Risky Business Podcast

This week's special, longer and stronger podcast is all about intrusion detection and prevention systems (IDS/IPS) and is hosted by the fine folk at Vigabyte virtual hosting.

By now you've been Powerpointed to death by vendor sales reps who insist their latest system can block attacks that haven't been invented yet. Of course that's utter BS, as Declan Ingram points out in his must-hear presentation on IDS and IPS.

Between 24 X 7 monitoring staff -- yours or outsourced -- slacking off and playing Xbox instead of reading real-time logs, to the inherent flaws in self-learning IPS, there's something in this talk for everyone.

On this week's show:

• ZDNet Australia's Munir Kotadia discusses the week's news with Risky Business host Patrick Gray
• Hear Securus Global consultant Declan Ingram's IDS/IPS presentation, edited for your aural pleasure

This week's edition of Risky Business is brought to you by Sophos.

On this week's podcast:

• ZDNet Australia's Munir Kotadia discusses the week's news
• Patrick Gray asks CSO Adam Pointon if robust security practices could have prevented Societe General's $8.2 billion loss to a rogue trader
• Paul Ducklin, head of technology for Sophos in the Asia Pacific, discusses multi-stage malware

The music heard at the end of this week's podcast is by Afro Dizzi Act. You can buy the track at soundfoundation.com.au.

This week's podcast looks at a few interesting topics. Apparently the bad guys are about to ditch IRC as a command and control channel for botnets and start using RSS, blogs and steganography to communicate with their zombie armies... sneakily!

The show is brought to you this week by the fine folks at Check Point Software Technologies and hosted, as always, by Vigabyte.

On the podcast:

• ZDNet Australia's Munir Kotadia discusses the week's news
• Immunity Inc's Adam Boileau talks about exploiting Windows' IGMP bug and botnet C&C
• Steve MacDonald from Check Point joins us for this week's sponsor interview

The music heard at the end of the podcast came from Sound Foundation.

This week's edition of Risky Business is brought to you by the folks at the big Yellow Box -- Symantec! Big thanks also go out to Vigabyte for providing the bandwidth for the podcast. On this week's show:

• Our favourite newshound, ZDNet Australia's Munir Kotadia, discusses the week's news
• This week's feature interview is with Graeme Neilson of Aura Software Security and we're talking BlackBerrys. Aura's developed a trojan for the gadget that Neilson uses in security audits -- he describes it as BackOriface (remember that?) for the BlackBerry -- and if you thought getting badware to run on the mobile devices is hard, you're sadly mistaken
• Symantec's Rob Pregnall joins host Patrick Gray to talk about a new banking trojan that side-steps two factor authentication in this week's sponsor interview
• Risky Business takes a quick look at some questionable marketing tactics being used by an anti-spyware software manufacturer during a chat with Netregistry CEO Larry Bloch

Your weekly security podcast, Risky Business, is back. We'll be ramping things up properly over the next couple of weeks and should return to regular format shows by February. On this week's show:

• ZDNet Australia's editor Munir Kotadia joins Patrick Gray to discuss this week's security news.
• New Zealand-based Security consultant Morgan Marquis-Boire, from the company formerly known as Security-Assessment.com, talks X.25 security. Sweet as, bro!

Australian band Marshall and the Fro supplied the music heard at the end of this week's netcast...

Here it is, the last Risky Business for 2007, with thanks to Verizon Business Security Solutions, our sponsor, and Vigabyte virtual hosting, our hosting partner.

In part two of this fascinating keynote by crypto-legend and New Zealand-based academic Peter Gutmann explains why the people designing computer software are fundamentally different -- psychologically speaking -- to the people who actually use the software. It turns out that's a bit of a problem!

Part one of this talk can be found here.

In this recorded presentation, crypto expert and University of Auckland academic Peter Gutmann outlines the bugs in the human mind that make the average person susceptible to scams and cons.

In this podcast you\xe2\u20ac\u2122ll hear Gutmann\xe2\u20ac\u2122s fascinating keynote presentation at the Kiwicon security conference, held in November at Victoria University in Wellington.

Gutmann is well known in crypto circles \xe2\u20ac" he co-wrote PGP 2.0 in the early 90s \xe2\u20ac" and in this talk he argues the human brain was not built with data security in mind.

This podcast is part one of his talk. You can download part two here, or you can wait until I push out part two as a separate podcast in a couple of days.

This is the last full-format Risky Business podcast for 2007. Next week we'll be bringing you some Kiwicon talks and lectures. It's a summer listening vibe, people. (Offered with sympathy to listeners freezing their extremities off in the Northern Hemisphere. We're all about to slip off down to the beach with surfboards and cold beer for a couple of months here in Oz. Suffer!)

• ZDNet Australia editor Munir Kotadia discusses the week's news headlines
• F-Secure's Patrik Runald discusses Mac Malware
• Microsoft's General Manager of Product Security talks about the company's security advisories -- they're about to change
• Verizon Business Security Solutions media and analyst relationship manager and Risky Business hero Wendy Hill joins us for the final sponsor interview of 2007

UPDATE: Beau Butler's WPAD slides from his Kiwicon presentation, as mentioned last week, can be found here (PPT).

Welcome to this special, "head for the hills" edition of Risky Business. We'll be talking about the WPAD bug this week. There's currently NO PATCH for this bug, but seeing as it's being widely exploited and everyone's seemed to know about it for years -- everyone except Microsoft -- we'll be focussing this week's podcast on the glitch.

We'll also give you the information you need to mitigate it until Microsoft patches it. Mitigation is probably a good idea in this case because it isn't just Microsoft software that's affected.

You'll hear me talk about some Snort signatures ITRadio is providing to its listeners that will detect the problem in your enterprise. You can find them here.

I mention in the show that Butler's slides would be available for download from this site. They're not available yet -- check back in a couple of days.

On this week's show:

Risky Business, your weekly security podcast, is back! I took a week off to go to Kiwicon in Wellington, and you'll be hearing plenty of material from there over the next few weeks, so if you missed the event, don't stress.

Big thanks to our hosting provider Vigabyte for providing the bandwidth for ITRadio.com.au's podcasts, and of course big hugs for our sponsor, Verizon Business Security Solutions.

On this week's show:

• Munir Kotadia from ZDNet Australia joins us with the week's news
• Sheep fancier Nick Breese explains how to crack passwords with a Playstation 3. Elcomsoft eat your heart out!
• Verizon Business Security Solutions' James McMahon joins us to explain why hackers who attend events like Kiwicon aren't necessarily devil-worshiping cyber-terrorists