Risky Business Podcast

This week's episode is hosted by Vigabyte and brought to you by Tenable Network Security.

On this week's show we're looking back at an issue we covered a little while ago: PLAID. No, not the oh-so-groovy pattern, but Centrelink's home-baked authentication protocol.

PLAID is a contactless smart card authentication protocol designed by Australia's welfare agency and released a couple of months ago. They're hoping to have it recognised as an ISO standard, but not everyone's convinced that's a good idea.

We'll be hearing from the University of Auckland's Peter Gutmann. He's a bit of a rockstar in the smart card and crypto fields, and he's had a look at the supporting documentation released by Centrelink and isn't too impressed.

It might sound like an Australia-centric story, but it's not. This is a fascinating case-study-in-progress for anyone considering doing this sort of wheel reinvention project.

In this week's sponsor segment we chat to Marcus Ranum about the liability chain when data leaks.

Securus Global's Declan Ingram joined host Patrick Gray at the pub to discuss the week's news headlines. Sorry about the background noise!

This week's show is hosted by Vigabyte and brought to you by Sophos.

On this week's show we chat to an industry pioneer, Nir Zuk. He's widely credited as the creator of the first stateful inspection firewall.

These days he works for the company he founded, Palo Alto Networks. We're chatting to Nir about his thoughts on security technologies -- everything from firewalls to IDS to DLP.

Nir is a very sharp cat indeed, with a lot to say about the direction security tech is headed. He tends to push his own agenda a bit in terms of talking up his firewall approach, but he has heaps of interesting stuff to say on other topics.

In this week's sponsor interview we chat with Paul Ducklin about an old debate -- is open source better for security? It was a topic we touched on briefly in the AusCERT speed debate, which, incidentally, is available for download in our Risky Business 2 channel. We both thought it was a topic worth expanding on. It's an interesting chat and it's coming up soon.

Adam Boileau is the week's news guest.

This week's episode is hosted by Vigabyte and brought to you by Check Point software.

This week you'll be hearing an interview with Roelof Temmingh, the creator of Maltego. Maltego is seriously cool software that you'll probably want to have a play with.

Roelof joins the podcast to talk about how you'd use his softeware to pwn a three letter agency.

In this week's sponsor interview Check Point Software's Steve McDonald joins us to discuss how vendors might create very specific kit for very specific problems. Think of SCADA firewalls and boxes designed to prevent voip toll fraud, stuff like that.

Are mega specific solutions a band aid approach and a terrible idea, or are they better than nothing?

As for this week's news, we all know him, we all love him and his beautiful, lusturous, soft, soft UNIX beard. Adam 'Metlstorm' Boileau joins the program, as usual, to chew the fat and discuss the last week's big headlines.

This week's podcast is hosted by Vigabyte virtual hosting and sponsored by Tenable Network Security.

Risky Business 108 takes a look at the SDL as it applies to web applications. White Hat Security's Jeremiah Grossman joins the program to argue secure code, in the case of web applications, isn't necessarily cheaper code. It sounds like heresy, but Grossman makes some pretty compelling points during his interview.

Adam Boileau joins us to discuss the news headlines, and this week's sponsor interview is with Tenable Network Security's CSO Marcus Ranum. This week we talk to Ranum about the ridiculousness of the credit card transaction model.

NEWS ITEMS DISCUSSED THIS WEEK:

Researchers Hack Web Application Firewalls

PowerPoint gets hefty fix, Apple inundates
Cyber attack could bring U.S. military response

Microsoft patches critical PowerPoint hole

UC Berkeley computers hacked, 160,000 at risk

Porn name game - is it fun or a live Phishing exercise?

Report: Hackers broke into FAA air traffic control systems

Pirated Windows 7 OS Comes With Trojan, Builds A Botnet

Heartland Breach Cost Company $12.6 Million So Far

Thanks to our sponsor Sophos, this week's edition of the Risky Business podcast is ready to download!

This week's feature interview is pretty kickass; a chat with security megalegend Mark Dowd. We talk to Mark about his entry in Google's Native Client security competition. It's very interesting stuff that could really have implications for your job in a few years.

Sean Richmond, who works for Sophos in Sydney, will be along in this week's sponsor interview to discuss the PDF format. We ask Sean why PDF readers like Acrobat Reader have been pretty bug prone lately.

Adam Boileau is this week's news guest.

Here's a list of the stories Adam and I discussed this week:

Feds' red tape left medical devices infected with computer virus, by Stephanie Condon

Twitter's network gets breached again, By Elinor Mills

MI6 Nixed Major Undercover Operation After Memory Stick Lost, by Kim Zetter

Microsoft Offers Secure Windows... But Only to the Government, by Kim Zetter

Epic Failure from McAfee (Also see McAfee Gets Worked. Hard.)

Over 8M Virginian patient records held to ransom, 30 Apr 2009, from Wikileaks.

Don't forget -- if you have any feedback on this week's show call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free). We'll play your feedback in next week's show.

This week's edition of Risky Business is brought to you by Tenable Network Security and hosted by Vigabyte virtual hosting at discounted rates.

We've got a great show this week. Australia's welfare agency, Centrelink, has written its own smart card authentication protocol and it's released it to the public. It's called PLAID and the plan is to have it recognised an ISO standard. It's an extremely ambitious project and Centrelink's smart card architect Glenn Mitchell will be along to talk about it.

We also chat to Tenable Network Security's Marcus Ranum in this week's sponsor interview. We spoke about the recent hysteria around Chinese hackers apparently downloading the plans for America's Join Strike Fighter.

Freelance security dude Adam "Metlstorm" Boileau is this week's news guest.

We'd like to hear your thoughts on PLAID, too. Do you think it's a waste of time and taxpayer money or a masterstroke? Call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free)... or go to the risky.biz forums.

This week's show is brought to you by Check Point Software.

This week's show is a bit of a mixed bag. We chatted with 451 group analyst Paul Roberts live from the floor at the RSA conference in San Francisco. Then for something completely different we quizzed Adam Pointon about his adventures with X10 home automation equipment.

Check Point Australia's Steve MacDonald is this week's sponsor guest, and Adam Boileau was this week's news guest.

To answer this week's call-in question, tell us what your experience with DLP software's been over the last year. Call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's podcast is brought to you by Microsoft and hosted, as always, by Vigabyte virtual hosting.

On this week's show we hear from Bryan Sartin of Verizon Business Security Solutions. He'll be discussing that company's 2009 Data Breach Study.

Verizon has a well-established forensics unit and its reports are interesting. This study is to the infosec industry what black box reports are to the aviation industry; a post mortem examination of what went wrong.

We also check in with Stuart Strathdee, Microsoft Australia's Strategic Security Advisor in this week's sponsor interview. He'll be chatting about Microsoft's own Security Intelligence Report. There's some really surprising results to come out of that one.

Paul Craig is this week's news guest.

This week's show is sponsored by Sophos, and hosted, as always, by Vigabyte Virtual Hosting.

In this week's feature interview we'll be hearing from former Network Solutions CSO Richard Forno.

He's joining us to discuss a proposed bill in the USA that would require all information security professionals working on government systems to hold some sort of certification. It's an interesting idea, but Forno hates it.

Also on this week's show, Paul Ducklin from Sophos pops in to do his best to debunk the GhostNet conspiracy. Researchers from Cambridge and Toronto Universities claim to have uncovered a clandestine, state-sponsored espionage ring targeting pro Tibet politicians.

Ducklin is very sceptical and will be along soon to tell us why.

Declan Ingram of Securus Global is this week's news guest.
Don't forget to leave some audio feedback for inclusion in next week's show! Call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's Risky Business podcast is brought to you by MessageLabs, and hosted, as always, by Vigabyte virtual hosting.

On this week's show you'll hear some audio from a hearing in the US House of Representatives -- excerpts from the subcommittee on Emerging Threats, Cybersecurity, and Science and Technology Hearing. That hearing posed the question "Do the Payment Card Industry Data Standards Reduce Cybercrime?"

Apparently they don't.

In this week's sponsor interview we chat to Paul Wood from MessageLabs in the UK about some of the more innovative features in malware these days. Paul's up to his armpits in the stuff, so he has some interesting things to say.

Paul Craig from Security-Assessment.com is this week's news guest.

If you'd like to comment on anything you've heard on Risky Business, or suggest something you'd like to hear on the show, you can call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free). We'd love to hear from you.