Podcasts

Risky.Biz has confirmed IBM staff distributed malware-infected USB drives at the AusCERT security conference this week.

In a highly embarrassing admission, the company has sent a broadcast e-mail to all AusCERT attendees warning them of the security lapse.

"At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," the message reads. "Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

IBM is not the first company to distribute malware at AusCERT -- Australian telco Telstra did exactly the same thing in 2008.

Risky.Biz confirmed the authenticity of the e-mail message with IBM.

For all Risky.Biz coverage of AusCERT, click here.

For Risky.Biz podcast feeds click here.

The following is a recording of a presentation by Zscaler's Michael Sutton. The topic is Security risks in the next generation of offline Web applications. Basically the talk looks at persistent client side storage, as brought on by stuff like Google Gears and the Database Storage functionality included in HTML5.

It was one of the better talks.

In this presentation you'll hear Scott McIntyre talking about maintaining proportionality when dealing with matters of digital security.

Scott's the Chief Security Officer for Dutch ISP XS4all and serves on the board of directors for the Forum of Incident Response and Security Teams, or FIRST.

In this talk Scott argues that all the FUD out there is leading to over regulation. He also argues that CSIRT teams and incident handlers actually cause some security failures and that understanding the far reaching consequences to our actions is critical if we're ever going to have a safe Internet experience for the masses.

In this podcast you'll hear Marcus Ranum's keynote speech from day two of the conference. Marcus is Tenable Network Security's Chief Security Officer and he's widely credited as an early pioneer in firewall technology.

His talk is titled "Scenes from the 2010 US/China Cyber war".

Our coverage of AusCERT's 2010 conference is sponsored by Microsoft, and there's a few Microsofties floating about here. Two of them, Karl Hanmore and Steve Adegbite, prepared this presentation, titled "Engagement between National and Government CERTs and the vendor community -- benefits and challenges."

It is, in part, a criticism of the way vendors and CERTS are actually dealing with each other.

In this podcast you'll hear a presentation by Frank Stajano of the University of Cambridge. In it he discusses seven principles for systems security derived from understanding scam victims.

He argues that by understanding the recurring behavioural patterns of victims that hustlers have learned to exploit, we can create systems that are more resistant to fraud.

Frank plays three videos in the talk. With two of them you can get by with the audio alone, but the first one has a significant visual component. The good news is I found the video on Youtube, and I've linked to it here.

You'll hear me, during this presentation, say something along the lines of "check out the video now" so you can pause the mp3 and watch the video. Sounds a bit involved, I know, but it's the only way I could think of to bring this presentation to you.

Here's the YouTube link again.

In this podcast we chat to two guys from Australian-based security firm Stratsec.

Ben Bromhead and Ken Hendrie spend their lives up to their armpits in Windows mobile devices -- they actually do the worldwide common criteria evaluations for Windows mobile devices right here in Australia. As a result, these guys know a thing or two about mobile device security.

In their presentation, titled simply "mobile security", the two looked at the common threats to mobile devices and some mitigations. I caught up with them after their presentation for this interview.

In this interview we check in with a bit of a legend, Whitfield Diffie. He's universally credited as one of the creators of public key infrastructure, and he was the opening keynote speaker at the AusCERT conference.

I grabbed Whit for an interview in the hotel lobby bar and started off by asking him if he's disappointed that PKI hasn't been universally adopted yet.

In this sponsor podcast you'll hear an excerpt from Crispin Cowan's talk. Crispin works for Microsoft, but he used to be a vocal Microsoft critic and Linux fundamentalist.

These days he spends his time trying to retrofit Windows with decent security. He works for the Windows core team.

I'll drop you into the talk here where he's explaining how certain bad things happened to Windows and the Microsoft ecosystem, namely, how interoperability concerns hampered the software company's ability to secure Windows.

In this podcast you'll hear me speaking with Assurance.com.au's Neal Wise about the seven deadly sins of mobility. Neal's a penetration tester and a complete and utter wireless nerd. He's a regular on the show and as it turns out he's a standby speaker for this year's AusCERT conference. If anyone winds up too hungover on Wednesday to speak, Neal will step in.

You'll have most likely heard that Google has been busted collecting payload data from wireless networks as its vans drove around doing Google Street view videos... so I asked Neal for his take on that also. Enjoy.