Podcasts

Cybercrime analyst Kimberly Zenz, of US-based firm iDefense, says the adoption of the EMV chip and pin credit card security standard in Europe means criminal syndicates are having difficulty using stolen card data there. But the same European card information can be used to rip off Australian merchants because the extended authentication made possible by EMV is unavailable here.

"Australia's had problems with this because it takes cards... from the UK that [fraudsters] cannot use in the UK," she told Risky.Biz. "They'll come and use them here for that reason, because here they don't have... [EMV] in place."

Cultural ties between Australia and the UK make the fraud even more appealing to crooks, Zenz argues.

"There's a lot of connections between the UK and Australia," Zenz said. "It's reasonable to expect British cards would be used here. What they're doing is looking for other places to use these cards because it's a lot harder to do it in their own country."

While Zenz won't reveal specific intelligence, she insists it's a significant problem in the Australian market. "It definitely is happening in Australia," she says. "It's always about maximum return for minimum risk and cost."

Universal adoption of a standard like EMV may seem like a simple solution, but the reality is more complex, Zenz says. "The question then becomes if it became universally rolled out, what would they do next? Would they find a solution or would they move on to something else. That remains to be seen."

Risky.Biz's podcast interview with Kimberly Zenz can be found here.

Want more security news like this? Sign up for our newsletter here.

In this podcast we chat to Microsoft's Keith Brintzenhofe. He manages the Information Protection and Control (IPC) product unit in the Identity & Security Division of Microsoft. He joined Risky Business 2 to explain Microsoft's collaboration with RSA on DLP and document rights management software.

This is a sponsor podcast.

In this AusCERT presentation, RTComm.ru's security team discusses the Russian DDoS scene. RTComm.ru is Russia's largest ISP.

Their English isn't perfect, but presenters Dmitry Levashev and Ruslan Stoyanov give an interesting talk here. Enjoy!

In this podcast interview, Assurance.com.au's Neal Wise and Oliver Greiter argue wireless security has come a long way.

Wise is a big-time wireless geek. He and Greiter did a presentation on wireless security on day one of AusCERT, which Risky.Biz, unfortunately, was unable to record.

Still, check out this interview if you're keen on the latest developments in wireless trends.

Paul Twomey is ICANN's President and CEO. In this keynote address recorded on day one of AusCERT's security conference, Twomey argues collaboration is the key to ensuring the long-term security of Internet infrastructure.

UPDATE: The link to the audio file was incorrect in the original post. Fixed now.

ASI Solutions Executive Manager of IT Security Services, Andrew Rourke, discusses mobile phone forensics -- a history, and the future. Enjoy!

We'll be publishing interviews with all our Risky Business favourites including Kimberly Zenz of iDefense, Auckland University's Peter Gutmann, Assurance.com.au's Neal Wise, Queensland Police Superintendant Brian Hay, Geekonomics author David Rice and many, many more.

All recorded content will be available through the Risky Business 2 RSS feed, which can be found here.

This week's podcast is hosted by Vigabyte virtual hosting and sponsored by Tenable Network Security.

Risky Business 108 takes a look at the SDL as it applies to web applications. White Hat Security's Jeremiah Grossman joins the program to argue secure code, in the case of web applications, isn't necessarily cheaper code. It sounds like heresy, but Grossman makes some pretty compelling points during his interview.

Adam Boileau joins us to discuss the news headlines, and this week's sponsor interview is with Tenable Network Security's CSO Marcus Ranum. This week we talk to Ranum about the ridiculousness of the credit card transaction model.

NEWS ITEMS DISCUSSED THIS WEEK:

Researchers Hack Web Application Firewalls

PowerPoint gets hefty fix, Apple inundates
Cyber attack could bring U.S. military response

Microsoft patches critical PowerPoint hole

UC Berkeley computers hacked, 160,000 at risk

Porn name game - is it fun or a live Phishing exercise?

Report: Hackers broke into FAA air traffic control systems

Pirated Windows 7 OS Comes With Trojan, Builds A Botnet

Heartland Breach Cost Company $12.6 Million So Far

Fraudsters are placing fake rental property listings for affordable inner Sydney apartments on the site. Upon contacting the purported landlord, would-be renters are being instructed to transfer money offshore in exchange for apartment keys that will never arrive.

The 'landlord' claims to have moved to Italy, but promises to send the keys along with the lease lease when a bond is received in escrow. If the would-be renter doesn't like the apartment after using the keys to inspect it, they are assured their money will be refunded. There are, of course, no keys. Or apartment, for that matter.

"I have found a procedure that will allow us to make a fast and safe deal and through this way you will see [the apartment] and decide if you will stay in the apt or not before I receive my payment," one of the scam e-mails reads. "In this way you will receive the keys in less than two days, if you move fast as well."

The wire transfer the fraudsters instruct their marks to use, conducted through Western Union, is irreversible and final.

Risky.Biz had identified two, distinct fraudulent listings offering inner-city apartments for rent at $250 a week, with a $1,000 bond payable.

At least one victim has been confirmed. They lost $2,000; half in bond, half in advance rent.

Domain.com.au's Product and Customer Care Director Nathan Moyes told Risky.Biz the fraudulent listings were pulled as soon as the company became aware of them.

"The Domain.com.au customer care team removed the ads within 10 minutes of confirming them as suspicious listings, about 45 minutes after you reported the incident," an e-mail from Moyes via Domain's PR agency reads. "As a result of this incident, we will look to place more information on safe online security practices in a position of further prominence on our site."

Want more, exclusive IT security news? Sign up for the weekly Risky.Biz information security newsletter.

The new company employs a total of 65 people, with no staff being made redundant from either SIFT or Stratsec during the merger. The new company will retain the stratsec name and recruit 4-5 new staff immediately with a view to further expansion later this year, according to the new company's CTO and SIFT founder Nick Ellsmore.

"We (SIFT) had 15 before the merger, and certainly none being made redundant," he told Risky.biz. "We're looking to recruit 4-5 straight away, and will probably need close to 10 more by the end of the year."

The Australian information security industry has been too fragmented for too long, Ellsmore says, with no real market leader in the "independent" security consulting space.

"We now have the scale, the breadth, and the depth, to take on virtually any information security project that can be thrown at us," Ellsmore claims. "[SIFT and stratsec] both had a vision for building the dominant firm in this space, and given a good cultural fit between the firms, and a good relationship between the three Directors... we saw an opportunity to fast-track that growth and took it."