Episodes
-
This is a completely unedited recording of a YouTube livestream broadcast on March 31, 2020. It features Patrick Gray, Dmitri Alperovitch, Alex Stamos and Adam Boileau discussing:
The recent Booz Allen Hamilton report into GRU activity over the years The role of SIGINT collection in the COVID-19 crisis Microsoft Azure struggling to keep up with new capacity demandsYou can view the YouTube recording here:
-
Hey everyone and welcome to Serious Business number 5! This is the podcast I do about non infosec related topics. It's less of a professional information security digest and more of an excuse for me to blab with my cohost, comedian Dan Ilic, about serious stuff every few weeks.
WARNING: Contains a fair bit of discussion about Australian politics. You may be permanently scarred after listening.
On this edition of the show we're talking to Dan about a bunch of stuff. Kanye West has apparently announced he's running for president in 2020, we talk about that. We talk about Donald Trump because, wow... just wow...
Then we move on to the depressing stuff, the European refugee crisis. Are the handful of flashpoint images and stories actually going to get people motivated about fixing the wider problem? Or will they result in a few Kickstarters to directly help the affected individuals, absolving donors of their first world guilt? We have a bob each way on that one.
We talk about the vaccination free childcare centre springing up in my 'hood -- geez, what could go wrong there -- and finally we look at the way streaming services are reshaping the media landscape, in particular the types of shows that are being commissioned. Could NetFlix spell the end of high-quality tv news and current affairs?
-
Missing episodes?
-
This is the podcast I do for shiggles with Australian comedian, radio and TV personality Dan Ilic.
This week we're talking about the nationalist, anti-Islam rallies held across Australia over the last week or so. We also chat about Donald Trump being a douche and Barack Obama's new lease of life as a lame duck president. Oh, and we also talk about the Ashley Madison hack because, hey, who isn't...
-
As usual for Serious Business I'm joined by AJ+ satirist, Australian comedian Dan Ilic, to discuss a few topical items of the last week, and boy, we've got some good stuff for you.. we're talking about journalist Seymour Hersh's latest investigative work -- is it pure fiction? We're talking about DeflateGate, we're talking Elon Musk being a douche and we're talking MAD MAX, Fury Road...
-
In this edition of Serious Business, Australia's Most Hated Man (tm) Dan Ilic and I speak about the (failed) shooting attack against a group of very silly Americans who got together to denigrate Islam.
We also speak about Apple's stupid watch. I should warn you, too, I don't edit this podcast for bad language and there are f-bombs aplenty. So if you have your kids in your car and you don't want them hearing my awful, awful language, please turn off this podcast now.
-
Risky Business host Patrick Gray and Australian comedian Dan Ilic talk about topics that have nothing to do with information security.
Like:
* Australia's obsession with the Gallipoli campaign and the sacking of Scott McIntyre from the SBS.
* Australia's new vaccination requirements for parents who still want all those tasty, tasty tax benefits.
* The "ISIS doctor", Tareq Kamleh. Is he doing anything wrong?PLEASE NOTE: I didn't bother editing out naughty words in this one, so if you have kids in the car you may not wish to expose them to our awful language.
-
Here is the portion of my interview with Brian Snow that I didn't have room for in the main show. Snow is concerned that quantum computing breakthroughs are closer than we think and could invalidate much of the technology we depend on to secure data.
-
This is a recording of a panel I hosted at the Splendour in the Grass music festival forum. It features NSA whistleblower Thomas Drake, WA Greens Senator Scott Ludlam, Underground author Suelette Dreyfus and Edward Snowden's attorney Jesselyn Radack.
-
On this week's show we've got a cracking interview with ANU Professor and former prime ministerial advisor Hugh White about the charges brought against alleged Chinese military hackers by the US Department of Justice. That one's coming up after the news.
This week's show is brought to you by Tenable Network Security. Jack Daniel of Tenable stops by in this week's sponsor interview to talk about password managers in light of the eBay breach. Is it time we really started encouraging people to use them?
Show notesHackers raid eBay in historic breach, access 145 million records | Reuters
http://uk.reuters.com/article/2014/05/22/uk-ebay-password-idUKKBN0E10ZL2...Expert: Fake eBay Customer List is Bitcoin Bait - Krebs on Security
http://krebsonsecurity.com/2014/05/expert-fake-ebay-customer-list-is-bit...'Blackshades' Trojan Users Had It Coming - Krebs on Security
http://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/U.S. Indictment of Chinese Hackers Could Be Awkward for the NSA | Enterprise | WIRED
http://www.wired.com/2014/05/us-indictments-of-chinese-military-hackers-...USDOJ: U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage
http://www.justice.gov/opa/pr/2014/May/14-ag-528.htmlNSA reportedly installing spyware on US-made hardware - CNET
http://www.cnet.com/au/news/nsa-reportedly-installing-spyware-on-us-made...China ups security checks on tech suppliers as US tensions mount - CNET
http://www.cnet.com/au/news/china-ups-security-checks-on-tech-suppliers-...Why did China ban Windows 8? - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386140,why-did-china-ban-windows-8.aspxCisco CEO asks Obama to control NSA surveillance - CNET
http://www.cnet.com/au/news/cisco-ceo-asks-obama-to-control-nsa-surveill...NSA Reform Bill Passes the House-With a Gaping Loophole | Threat Level | WIRED
http://www.wired.com/2014/05/usa-freedom-act-2/Free App Lets the Next Snowden Send Big Files Securely and Anonymously | Threat Level | WIRED
http://www.wired.com/2014/05/onionshare/Pro-Privacy Blackphone Pulls $30M Into Silent Circle | TechCrunch
http://techcrunch.com/2014/05/21/silent-circle-funding/Whistleblowers Beware: Apps Like Whisper and Secret Will Rat You Out | Business | WIRED
http://www.wired.com/2014/05/whistleblowers-beware/Secrets, lies and Snowden's email: why I was forced to shut down Lavabit | Comment is free | theguardian.com
http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shu...Darkcoin, the Shadowy Cousin of Bitcoin, Is Booming | Threat Level | WIRED
http://www.wired.com/2014/05/darkcoin-is-booming/AFP arrests man over Melbourne IT hack - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386200,afp-arrests-man-over-melbourne-it-h...SNMP DDoS Attacks Spike
http://www.darkreading.com/attacks-breaches/snmp-ddos-attacks-spike/d/d-...?SNMP Public Community String Zero Day in Routers Disclosed | Threatpost | The first stop for security news
http://threatpost.com/embedded-devices-leak-authentication-data-via-snmp...XMPP Mandating Encryption on Messaging Service Operators | Threatpost | The first stop for security news
http://threatpost.com/xmpp-mandating-encryption-on-messaging-service-ope...Remove metadata from Office files, PDFs, and images - CNET
http://www.cnet.com/au/how-to/remove-metadata-from-office-files-pdfs-and...Chip and PIN EMV Protocol security vulnerabilities found | Threatpost | The first stop for security news
http://threatpost.com/researchers-find-serious-problems-in-chip-and-pin-...Privileged User Access Lacking Trust But Verify | Threatpost | The first stop for security news
http://threatpost.com/enterprises-still-lax-on-privileged-user-access-co...ICS-CERT Confirms Public Utility Compromised Recently | Threatpost | The first stop for security news
http://threatpost.com/ics-cert-confirms-public-utility-compromised-recen...Samsung Eyeing Iris Recognition for New Phones | Threatpost | The first stop for security news
http://threatpost.com/samsung-eyeing-iris-recognition-for-new-phones/106222Why You Should Ditch Adobe Shockwave - Krebs on Security
http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/Malvertising Redirecting to Angler EK, Silverlight Exploits | Threatpost | The first stop for security news
http://threatpost.com/malvertising-redirecting-to-microsoft-silverlight-...Android Outlook App Could Expose Emails, Attachments | Threatpost | The first stop for security news
http://threatpost.com/android-outlook-app-could-expose-emails-attachment...Microsoft Working on Patch for IE 8 Zero Day | Threatpost | The first stop for security news
http://threatpost.com/microsoft-working-on-patch-for-ie-8-zero-day/106247Chrome 35 Fixes 23 Security Flaws | Threatpost | The first stop for security news
http://threatpost.com/chrome-35-fixes-23-security-flaws/106188Professor Hugh White - Researchers - ANU
https://researchers.anu.edu.au/researchers/white-hj02 - Mammal - Think - YouTube
https://www.youtube.com/watch?v=mCQXqHr9CwE&feature=kp -
Scott Crane is Arbor Networks product manager for its Pravail line of big data security analytics division.
Scott was a part of the original PacketLoop team -- PacketLoop was an Australian start up that created some pretty impressive big data security analytics technology. It was so impressive that it wound up being acquired by Arbor Networks and is now sold under the Pravail brand.
Somehow the original team managed to convince Arbor to keep the bulk of the R&D on those products based right here in Australia. So you could say we're all pretty big fans of Scott and his team for scoring some runs for the home team. They've got 12 staff in Sydney, and they're growing.
It's been eight months since the deal was struck, so I caught up with Scott to talk about what's new in the field of big data security analytics. And interestingly enough, the Pravail tech wound up being pretty useful lately. Because it performs packet-capture based analysis, the Pravail team could help their clients roll back through their stored packet captures to see if anyone had used the Heartbleed flaw against them. Somewhat reassuringly, the Pravail guys at Arbor did not find any evidence of Heartbleed actually being used in the wild.
-
In this sponsor cast we're chatting with Dave Merkel, the CTO of FireEye. Dave has been around the infosec traps since the 90s -- long enough to see how things have changed. One of the things that has changed is the acknowledgement by the market that you can't really keep attackers from gaining a foothold on at least *a* device within your environment.
It's the reason we're seeing a lot of gear hit the market that will help you post intrusion. I started off by asking Dave if he'd noticed this shift in thinking in the market.
-
We're going to close out this year's coverage the way we normally do it: with a recording of the AusCERT speed debate!
I was a debater this year and as you'll hear I had zero time to prepare, so my contributions are pretty lame, but there was a hell of a panel like always. The whole thing was moderated by Adam Spencer.
Most of it makes no sense, some of it is funny, some of it is just stupid. Like it or loathe it, it's almost become an institution at this point so we absolutely have to include it.
So here it is! The speed debate! The closing event from AusCERT 2014, I hope you enjoy it.
-
I've already podcasted Peter's presentation, but I thought a follow up interview was warranted. To cut a long story short, he does believe some crypto standards have been subverted by the NSA, but says some fears about government crypto-fiddling are misplaced. In general, he says, it's a lot easier for attackers to bypass encryption than it is for them to break it.
Peter knows crypto. He's a professor at Auckland University, has written crypto libraries and even had a hand in writing PGP.
I started off by asking Peter for his thoughts on the controversial dual elliptic curve number generator. Was it really backdoored by the NSA?
-
On the final day of AusCERT last week delegates were treated to a fascinating talk by Dr. Jason Fox, gamification expert and author of the book The Game Changer.
Jason's expertise is in finding out how to take the motivational aspects of games and apply them to work processes. We all know that sitting your staff down in a dimly lit auditorium to lecture them on spear phishing does precisely nothing to change user behaviour. But what if you made the hunt for spear phishing messages a game?
I sat down with Jason Fox after his presentation and recorded this interview.
-
This is a sponsor interview with Marc Eisenbarth, Arbor Networks' security architect and the manager of research for its Arbor Security Engineering and Response Team (ASERT).
I spoke to Mark about the massive influx of NTP-based DDoS traffic we've seen this year. Can we expect attackers to move on to other protocols and services like SNMP and Chargen? He thinks so. But it's not until we start seeing SNMP-based DDoS capabilities built into generic malware that we'll really have big problems.
-
This is a sponsor interview with Kate McInnes of Datacom TSS.
Kate is ex-DSD and currently serves as a principal consultant with Datacom TSS in Perth. She's been doing a bunch of work with a bunch of different organisations on preparing them for the looming G20 summit in Brisbane.
What do the threats look like? Where are they coming from? And what can be done about them?
-
You're about to hear a recording of Peter Gutmann's speech here which is all about crypto. Well, it's sort of about crypto. With newspapers filled with stories about the NSA subverting crypto standards, Peter asks us whether that really matters. Why would an attacker bother breaking crypto when they can just bypass it?
Peter is well positioned to do this talk. He's a researcher in the Department of Computer Science at the University of Auckland and works on the design and analysis of cryptographic security architectures and security usability.
He helped write PGP, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit. And luckily for us, he's a fairly regular guest on Risky Business.
-
You're about to hear my interview with Matt Jones, a security consultant who runs a small outfit named Volvent.
He's been working on a very interesting side project for a couple of years now. Essentially it's a social media analyser that identifies sources of high-quality information. Users can tap in a keyword and drill through the conversations on social media that actually matter -- the conversations that influence the influencers. The project was born of Matt's desire to never have to log in to Twitter again.
-
In this interview we're chatting with Neal Wise of Assurance.com.au. Don't let the accent fool you, Neal is based in Melbourne and has been for as long as I can remember, and he did a great talk here at the AusCERT conference called Hacking the Gibson, which was all about pwning supercomputers.
I warn you in advance that there are a few references from the movie Hackers in this interview... sorry about that... HACK THE PLANET!! .... but yeah, Neal has been doing some work involving supercomputers and I decided to interview him about them. They make excellent bitcoin mining boxes!
-
You're about to hear an interview I recorded with Bob Clark. He currently teaches law at the US Naval Academy, but he's been doing military law for a long time, even serving as the operational attorney for the US Army Cyber Command at one point.
I posted his talk yesterday... he touched on the Weev vs AT&T trial in that and I thought it would be interesting to get his perspective on the CFAA, precisely because it's not the sort of thing he normally concerns himself with. He has less of an agenda than a defence attorney or a prosecutor.
(If you haven't heard the episode of the regular Risky Business podcast where I had a chat with Weev and recapped that whole thing you might want to check it out because we reference it in this interview. It's here.)