Risky Business Podcast

Sydney's inaugural eCrime Symposium kicked off on Tuesday, and Risky Business was there with an audio recorder.

We recorded this panel discussion while we were there and decided it'd make a good podcast. The speakers are Rachel Dixon, who's a technology executive here in Australia for online media group Viocorp, as well as being the deputy chair of consumer group Choice, Phil Argy, the head of the Technology Dispute Centre, and Sean Richmond from Sophos.

The panel was hosted by Nigel Phair.

I've basically cut it down to focus on the comments of Rachel Dixon. She was the best speaker on the day, and her riffs make for interesting listening.

There is no news segment this week due to a nasty bit of chicken making me quite ill on Wednesday and Thursday. I'll spare you the details. I'm also moving house tomorrow, so things this week have just got a little crazy.

But RB will be back next week with a bit of a wrap from all the shenanigans in Vegas and a proper news update.

In this week's sponsor interview we're trying something different. We're having a chat to Tim Smith of Bridgepoint, a Check Point Gold Partner. Tim's at the coalface of the Australian security industry, so we took this opportunity to get a commercial perspective on what's happening out there in the market, and in particular, with PCI.

As you'll hear, Tim says all sorts of organisations -- from online retailers to corner stores -- are being roped into the regime, which obviously makes life interesting.

Readers of the Risky.Biz website would have heard by now that McAfee accidentally leaked the full contact information of 1400 registrants for its strategic security summit that was held in Sydney on July 17.

McAfee's Asia Pacific President Steve Redman is this week's feature guest -- he joined the program to face the music for that one.

We've also got a sponsor interview with Microsoft's Stuart Strathdee in this week's show. We ask Stuart why Microsoft's free security software won't be available to systems that fail windows genuine advantage tests, as well as chatting about mobile security in light of the recently discovered Symbian botnet.

Adam Boileau joins us to discuss the week's news, and we can assure you there was lots of it!

This week's show is hosted by Vigabyte and sponsored by Sophos. You'll hear from Sophos's Paul Ducklin later on in the show in this week's sponsor interview.

This week's feature interview is with Chris Eng of Veracode, and we'll be chatting about his analysis of a nasty bit of blackberry spyware that was pushed out to all blackberry users on UAE-based carrier Etisalat.

And of course we're joined by Adam Boileau for a discussion of the week's news.

On this week's show we're joined by semi regular guest Adam Pointon. Adam's the CSO for a financial services company, so he has a fair bit of insight into both security technology and market-based technology. You may have heard by now that investment bank Goldman Sachs has claimed its trading algorithm has been stolen by one of its developers. Why is this a big deal? How would possession of that algorithm be advantageous to an attacker? Adam joins the show to tell us.

We also hear from Brian "Jericho" Martin -- he's the maintainer of the open source vulnerability database and he also works for Tenable Network Security, our sponsor. He'll be along in this week's sponsor interview to have a chat about that nasty DirectShow ActiveX bug that's doing the rounds at the moment -- did Microsoft drop the ball on this one? Well, the answer is maybe, as you'll hear.

We have a special news guest this week, too -- iDefense cybercrime analyst Kimberly Zenz.

This week's edition of Risky Business is hosted by Vigabyte virtual hosting and brought to you by Check Point.

On this week's show we'll be joined by Gartner analyst Andrew Walls, who's got some less than reassuring things to say about the security of your job in the long term. Apparently the great big destructive meteor, "outsourcing," is about to collide with planet infosec, and when that happens it'll be grim indeed.

We'll also be joined by Steve McDonald, Check Point Australia's Engineering Services Manager, to discuss a softening in the stance of security companies when considering hiring people with a dark past. With guys like Jeff Moss on DHS advisory panels, can we still expect to hear the CEOs of large companies tonking on about how they "don't hire hackers"? Or will they just look a little bit backwards if they do.

Adam Boileau, as usual, joins the show to discuss the week's news stories.

This week we're taking a look at the technology angle to this whole mess in Iran. We'll be chatting with Arbor Networks chief scientist Craig Labovitz about the filtering the government is doing over there, then we'll be checking in with Roelof Temmingh of Paterva.

Paterva makes Maltego, the open source intelligence tool that many people are using to analyse various aspects of information flow in Iran-- including the spread of propaganda via Twitterbots.

We'll also be hearing from Microsoft's Stuart Strathdee in this week's sponsor interview. He'll be joining us to discuss the company's free Morro antivirus package -- it's software that probably had more anti-trust lawyers involved in its development than actual developers.

Adam Boileau also joins us with the week's news.

Editor's note: We're aware that Roelof's name is mispelled in the headline, but if we change it, it'll break the current URL and cause drama. So we'll leave it for now. But yes, his last name is spelled Temmingh, not Temming. Apologies.

This week's show is a cracker -- we have a very special guest, Senator Stephen Conroy.

The senator is Australia's Minister for Broadband, Communications and the Digital Economy and I caught up with him in Sydney last week to get his take on what he feels the role of government is when it comes to IT security.

We're also joined by Sydney-based security consultant Jason Edelstein who'll be chatting about telephone-related fraud. US authorities have just busted up a massive ring of phone fraudsters with links to Islamic fundamentalists, of all people. Over a period of years they hacked into more than 2500 systems and resold access via calling cards.

Apparently that netted them an estimated $55 million, which is certainly better than a kick in the proverbials.

We'll also check in with Stuart Strathdee from Microsoft. Stu's popping in to talk about 0day. There have been some really scary 0day bugs in Microsoft products lately, and Stuart pops by with his take on the situation.

He argues that office 0days are actually pretty far down on the ye olde risk register.

And of course we check of the week's news headlines with our good friend Adam 'Metlstorm' Boileau!

If you'd like to leave us some audio feedback, to be used in the Risky Business podcast, call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's episode is hosted by Vigabyte and brought to you by Tenable Network Security.

On this week's show we're looking back at an issue we covered a little while ago: PLAID. No, not the oh-so-groovy pattern, but Centrelink's home-baked authentication protocol.

PLAID is a contactless smart card authentication protocol designed by Australia's welfare agency and released a couple of months ago. They're hoping to have it recognised as an ISO standard, but not everyone's convinced that's a good idea.

We'll be hearing from the University of Auckland's Peter Gutmann. He's a bit of a rockstar in the smart card and crypto fields, and he's had a look at the supporting documentation released by Centrelink and isn't too impressed.

It might sound like an Australia-centric story, but it's not. This is a fascinating case-study-in-progress for anyone considering doing this sort of wheel reinvention project.

In this week's sponsor segment we chat to Marcus Ranum about the liability chain when data leaks.

Securus Global's Declan Ingram joined host Patrick Gray at the pub to discuss the week's news headlines. Sorry about the background noise!

This week's show is hosted by Vigabyte and brought to you by Sophos.

On this week's show we chat to an industry pioneer, Nir Zuk. He's widely credited as the creator of the first stateful inspection firewall.

These days he works for the company he founded, Palo Alto Networks. We're chatting to Nir about his thoughts on security technologies -- everything from firewalls to IDS to DLP.

Nir is a very sharp cat indeed, with a lot to say about the direction security tech is headed. He tends to push his own agenda a bit in terms of talking up his firewall approach, but he has heaps of interesting stuff to say on other topics.

In this week's sponsor interview we chat with Paul Ducklin about an old debate -- is open source better for security? It was a topic we touched on briefly in the AusCERT speed debate, which, incidentally, is available for download in our Risky Business 2 channel. We both thought it was a topic worth expanding on. It's an interesting chat and it's coming up soon.

Adam Boileau is the week's news guest.

This week's episode is hosted by Vigabyte and brought to you by Check Point software.

This week you'll be hearing an interview with Roelof Temmingh, the creator of Maltego. Maltego is seriously cool software that you'll probably want to have a play with.

Roelof joins the podcast to talk about how you'd use his softeware to pwn a three letter agency.

In this week's sponsor interview Check Point Software's Steve McDonald joins us to discuss how vendors might create very specific kit for very specific problems. Think of SCADA firewalls and boxes designed to prevent voip toll fraud, stuff like that.

Are mega specific solutions a band aid approach and a terrible idea, or are they better than nothing?

As for this week's news, we all know him, we all love him and his beautiful, lusturous, soft, soft UNIX beard. Adam 'Metlstorm' Boileau joins the program, as usual, to chew the fat and discuss the last week's big headlines.