Risky Business Podcast

This week's show is sponsored by Microsoft and hosted by Vigabyte virtual hosting.

On this week's show we chat with Jose Nazario, the manager of security research for Arbor Networks. Jose is joining us to talk about the latest trends in botnet C&C. Apparently, using IRC is sooooo 2005 these days...

We also talk to Stuart Strathdee from Microsoft in this week's sponsor segment. In it, we discuss alleged criminal mastermind and all round badass Albert "The SoupNazi" Gonzalez. Will his capture and prosecution be a deterrent or an inspiration to fraudsters?

And of course the show wouldn't be complete without Adam "Metlstorm" Boileau jumping on board for a look at the week's news headlines.

This week's edition of Risky Business is brought to you by Sophos and hosted by Vigabyte virtual hosting.

On this week's show we chat with Professor Gernot Heiser. He's the chief Technology Officer of OK-Labs, or Open Kernel Labs. The company makes software for embedded systems, and recently NICTA -- that's a government funded technology R&D lab -- has claimed to have mathematically verified one of the OK-labs kernels as being mathematically perfect. No buffer overflows. No null pointer dereferences. No divide by zeros.

The Prof stops by to explain what this all means.

We also chat with Sean Richmond from Sophos in this week's sponsor interview. We quiz Sean on this virus doing the rounds that affects Delphi development environments. Interesting stuff!

And of course Adam Boileau pops by with the week's news headlines.

On this week's show we're chatting with CEO of Australia's Internet Industry Association, Peter Coroneos. Peter led the charge for a National 2FA scheme many years ago... it hasn't quite gotten off the ground yet, but Peter joins us shortly to discuss the scheme, how it got started and why it hasn't really gone anywhere yet.

We're also joined by a special guest in our sponsor segment this week, Paul Asadoorian, the host of the PaulDotCom Security Weekly podcast. Paul's dayjob is as Tenable's "Evangelist". He won't be evangelising anything this week though, he's popping by to talk about training. Paul did work for SANS, and we'll be asking Paul what he thinks training and certification are good for.

And we'll be checking the week's news with Adam "metlstorm" Boileau!

Sydney's inaugural eCrime Symposium kicked off on Tuesday, and Risky Business was there with an audio recorder.

We recorded this panel discussion while we were there and decided it'd make a good podcast. The speakers are Rachel Dixon, who's a technology executive here in Australia for online media group Viocorp, as well as being the deputy chair of consumer group Choice, Phil Argy, the head of the Technology Dispute Centre, and Sean Richmond from Sophos.

The panel was hosted by Nigel Phair.

I've basically cut it down to focus on the comments of Rachel Dixon. She was the best speaker on the day, and her riffs make for interesting listening.

There is no news segment this week due to a nasty bit of chicken making me quite ill on Wednesday and Thursday. I'll spare you the details. I'm also moving house tomorrow, so things this week have just got a little crazy.

But RB will be back next week with a bit of a wrap from all the shenanigans in Vegas and a proper news update.

In this week's sponsor interview we're trying something different. We're having a chat to Tim Smith of Bridgepoint, a Check Point Gold Partner. Tim's at the coalface of the Australian security industry, so we took this opportunity to get a commercial perspective on what's happening out there in the market, and in particular, with PCI.

As you'll hear, Tim says all sorts of organisations -- from online retailers to corner stores -- are being roped into the regime, which obviously makes life interesting.

Readers of the Risky.Biz website would have heard by now that McAfee accidentally leaked the full contact information of 1400 registrants for its strategic security summit that was held in Sydney on July 17.

McAfee's Asia Pacific President Steve Redman is this week's feature guest -- he joined the program to face the music for that one.

We've also got a sponsor interview with Microsoft's Stuart Strathdee in this week's show. We ask Stuart why Microsoft's free security software won't be available to systems that fail windows genuine advantage tests, as well as chatting about mobile security in light of the recently discovered Symbian botnet.

Adam Boileau joins us to discuss the week's news, and we can assure you there was lots of it!

This week's show is hosted by Vigabyte and sponsored by Sophos. You'll hear from Sophos's Paul Ducklin later on in the show in this week's sponsor interview.

This week's feature interview is with Chris Eng of Veracode, and we'll be chatting about his analysis of a nasty bit of blackberry spyware that was pushed out to all blackberry users on UAE-based carrier Etisalat.

And of course we're joined by Adam Boileau for a discussion of the week's news.

On this week's show we're joined by semi regular guest Adam Pointon. Adam's the CSO for a financial services company, so he has a fair bit of insight into both security technology and market-based technology. You may have heard by now that investment bank Goldman Sachs has claimed its trading algorithm has been stolen by one of its developers. Why is this a big deal? How would possession of that algorithm be advantageous to an attacker? Adam joins the show to tell us.

We also hear from Brian "Jericho" Martin -- he's the maintainer of the open source vulnerability database and he also works for Tenable Network Security, our sponsor. He'll be along in this week's sponsor interview to have a chat about that nasty DirectShow ActiveX bug that's doing the rounds at the moment -- did Microsoft drop the ball on this one? Well, the answer is maybe, as you'll hear.

We have a special news guest this week, too -- iDefense cybercrime analyst Kimberly Zenz.

This week's edition of Risky Business is hosted by Vigabyte virtual hosting and brought to you by Check Point.

On this week's show we'll be joined by Gartner analyst Andrew Walls, who's got some less than reassuring things to say about the security of your job in the long term. Apparently the great big destructive meteor, "outsourcing," is about to collide with planet infosec, and when that happens it'll be grim indeed.

We'll also be joined by Steve McDonald, Check Point Australia's Engineering Services Manager, to discuss a softening in the stance of security companies when considering hiring people with a dark past. With guys like Jeff Moss on DHS advisory panels, can we still expect to hear the CEOs of large companies tonking on about how they "don't hire hackers"? Or will they just look a little bit backwards if they do.

Adam Boileau, as usual, joins the show to discuss the week's news stories.

This week we're taking a look at the technology angle to this whole mess in Iran. We'll be chatting with Arbor Networks chief scientist Craig Labovitz about the filtering the government is doing over there, then we'll be checking in with Roelof Temmingh of Paterva.

Paterva makes Maltego, the open source intelligence tool that many people are using to analyse various aspects of information flow in Iran-- including the spread of propaganda via Twitterbots.

We'll also be hearing from Microsoft's Stuart Strathdee in this week's sponsor interview. He'll be joining us to discuss the company's free Morro antivirus package -- it's software that probably had more anti-trust lawyers involved in its development than actual developers.

Adam Boileau also joins us with the week's news.

Editor's note: We're aware that Roelof's name is mispelled in the headline, but if we change it, it'll break the current URL and cause drama. So we'll leave it for now. But yes, his last name is spelled Temmingh, not Temming. Apologies.

This week's show is a cracker -- we have a very special guest, Senator Stephen Conroy.

The senator is Australia's Minister for Broadband, Communications and the Digital Economy and I caught up with him in Sydney last week to get his take on what he feels the role of government is when it comes to IT security.

We're also joined by Sydney-based security consultant Jason Edelstein who'll be chatting about telephone-related fraud. US authorities have just busted up a massive ring of phone fraudsters with links to Islamic fundamentalists, of all people. Over a period of years they hacked into more than 2500 systems and resold access via calling cards.

Apparently that netted them an estimated $55 million, which is certainly better than a kick in the proverbials.

We'll also check in with Stuart Strathdee from Microsoft. Stu's popping in to talk about 0day. There have been some really scary 0day bugs in Microsoft products lately, and Stuart pops by with his take on the situation.

He argues that office 0days are actually pretty far down on the ye olde risk register.

And of course we check of the week's news headlines with our good friend Adam 'Metlstorm' Boileau!

If you'd like to leave us some audio feedback, to be used in the Risky Business podcast, call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).