Podcasts

The computer security industry has sometimes been compared unfavourably to the fashion industry, putting up flamboyant defences where it doesn't make any difference while paying no attention to the open barn door behind the curtain.

Why do we allow three retries for passwords instead of two, or four, or thirty-eight? How effective are SSH fingerprints? And how's the ol' PKI thing doing?

This talk will look at some widespread examples of defending where the enemy isn't, including the underlying threat models (or lack thereof), the effectiveness of the defences, and the real-world pressures and externalities that affect them, along with various modest proposals for alternative approaches.

Scott McIntyre of Dutch ISP XS4all talks to Risky Business about his battle against VoIP fraudsters.

Between high-toll fraud and calling card scams, there's a number of ways fraudsters can turn your VoIP gateway into a source of cash for them, and misery for you.

Regular Risky Business guest Kimberly Zenz is in Australia for AusCERT and we caught up with her at the conference for this interview. We asked Kimberly about what she's been focussing out of personal and professional interest.

Enjoy!

Cybercrime analyst Kimberly Zenz, of US-based firm iDefense, says the adoption of the EMV chip and pin credit card security standard in Europe means criminal syndicates are having difficulty using stolen card data there. But the same European card information can be used to rip off Australian merchants because the extended authentication made possible by EMV is unavailable here.

"Australia's had problems with this because it takes cards... from the UK that [fraudsters] cannot use in the UK," she told Risky.Biz. "They'll come and use them here for that reason, because here they don't have... [EMV] in place."

Cultural ties between Australia and the UK make the fraud even more appealing to crooks, Zenz argues.

"There's a lot of connections between the UK and Australia," Zenz said. "It's reasonable to expect British cards would be used here. What they're doing is looking for other places to use these cards because it's a lot harder to do it in their own country."

While Zenz won't reveal specific intelligence, she insists it's a significant problem in the Australian market. "It definitely is happening in Australia," she says. "It's always about maximum return for minimum risk and cost."

Universal adoption of a standard like EMV may seem like a simple solution, but the reality is more complex, Zenz says. "The question then becomes if it became universally rolled out, what would they do next? Would they find a solution or would they move on to something else. That remains to be seen."

Risky.Biz's podcast interview with Kimberly Zenz can be found here.

Want more security news like this? Sign up for our newsletter here.

In this podcast we chat to Microsoft's Keith Brintzenhofe. He manages the Information Protection and Control (IPC) product unit in the Identity & Security Division of Microsoft. He joined Risky Business 2 to explain Microsoft's collaboration with RSA on DLP and document rights management software.

This is a sponsor podcast.

In this AusCERT presentation, RTComm.ru's security team discusses the Russian DDoS scene. RTComm.ru is Russia's largest ISP.

Their English isn't perfect, but presenters Dmitry Levashev and Ruslan Stoyanov give an interesting talk here. Enjoy!

In this podcast interview, Assurance.com.au's Neal Wise and Oliver Greiter argue wireless security has come a long way.

Wise is a big-time wireless geek. He and Greiter did a presentation on wireless security on day one of AusCERT, which Risky.Biz, unfortunately, was unable to record.

Still, check out this interview if you're keen on the latest developments in wireless trends.

Paul Twomey is ICANN's President and CEO. In this keynote address recorded on day one of AusCERT's security conference, Twomey argues collaboration is the key to ensuring the long-term security of Internet infrastructure.

UPDATE: The link to the audio file was incorrect in the original post. Fixed now.

ASI Solutions Executive Manager of IT Security Services, Andrew Rourke, discusses mobile phone forensics -- a history, and the future. Enjoy!

We'll be publishing interviews with all our Risky Business favourites including Kimberly Zenz of iDefense, Auckland University's Peter Gutmann, Assurance.com.au's Neal Wise, Queensland Police Superintendant Brian Hay, Geekonomics author David Rice and many, many more.

All recorded content will be available through the Risky Business 2 RSS feed, which can be found here.