RB2 : Risky Business 2

You're about to hear an interview I recorded with Bob Clark. He currently teaches law at the US Naval Academy, but he's been doing military law for a long time, even serving as the operational attorney for the US Army Cyber Command at one point. I posted his talk yesterday... he touched on the Weev vs AT&T trial in that and I thought it would be interesting to get his perspective on the CFAA, precisely because it's not the sort of thing he normally concerns himself with. He has less of an agenda than a defence attorney or a prosecutor. read more [1] [1] http://risky.biz/netcasts/auscert/interview-bob-clark-cfaa

Our coverage continues now with an interview I recorded with Olivia Maree and Dave Jorm. Olivia holds a law degree and just finished a six month stint as a community manager with BugCrowd… Dave Jorm studies geology and mathematics at UQ and has worked in the software industry for around 14 years. read more [1] [1] http://risky.biz/netcasts/auscert/interview-information-leaks-north-korea

This is a recording of Ed Felton’s plenary session from AusCERT 2014. Ed Felton is a professor of computer science and public affairs at Princeton’s centre for information technology policy. From 2011 to 2012 he was the first Chief Technologist for the Federal Trade Commission. He’s a very well known and highly regarded researcher and academic and he spoke at AusCERT on security in a surveilled world.

In this sponsor podcast we hear from FireEye’s APAC CTO Bryce Boland about the effect next generation antimalware gear is having on the modus operandi of sophisticated attackers. The possibility of burning their sweet, sweet 0days is actually turning some attackers away from well-resourced targets and towards secondary targeting; attacking their targets' partners and suppliers.

PRESENTATION: When is a cyberwar (drink!) a cyberwar (drink!)? Bob Clark returns to AusCERT… This is a recording of a presentation by Bob Clark, who these days teaches at the US Naval Academy. He has a long history as a department of defence lawyer including a stint as the counsel for the US Army Cyber Command. In this talk Bob covers some ground he has covered before -- looking at when an online action represents an act of war under the laws of armed conflict -- but also takes a look at some legal cases in the civilian world involving the CFAA.

David Litchfield is a very well known researcher in the field of database security. He’s been at it for over a decade, and managed to be a permanent pain in Oracle’s neck since he first started dropping database 0day a million years ago. So I asked him what has changed in the field of database security. Has Oracle improved its procedures?

We’re going to kick things off with a recording of the opening keynote from the conference... this talk is by Felix "FX" Lindner of Recurity Labs. Felix is a very well known hacker and researcher, and his talk is titled we come in peace, they don’t. As you’ll hear, he’s not exactly Google’s number one fan. Here he is, I hope you enjoy it!

You're about to hear Parmy Olson's presentation from AusCERT's 2013 conference. Parmy is a journalist for Forbes, but she's also an author -- she wrote We Are Anonymous, Inside the Hacker world of LulzSec, Anonymous and the Global Cyber Insurgency. She got amazing access to the LulzSec crew and the book is well worth reading. In this presentation she looks at why these young men got involved in such risky activity. What drove them, and what does the future of Anonymous look like?

The following is a recording of the traditional closing event of the AusCERT event -- the speed debate. It's hosted by Australian television and radio presenter Adam Spencer, and it's a bit of light fun to end the whole thing on... debaters include Eugene Kaspersky, Bill Caelli, Charlie Miller, Scott McIntyre and more. I'll drop you in here as Adam sets the whole thing up. Enjoy.

In this sponsor interview we're chatting with Declan Ingram of Datacom TSS. Datacom TSS is a Canberra-based, national security firm founded by ex Australian government security specialists. These guys specialise in dealing with highly skilled adversaries... Now, when they founded this business a few years ago, there was awareness in government that highly skilled adversaries were a real challenge... but it's really been 2013 where executives at the boardroom level have sat up and taken note of security issues, particularly the issue of APT. read more [1] [1] http://risky.biz/declan_auscert13

The following is a recording of Marcus Ranum's AusCERT keynote speech on CYBER WAR. Marcus was doing the circuit a few years ago with a talk titled "Cyber war is bullshit", which I think makes clear his position, but this one is titled Never Fight a Land War in Cyberspace. He basically argues that the application of traditional military thinking to the cyber domain is flawed. He also argues there's a massive money and power grab taking place as the military and the private sector defence base tries to set the agenda so it can profit from it. read more [1] [1] http://risky.biz/ranum_auscert

In this sponsor interview with chat with Paul Ducklin of Sophos, and the topic is reflections -- 30 years on -- on the paper Reflections on Trusting Trust by Ken Thompson. So we're reflecting on reflections on trusting trust. I started off by asking Paul to recap the paper for people who aren't familiar with it.

Active defence is the new black. It's the issue of 2013. One of the organisations that helped put the issue on to the agenda is CrowdStrike, a business founded by some senior ex technologists from McAfee. CrowdStrike was founded on the premise that simply relying on defensive measures in information security isn't enough -- you need to be able to mess with your adversaries. read more [1] [1] http://risky.biz/dmitri

This is a recording of Mark Fabro's day two keynote speech from AusCERT. Mark is a control systems security expert and a terrific speaker. He's the president and chief security scientist for Lofty Perch, a control system security consultancy. He's extremely well plugged in to the SCADA security scene, he's done a bunch of strategy consulting to the US government. Basically Mark is Mr. SCADA. It's his thing. read more [1] [1] http://risky.biz/fabro

The following is a recording of David Jorm's AusCERT presentation. You might have heard Dave preview his talk on last week's episode of the regular Risky Business podcast. read more [1] [1] http://risky.biz/jorm