Corrupted Nerds: Conversations

Each year the Ruxcon information security conference ends with the infamous Ruxcon Panel. Here's a full recoding of the panel from Ruxcon 2016.

The panellists:

* Barry Anderson, a security solutions architect for Cisco Security Solutions, Asia Pacific.

* Prof Jill Slay, director of the Australian Centre for Cyber Security (ACCS) at the Australian Defence Force Academy (ADFA).

* Meths Ferrer, a malware engineer at the Microsoft Malware Protection Center (MMPC).

* Richard Johnson, Manager of Vulnerability Development for Cisco Talos.

* Stilgherrian, writer and commentator on cybersecurity and internet politics.

Our moderator was Dr Suelette Dreyfus, journalist and research fellow at the University Of Melbourne.

This discussion was recorded on Sunday 23 October 2016 in Melbourne, Australia.

For full credits see:

http://corruptednerds.com/pod/c00017/

This episode of Corrupted Nerds takes a look at the Ruxcon 2016 information security conference held in Melbourne on 22 and 23 October.

Just like our look at Ruxcon 2015, I'm joined by Michael McKinnon, now director of commercial services at Sense of Security; and Darren Pauli, security reporter for The Register.

There's also a conversation about measuring risk with Ron Gula, founder of Tenable Network Security.

The discussion was recorded on 28 October 2016 on the banks of the Coburg Lake Reservoir in Melbourne. The interview with Ron Gula was also recorded on 28 October 2016.

For full credits see:

http://corruptednerds.com/pod/c00016/

In a surprise experimental episode, Leslie Nassar, co-founder of Wrangling Cats, freelance writer and builder of Twitter things since 2007, joins Stilgherrian to talk about some of the stories in the news.

This episode was recorded on Wednesday 2 December 2015 in Sydney, Australia.

For full credits see:

http://corruptednerds.com/pod/c00015/

Joe Franzi, Assistant Secretary for Cyber Security with the Australian Signals Directorate (ASD), gives his first on-record media interview in his five years in that role.

It's not often that we get to hear from people like Joe Franzi. He's been working in Australia's defence and intelligence community for more than 37 years. Most recently, that's been with the ASD, formerly the Defence Signals Directorate (DSD), Australia's equivalent to, and partner with, the US National Security Agency.

The ASD isn't just cyber spies. Like the NSA, it's also responsible for defending government, military and other critical communications networks. That's where Franzi currently fits in, and for the last year his team has been the defence-sector contribution to the Australia Cyber Security Centre (ACSC), opened a year ago.

A spoiler: there's no grand secrets in this interview. Maybe next time. But what you will hear is some intelligent comments about risk management -- including a view on whether Australia's new prime minster Malcolm Turnbull should really be using commercial email services -- and about the cultural issues that come up when you put together a cyber defence team from disparate organisations.

This interview was recorded on Thursday 15 October 2015 in Melburne, Australia.

For full credits see:

http://corruptednerds.com/pod/c00014/

The Corrupted Nerds podcast returns, kicking off a new series with a look at the Ruxcon 2015 information security conference held in Melbourne on 24 and 25 October.

In this first episode of series two, it's a break from the usual long-form interview format to bring you a panel discussion. Joining me, Stilgherrian, are: Michael McKinnon, social media and security awareness director for AVG Technologies AU; and Darren Pauli, security reporter for The Register.

There's also a conversation with Dr Vanessa Teague, a cryptographer from the University of Melbourne, about the security of electronic voting systems.

The panel conversation was recorded on 31 October 2015, with both Michael McKinnon and Darren Pauli at their homes in Melbourne -- which is why you can hear chickens and dogs. The interview with Vanessa Teague was recorded on 30 October 2015.

For full credits see:

http://corruptednerds.com/pod/c00013/

If you've been wondering what's happened to the Corrupted Nerds podcast, well, it's coming back -- but it needs your help.

This week I'm heading to Melbourne for the Australian Information Security Association's annual conference. I'm recording some material there.

But more importantly, I'm running a Pozible crowdfunding campaign to get me to the Ruxcon infosec conference later in the month, and to fund the next few episodes of the podcast.

As I post this, the campaign is 43% funded, and there's just three days left to reach the target.

For all the details, go to http://pozible.com/corruptednerds2 because the podcast won't be back without your support. Do it now.

The Australian government will soon introduce legislation making it compulsory for telecommunication companies to record the data about their customers' use of their services for up to two years, and make it available to law enforcement and intelligence agencies. But is it the right way to go?

"This is very much the way in which western nations are going, it's been the case in Europe under the European Data Retention directive for some little while now," said Attorney-General George Brandis on 16 July. But what he didn't say was that the European Court of Justice has declared the blanket recording of telecommunications data to be a breach of human rights. It isn't a proportionate response to the claimed threat, and there's no evidence that it'll actually even help.

"What we're being asked to do is ourselves -- innocent law-abiding citizens -- to sacrifice our own liberties, our own rights, in the vague hope that it will somehow catch these handful of Nazi Pedos who are out there," said Carly Nyst, London-based legal director of Privacy International. "Nazi Pedos" is PI's label for the "general all-encompassing bad person who lives on the internet" -- terrorists, pedophiles, cyber criminals, or whoever else we're meant to be afraid of this week.

Carly Nyst spoke about the legal and privacy issues surrounding the metadata proposals at public meeting titled "Data Retention: the European Experience", organised by Electronic Frontiers Australia and the Australian Privacy Foundation. This episode of Corrupted Nerds: Conversations presents a lightly-edited version of that event.

This conversation was recorded on 15 October 2014 in Sydney, Australia.

For full credits see:

http://corruptednerds.com/pod/c00012/

Remember when the media was a great business to be in? Thanks to the digital revolution, that's all changed. So what now?

"For 300-plus years, it was great for the audience, they got free and subsidised content. It was great for advertisers 'cos they got audience. And it was great for media, 'cos they got filthy stinking rich," says Bob Garfield, former advertising man, veteran journalist and columnist, and co-presenter of the US National Public Radio program On the Media and co-host of the Slate podcast on language, Lexicon Valley.

But now, things are bleak. "Unless you are in gambling, search or porn, there's just no money to be made," he said.

Garfield was in Australia recently to keynote and moderate the media stream at the ADMA Global Forum. That's the Association for Data-driven Marketing and Advertising, formerly the Australian Direct Marketing Association.

In this conversation with Corrupted Nerds, he explains why, basically, we're all fucked.

This interview was recorded on 30 July 2014 in Sydney, Australia.

For full credits see:

http://corruptednerds.com/pod/c00011/

Why do so many internet applications end up being hit with privacy disasters? Why not make sure they handle personal data properly to begin with? There's a process for that, and it's called "privacy engineering".

Michelle Dennedy is chief privacy officer with information security firm McAfee and, along with two family members, is co-author of the book "The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value". The ebook version of is available for free.

As I reported in my ZDNet Australia column a few days ago:

"Oftentimes what you find is that [privacy] is the realm of the lawyer, or the risk manager if you're lucky, or maybe the odd finance guy will wander into the cave every now and again," Dennedy said. "Then you go and you talk to the people who are slinging code, or buying services or software or techniques, or going to the cloud and dreaming up technical stuff, and they say to you, 'Kinda leave us in our cave over here, and go write your little policies, they're so cute, and then maybe at the end of it -- maybe -- you get to write some terms and conditions to get me out of my obligations.'"

You recognise that scenario, right? It's another of those ethical shortfalls, where the rules that society has agreed to operate by are seen as just another inconvenience to be avoided.

Privacy engineering is the process of turning various policies, from privacy laws to the needs of the business' plan for data, into something that programmers can work with -- indeed. something they'll want to work with because it's now an engineering problem. It's also something that quality assurance (QA) processes can deal with.

This interview was recorded on 6 May 2014 in Sydney, Australia.

For full credits, see the podcast website:

http://corruptednerds.com/pod/c00010/

It'd be fair to say that most of us in western countries like Australia have a cartoon view of North Korea -- over the top patriotic songs or clichéd images of military parades and speeches. But a growing group of amateur North Korea watchers is changing that.

David Vorm is one of them. His day job is as a security response engineer for a well-known Linux vendor associated with headwear. But he also studies geography and mathematics at the University of Queensland, and he's started using open or commercially available satellite imagery and other data to analyse what's going on on North Korea.

This interview was recorded on 27 October 2013 in Melbourne, Australia.