Podcasts

News, analysis and commentary

IBM distributes malware-infested freebies at AusCERT

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Risky.Biz has confirmed IBM staff distributed malware-infected USB drives at the AusCERT security conference this week.

In a highly embarrassing admission, the company has sent a broadcast e-mail to all AusCERT attendees warning them of the security lapse.

"At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," the message reads. "Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

IBM is not the first company to distribute malware at AusCERT -- Australian telco Telstra did exactly the same thing in 2008.

Risky.Biz confirmed the authenticity of the e-mail message with IBM.

For all Risky.Biz coverage of AusCERT, click here.

For Risky.Biz podcast feeds click here.

RB2: AusCERT presentation: Michael Sutton on next generation offline Web applications

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

The following is a recording of a presentation by Zscaler's Michael Sutton. The topic is Security risks in the next generation of offline Web applications. Basically the talk looks at persistent client side storage, as brought on by stuff like Google Gears and the Database Storage functionality included in HTML5.

It was one of the better talks.

RB2: AusCERT presentation: Michael Sutton on next generation offline Web applications
0:00 / 53:00

RB2: AusCERT presentation: Scott McIntyre says "get a grip"

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this presentation you'll hear Scott McIntyre talking about maintaining proportionality when dealing with matters of digital security.

Scott's the Chief Security Officer for Dutch ISP XS4all and serves on the board of directors for the Forum of Incident Response and Security Teams, or FIRST.

In this talk Scott argues that all the FUD out there is leading to over regulation. He also argues that CSIRT teams and incident handlers actually cause some security failures and that understanding the far reaching consequences to our actions is critical if we're ever going to have a safe Internet experience for the masses.

RB2: AusCERT presentation: Scott McIntyre says "get a grip"
0:00 / 31:33

RB2: AusCERT presentation: Marcus Ranum on Cyber War

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this podcast you'll hear Marcus Ranum's keynote speech from day two of the conference. Marcus is Tenable Network Security's Chief Security Officer and he's widely credited as an early pioneer in firewall technology.

His talk is titled "Scenes from the 2010 US/China Cyber war".

RB2: AusCERT presentation: Marcus Ranum on Cyber War
0:00 / 50:59

RB2: SPONSOR PODCAST: Karl Hanmore and Steve Adegbite on CERTS and vendor relationships

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Our coverage of AusCERT's 2010 conference is sponsored by Microsoft, and there's a few Microsofties floating about here. Two of them, Karl Hanmore and Steve Adegbite, prepared this presentation, titled "Engagement between National and Government CERTs and the vendor community -- benefits and challenges."

It is, in part, a criticism of the way vendors and CERTS are actually dealing with each other.

RB2: SPONSOR PODCAST: Karl Hanmore and Steve Adegbite on CERTS and vendor relationships
0:00 / 35:41

RB2: AusCERT presentation: Frank Stajano on understanding scam victims

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this podcast you'll hear a presentation by Frank Stajano of the University of Cambridge. In it he discusses seven principles for systems security derived from understanding scam victims.

He argues that by understanding the recurring behavioural patterns of victims that hustlers have learned to exploit, we can create systems that are more resistant to fraud.

Frank plays three videos in the talk. With two of them you can get by with the audio alone, but the first one has a significant visual component. The good news is I found the video on Youtube, and I've linked to it here.

You'll hear me, during this presentation, say something along the lines of "check out the video now" so you can pause the mp3 and watch the video. Sounds a bit involved, I know, but it's the only way I could think of to bring this presentation to you.

Here's the YouTube link again.

RB2: AusCERT presentation: Frank Stajano on understanding scam victims
0:00 / 38:38

RB2: AusCERT interview: Mobile AV a "total waste" of money

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this podcast we chat to two guys from Australian-based security firm Stratsec.

Ben Bromhead and Ken Hendrie spend their lives up to their armpits in Windows mobile devices -- they actually do the worldwide common criteria evaluations for Windows mobile devices right here in Australia. As a result, these guys know a thing or two about mobile device security.

In their presentation, titled simply "mobile security", the two looked at the common threats to mobile devices and some mitigations. I caught up with them after their presentation for this interview.

RB2: AusCERT interview: Mobile AV a "total waste" of money
0:00 / 13:05

RB2: AusCERT interview: E-mail crypto a "pain in the ass" says PKI inventor

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this interview we check in with a bit of a legend, Whitfield Diffie. He's universally credited as one of the creators of public key infrastructure, and he was the opening keynote speaker at the AusCERT conference.

I grabbed Whit for an interview in the hotel lobby bar and started off by asking him if he's disappointed that PKI hasn't been universally adopted yet.

RB2: AusCERT interview: E-mail crypto a "pain in the ass" says PKI inventor
0:00 / 8:26

RB2: SPONSOR PODCAST: Former Linux guy turned MS staffer Crispin Cowan

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this sponsor podcast you'll hear an excerpt from Crispin Cowan's talk. Crispin works for Microsoft, but he used to be a vocal Microsoft critic and Linux fundamentalist.

These days he spends his time trying to retrofit Windows with decent security. He works for the Windows core team.

I'll drop you into the talk here where he's explaining how certain bad things happened to Windows and the Microsoft ecosystem, namely, how interoperability concerns hampered the software company's ability to secure Windows.

RB2: SPONSOR PODCAST: Former Linux guy turned MS staffer Crispin Cowan
0:00 / 14:04

RB2: AusCERT interview: Neal Wise on the seven deadly sins of mobility

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this podcast you'll hear me speaking with Assurance.com.au's Neal Wise about the seven deadly sins of mobility. Neal's a penetration tester and a complete and utter wireless nerd. He's a regular on the show and as it turns out he's a standby speaker for this year's AusCERT conference. If anyone winds up too hungover on Wednesday to speak, Neal will step in.

You'll have most likely heard that Google has been busted collecting payload data from wireless networks as its vans drove around doing Google Street view videos... so I asked Neal for his take on that also. Enjoy.

RB2: AusCERT interview: Neal Wise on the seven deadly sins of mobility
0:00 / 8:18