RB2 : Risky Business 2

The following is a recording Susan Landau's plenary presentation. She's a Visiting Scholar in the Computer Science Department at Harvard University. Prior to that she worked as a Distinguished Engineer at Sun Microsystems, and held faculty positions at the University of Massachusetts and Wesleyan University. Her talk is titled Surveillance or Security? The Risks Posed by New Wiretapping Technologies.

In this sponsored podcast we chat with both Arbor Networks' Nick Race and Matt Hollis of Vocus. We discuss the state of both application and volumetric based DDoS techniques. As you'd no doubt be aware, Arbor makes DDoS mitigation equipment -- there's the enterprise stuff that blocks application-based attacks, like attacks that exhaust resources on the target, then there's the telco stuff that blocks the volumetric attacks -- a.k.a. bandwidth exhaustion attacks. read more [1] [1] http://risky.biz/appvolu

Yesterday I caught up with SCADA security expert and AusCERT speaker Mark Fabro of Lofty Perch. We spoke about attempts by governments to mandate minimum security requirements for critical infrastructure through regulation. I started off by asking him what regulation attempts in North America look like now.

The following is a recording of Mark Fabro's AusCERT plenary. As soon as you listen to Mark for more than five minutes you'll quickly realise he really knows what he's talking about. This talk is about performing incident response and forensic analysis on live SCADA networks. It's very interesting stuff and Mark is a great presenter.

In this sponsor podcast we're chatting with Declan Ingram, Principal Security Consultant with Datacom TSS. Datacom TSS is a relatively new Aussie company that offers all the usual services, like penetration testing and app review, and we're going to chat with Declan about when those types of services can be best deployed. Dropping massive amounts of budget on pentesting might not be the best way to use your resources, he says.

This is an interview with Robert Clark, the operational attorney for the US Army Cyber Command. I posted audio of his talk yesterday... he spoke a lot about international law as it applies to cyber war. But I wanted to pick his brains about something he briefly mentioned. During his presentation he mentioned that espionage is actually legal under international law. I asked him to expand on that and we had a great chat about the legal aspects of online espionage.

In this sponsored Arbor Networks founder and CTO Rob Malan. If you're lucky enough to have met Rob, you'd know that not only has he built a crazily successful business, but he's one of the most technologically savvy people you will ever meet. He lives and breathes his business, and lately he's been focussing on what he sees as a future problem area: Denial of service attacks against mobile 3G and 4G/LTE networks. As you'll hear, Rob says the average mobile network is a bit of a disaster and there'll be plenty of opportunities for miscreants to wreak havoc on them.

The following is a full recording of a presentation by the University of Auckland's Peter Gutmann discussing contactless payment systems. It's a nice overview that points out some of the dumber implementation mistakes that have been made by card brands and issuers. There's a reference to a Shmoocon talk in this recording. You can find the whole thing here .

In this interview we chat with Juniper Networks' chief security architect Christopher Hoff. I posted the audio of Chris's plenary talk yesterday... it was very interesting stuff, so check it out if you get a chance. He basically outlined his vision for security automation -- security at scale. A part of that vision is advocating a more communication and integration between apps and infrastructure. He says apps should be able to interact directly with networking infrastructure through APIs. It sounds great, but could it be a disaster?

In this sponsor podcast we chat with Richard Byfield, co-founder and general manager of Datacom TSS. Datacom TSS is a relatively new Australian company backed by the Datacom group, the large integrator. They're an independent company offering the usual stuff, like penetration testing and app review, but what makes them a little different are its founders. read more [1] [1] http://risky.biz/byfield

The following is a complete recording of Christopher Hoff's AusCERT presentation. He's the chief security architect with Juniper Networks. He has a vendor-heavy background, but don't hold that against him -- he's got some very interesting ideas around virtualisation, cloud computing and deperimiterisation. His talk is about automating security at scale, but he starts off, off all things, with a history innovation in toilets, which surprisingly works pretty well. read more [1] [1] http://risky.biz/hoff

The following is a complete recording of an absolutely fascinating presentation by Robert Clark -- the operational attorney for the US Army Cyber Command. His presentation examines the legal regime surrounding cyberspace operations. He looks at the legal underpinnings of computer network security; defense; exploitation; and, attack. It is absolutely riveting stuff and I hope to be catching up with Mr. Clark at some point during the conference to ask him about six million questions.

In this sponsor podcast we chat with Paul Ducklin of Sophos about the recent spate of Mac Malware. In light of malware like Flashback, is it fair to say the public perception that Mac computers are more secure has been busted?

The following is a complete recording of Mikko Hyppponen's opening keynote to the AusCERT 2012 conference. Mikko is the chief research officer for the Finnish antivirus firm F-Secure. read more [1] [1] http://risky.biz/mikko2012

NFC on mobile phones is a new phenomenon and opens a lot of possibilities for research, particularly when talking about mobile payment platforms. Lateral Security's Nick discusses the good, the bad and the ugly of mobile NFC. RAW AUDIO.