Podcasts

This week's show is sponsored by Microsoft and hosted by Vigabyte virtual hosting.

On this week's show we chat with Jose Nazario, the manager of security research for Arbor Networks. Jose is joining us to talk about the latest trends in botnet C&C. Apparently, using IRC is sooooo 2005 these days...

We also talk to Stuart Strathdee from Microsoft in this week's sponsor segment. In it, we discuss alleged criminal mastermind and all round badass Albert "The SoupNazi" Gonzalez. Will his capture and prosecution be a deterrent or an inspiration to fraudsters?

And of course the show wouldn't be complete without Adam "Metlstorm" Boileau jumping on board for a look at the week's news headlines.

This week's edition of Risky Business is brought to you by Sophos and hosted by Vigabyte virtual hosting.

On this week's show we chat with Professor Gernot Heiser. He's the chief Technology Officer of OK-Labs, or Open Kernel Labs. The company makes software for embedded systems, and recently NICTA -- that's a government funded technology R&D lab -- has claimed to have mathematically verified one of the OK-labs kernels as being mathematically perfect. No buffer overflows. No null pointer dereferences. No divide by zeros.

The Prof stops by to explain what this all means.

We also chat with Sean Richmond from Sophos in this week's sponsor interview. We quiz Sean on this virus doing the rounds that affects Delphi development environments. Interesting stuff!

And of course Adam Boileau pops by with the week's news headlines.

In this special interview you'll hear our New Zealand correspondent Paul Craig interviewing Security-Assessment.com's Roberto Suggi Liverani and Nick Freeman discuss their research into exploiting Firefox extensions.

These guys were doing a review of a large web application and evaluation of a related firefox extension was in scope.

Skype extensions, search toolbars -- all those extensions that people routinely install into their browsers, well, it turns out a lot of them are buggy as hell and these two have figured out how to exploit these little suckers, and at best guess, there's around 30 million boxes out there vulnerable to the extension bugs they've identified.

On this week's show we're chatting with CEO of Australia's Internet Industry Association, Peter Coroneos. Peter led the charge for a National 2FA scheme many years ago... it hasn't quite gotten off the ground yet, but Peter joins us shortly to discuss the scheme, how it got started and why it hasn't really gone anywhere yet.

We're also joined by a special guest in our sponsor segment this week, Paul Asadoorian, the host of the PaulDotCom Security Weekly podcast. Paul's dayjob is as Tenable's "Evangelist". He won't be evangelising anything this week though, he's popping by to talk about training. Paul did work for SANS, and we'll be asking Paul what he thinks training and certification are good for.

And we'll be checking the week's news with Adam "metlstorm" Boileau!

In this month's sponsored podcast here on Risky Business 2 we're chatting with Symantec's Senior Director of Global Security Response Operations Group, Kevin Hogan, about quite a few things.

We'll be talking about the standardisation of many forms of malware, weaknesses in the packers the bad guys are using -- that's interesting -- and heaps of other stuff around online threats.

Sydney's inaugural eCrime Symposium kicked off on Tuesday, and Risky Business was there with an audio recorder.

We recorded this panel discussion while we were there and decided it'd make a good podcast. The speakers are Rachel Dixon, who's a technology executive here in Australia for online media group Viocorp, as well as being the deputy chair of consumer group Choice, Phil Argy, the head of the Technology Dispute Centre, and Sean Richmond from Sophos.

The panel was hosted by Nigel Phair.

I've basically cut it down to focus on the comments of Rachel Dixon. She was the best speaker on the day, and her riffs make for interesting listening.

There is no news segment this week due to a nasty bit of chicken making me quite ill on Wednesday and Thursday. I'll spare you the details. I'm also moving house tomorrow, so things this week have just got a little crazy.

But RB will be back next week with a bit of a wrap from all the shenanigans in Vegas and a proper news update.

In this week's sponsor interview we're trying something different. We're having a chat to Tim Smith of Bridgepoint, a Check Point Gold Partner. Tim's at the coalface of the Australian security industry, so we took this opportunity to get a commercial perspective on what's happening out there in the market, and in particular, with PCI.

As you'll hear, Tim says all sorts of organisations -- from online retailers to corner stores -- are being roped into the regime, which obviously makes life interesting.

In this presentation from New Zealand's OWASP day, you'll hear Lateral Security's Nick Von Dadelszen describe testing methods for Web services.

Unfortunately he does some demonstrations that don't really translate well via audio, but if this is already an area of interest to you, then you'll still find it valuable.

In this interview, you'll hear Risky.Biz's New Zealand correspondent Paul Craig discuss Web services security with Lateral Security's Nick Von Dadelszen.

We all hear a lot of talk about web application vulnerabilities, and not much at all about web services problems. The result is a lot of web services are wide open.

Readers of the Risky.Biz website would have heard by now that McAfee accidentally leaked the full contact information of 1400 registrants for its strategic security summit that was held in Sydney on July 17.

McAfee's Asia Pacific President Steve Redman is this week's feature guest -- he joined the program to face the music for that one.

We've also got a sponsor interview with Microsoft's Stuart Strathdee in this week's show. We ask Stuart why Microsoft's free security software won't be available to systems that fail windows genuine advantage tests, as well as chatting about mobile security in light of the recently discovered Symbian botnet.

Adam Boileau joins us to discuss the week's news, and we can assure you there was lots of it!

The marketing spreadsheet contained the full names, titles, organisation names, phone numbers and e-mail addresses of all who had registered for or attended the company's recent Strategic Security Summit on July 17 in Sydney.

"We did have a human error where the seminar contact list was attached to a promotional e-mail that was sent to... we don't know how many of the delegates," McAfee's Asia Pacific President, Steve Redman, told Risky.Biz by phone. "The important thing to note is this was not financial information, not mission critical information, it was a contact list."

The list was mostly comprised of the details of in-house IT security professionals for Australian organisations. It included the details of those who had attended, those who registered but never showed up, and those who walked in without registering.

The company tried recalling the message after it accidentally leaked, and subsequently sent an e-mail asking those who may have received it to delete the contact list.

As such, Redman says the company will not be contacting everyone on the marketing list to inform them of the leak. "We don't know whether all those people deleted it," he says. "If 50 people got our list... and then we asked them all to delete it and they did, then the information's not out there."

Risky.Biz has sighted the list -- which contains comprehensive contact details for security professionals from banking institutions, government departments and other large enterprises -- throwing doubt on Redman's hopes the list has been deleted.

Chris Gatford, director of HackLabs attended the event and was alarmed when he learned of the leak. "It contained my registration information," he says. "I am not happy about it sitting in unknown hands."

He says he's surprised McAfee would be so careless with what he describes as sensitive information. He also disputes Redman's assertion the leak is trivial because it is a mere contact list.

"I am sure [McAfee's] competitors would be very excited to have this fall into their inbox," he says. "[And] that list would be great to attack as it is a who's who of the security gatekeepers of Australia's largest organisations."

Want more exclusive security news? Sign up for our weekly newsletter here. Create an account to post to our forums!