RB2 : Risky Business 2

Hey everyone and welcome to Serious Business number 5! This is the podcast I do about non infosec related topics. It's less of a professional information security digest and more of an excuse for me to blab with my cohost, comedian Dan Ilic, about serious stuff every few weeks. WARNING: Contains a fair bit of discussion about Australian politics. You may be permanently scarred after listening. read more [1] [1] http://risky.biz/SB5

This is the podcast I do for shiggles with Australian comedian, radio and TV personality Dan Ilic. This week we're talking about the nationalist, anti-Islam rallies held across Australia over the last week or so. We also chat about Donald Trump being a douche and Barack Obama's new lease of life as a lame duck president. Oh, and we also talk about the Ashley Madison hack because, hey, who isn't...

As usual for Serious Business I'm joined by AJ+ satirist, Australian comedian Dan Ilic, to discuss a few topical items of the last week, and boy, we've got some good stuff for you.. we're talking about journalist Seymour Hersh's latest investigative work -- is it pure fiction? We're talking about DeflateGate, we're talking Elon Musk being a douche and we're talking MAD MAX, Fury Road...

In this edition of Serious Business, Australia's Most Hated Man (tm) Dan Ilic and I speak about the (failed) shooting attack against a group of very silly Americans who got together to denigrate Islam. We also speak about Apple's stupid watch. I should warn you, too, I don't edit this podcast for bad language and there are f-bombs aplenty. So if you have your kids in your car and you don't want them hearing my awful, awful language, please turn off this podcast now.

Risky Business host Patrick Gray and Australian comedian Dan Ilic talk about topics that have nothing to do with information security. read more [1] [1] http://risky.biz/SB1

We're going to close out this year's coverage the way we normally do it: with a recording of the AusCERT speed debate! I was a debater this year and as you'll hear I had zero time to prepare, so my contributions are pretty lame, but there was a hell of a panel like always. The whole thing was moderated by Adam Spencer. Most of it makes no sense, some of it is funny, some of it is just stupid. Like it or loathe it, it's almost become an institution at this point so we absolutely have to include it. read more [1] [1] http://risky.biz/netcasts/auscert/presentation-auscert-speed-debate-2014

On the final day of AusCERT last week delegates were treated to a fascinating talk by Dr. Jason Fox, gamification expert and author of the book The Game Changer. Jason's expertise is in finding out how to take the motivational aspects of games and apply them to work processes. We all know that sitting your staff down in a dimly lit auditorium to lecture them on spear phishing does precisely nothing to change user behaviour. But what if you made the hunt for spear phishing messages a game? I sat down with Jason Fox after his presentation and recorded this interview.

In this sponsor cast we're chatting with Dave Merkel, the CTO of FireEye. Dave has been around the infosec traps since the 90s -- long enough to see how things have changed. One of the things that has changed is the acknowledgement by the market that you can't really keep attackers from gaining a foothold on at least *a* device within your environment. It's the reason we're seeing a lot of gear hit the market that will help you post intrusion. I started off by asking Dave if he'd noticed this shift in thinking in the market.

I've already podcasted Peter's presentation, but I thought a follow up interview was warranted. To cut a long story short, he does believe some crypto standards have been subverted by the NSA, but says some fears about government crypto-fiddling are misplaced. In general, he says, it's a lot easier for attackers to bypass encryption than it is for them to break it. Peter knows crypto. He's a professor at Auckland University, has written crypto libraries and even had a hand in writing PGP. read more [1] [1] http://risky.biz/netcasts/auscert/interview-peter-gutmann-nsa-isnt-organised

Scott Crane is Arbor Networks product manager for its Pravail line of big data security analytics division. Scott was a part of the original PacketLoop team -- PacketLoop was an Australian start up that created some pretty impressive big data security analytics technology. It was so impressive that it wound up being acquired by Arbor Networks and is now sold under the Pravail brand. read more [1] [1] http://risky.biz/netcasts/auscert/sponsor-interview-whats-new-big-data-security-analytics

In this interview we're chatting with Neal Wise of Assurance.com.au. Don't let the accent fool you, Neal is based in Melbourne and has been for as long as I can remember, and he did a great talk here at the AusCERT conference called Hacking the Gibson, which was all about pwning supercomputers. I warn you in advance that there are a few references from the movie Hackers in this interview... sorry about that... HACK THE PLANET!! .... but yeah, Neal has been doing some work involving supercomputers and I decided to interview him about them. They make excellent bitcoin mining boxes!

You're about to hear a recording of Peter Gutmann's speech here which is all about crypto. Well, it's sort of about crypto. With newspapers filled with stories about the NSA subverting crypto standards, Peter asks us whether that really matters. Why would an attacker bother breaking crypto when they can just bypass it? Peter is well positioned to do this talk. He's a researcher in the Department of Computer Science at the University of Auckland and works on the design and analysis of cryptographic security architectures and security usability. read more [1] [1] http://risky.biz/netcasts/auscert/presentation-why-break-crypto-when-you-can-bypass-it

This is a sponsor interview with Marc Eisenbarth, Arbor Networks' security architect and the manager of research for its Arbor Security Engineering and Response Team (ASERT). I spoke to Mark about the massive influx of NTP-based DDoS traffic we've seen this year. Can we expect attackers to move on to other protocols and services like SNMP and Chargen? He thinks so. But it's not until we start seeing SNMP-based DDoS capabilities built into generic malware that we'll really have big problems.

You're about to hear my interview with Matt Jones, a security consultant who runs a small outfit named Volvent. He's been working on a very interesting side project for a couple of years now. Essentially it's a social media analyser that identifies sources of high-quality information. Users can tap in a keyword and drill through the conversations on social media that actually matter -- the conversations that influence the influencers. The project was born of Matt's desire to never have to log in to Twitter again.

This is a sponsor interview with Kate McInnes of Datacom TSS. Kate is ex-DSD and currently serves as a principal consultant with Datacom TSS in Perth. She's been doing a bunch of work with a bunch of different organisations on preparing them for the looming G20 summit in Brisbane. What do the threats look like? Where are they coming from? And what can be done about them?