little project he unveiled a couple of months ago. He's taken the source code from the command interpreter from ReactOS and compiled it into a DLL that he can shove into memory.

That way he gets shell without launching a new process. I got him on the show to ask him what the hell's wrong with Meterpreter for that sort of thing.

We'll also be joined by Check Point's Dan Baucaut in this week's sponsor interview. It used to be that outsourcing your firewall management was all the rage, but is it still popular and does it still make sense? Did it ever make sense?

As always, Adam Boileau is the week's news guest.

This week's feature interview is with Matt Olney of Sourcefire's vulnerability research team. These guys have put a bunch of work into a new open source tool that can grab files, like PDFs, off the wire, scan them for dodgy stuff and trigger Snort alerts.

It's called Near Real Time detection and it might just have legs.

This week's edition of the show is brought to you by Tenable Network Security, and as is our custom here at Risky.Biz HQ we chat with Tenable's CEO and industry stalwart Ron Gula in this week's sponsor interview. In it we discuss McAfee's borked update of a couple of weeks ago, logic bugs in the cloud and more.

Adam Boileau, as usual, drops in to discuss the week's news headlines.

You can find more info on NRT here.

In this RB2 podcast, sponsored by Symantec, Lateral Security's Adam Boileau and Mark Piper talk Web application hacking tools. What's hot? What's not? Web Scarab, Burp or CAT? Which for what? Play to find out!

H D Moore is this week's feature guest. The company he works for, Rapid7, will soon release a commercial version of Metasploit.

Risky Business asks HD about the new product and discusses the controversy that may arise from the commercialisation of the open source project.

Vitaly Kamlyuk from Kaspersky Lab is this week's sponsor guest. In the interview Vitaly expresses concerns that some legitimate research -- his, at times, included -- is playing into the hands of the bad guys.

And Adam Boileau is this week's news guest.

BTW Risky Business rules.