Bonus lulz courtesy of Cisco...
February 11th, 2016 --
This week's show is one for the CSOs! It's the economics edition, I guess you'd call it. We'll be chatting with Professor Lawrence Gordon, co-creator of the Gordon Loeb model for Cyber Security investment. We speak to him about contemporary infosec budgets and how spending of $500m a year by some financial institutions in the USA is actually sensible.
Lots of malware news this week...
February 11th, 2016 --
Links to items discussed in episode 398 of the Risky Business podcast.
You're a diverse bunch...
February 9th, 2016 --
As many of you would know, last week I posted a listener survey to SurveyMonkey. I dropped the link on Twitter and then mentioned it in the show. I wasn't really expecting much of a response, but after about a week, 500 of you have already spent the time to fill out the questionnaire. Thanks!
PLUS: Java deserialisation attacks are coming to eat your soul...
February 5th, 2016 --
******Here's a link to the Risky Business listener survey. Please take some time to fill it in! It'll really help the show!********
News, analysis and more!
February 5th, 2016 --
Links to everything discussed in episode 397 of the Risky Business podcast. Please do click through here to our listener survey to help me put together some demographics on the Risky.biz audience. ------------ Oracle deprecates the Java browser plugin, prepares for its demise | Ars Technica http://arstechnica.com/information-technology/2016/01/oracle-deprecates-... Good Riddance to Oracle’s Java Plugin — Krebs on Security
PLUS Martijn Grooten, Haroon Meer and Adam Boileau!
January 28th, 2016 --
On this week's show we've got two feature interviews! We're talking to Chris Wysopal from Veracode about using static analysis techniques to find back doors in software. With Juniper, AMX, Fortinet and Cisco all experiencing either maliciously planted or accidental backdoors, this is a hot topic. Chris joins us to talk about how you go about finding this stuff and whether or not vendors are taking this issue seriously enough.
Links! Links! Get your links!
January 28th, 2016 --
Links to everything discussed in episode 396 of the Risky Business security podcast.
We're back!
January 21st, 2016 --
In this week's feature interview Facebook CISO Alex Stamos joins us to discuss a few things. We'll be talking about moves by both browser developers and some CAs to deprecate SHA1 signed certificates. He says we need to support SHA-1 for now and he explains why soon. We're also chatting with him about the Juniper fiasco. We also get his thoughts on NSA surveillance now he's responsible for the security of user information at the world's biggest social media platform.
Headlines covering the last month!
January 21st, 2016 --
Links to items discussed in episode 395 of the Risky Business podcast.
The last episode for 2015! Back in January 2016!
December 16th, 2015 --
On this week's show we're chatting with Johns Hopkins University cryptographer Matthew Green about rumblings emanating out of DC with regard to "stopping encryption", whatever the hell that means. In this week's sponsor interview we're chatting with Oliver Fay from Context about a paper they did in conjunction with UK's CERT about exploit kits. How much do they cost? Are there any that stick out as being particularly good? Or bad, depending on your point of view... Links to everything are in this week's show notes.
Satoshi v3.0, epic bugs, arrests and more!
December 16th, 2015 --
Links to items discussed in episode 394 of the Risky Business podcast.
And other assorted bits and pieces...
December 10th, 2015 --
On this week's show -- in addition to covering the latest claims about the true identity of Satoshi Nakamoto -- we're taking a look at a recent deal between a very large bank in Australia and Sydney's University of New South Wales.
News, comedy and more!
December 10th, 2015 --
Links to everything discussed in episode 393 of the Risky Business podcast.
PLUS: Details of the Risky Business partnership with PacketPushers...
December 3rd, 2015 --
On this week's show we're chatting with Kevin Finisterre about Silverpush -- the creepy ultrasonic audio-beaconing technology used by advertising companies that was in the press a couple of weeks ago. Kevin was all over it and he joins me to discuss the growing overlap between the techniques used by marketers and blackhats.
All the news that's fit to... link.
December 3rd, 2015 --
Links to everything discussed in episode 392 of the Risky Business podcast.
Banishing laptop shitware needs to be a CSO priority...
November 26th, 2015 --
On this week's show we're chatting with Darren Kemp of Duo Security. He's one of the authors of a post about the latest example of computer manufacturer shitware introducing catastrophic vulnerabilities into shipped systems. This time it's Dell's turn. If you haven't heard what they actually did you'll hardly even believe it. That's this week's feature interview.
News, music and more...
November 26th, 2015 --
Links to everything discussed in episode 391 of the Risky Business information security podcast.
PLUS: FireEye's Jonathan Wrolstad on WITHCOVEN...
November 20th, 2015 --
In this week's feature interview we're checking in with FireEye's Jonathan Wrolstad. He's a threat intelligence guy at FireEye and they've just published a really interesting report about what a threat group is doing in terms of target recon. They're using marketing company tricks to recon all sorts of high value targets. It's very interesting stuff, and it's likely tied to the Russian state.
All your newsy goodness right here!
November 20th, 2015 --
Links to items discussed in episode 390 of the Risky Business infosec podcast.
Tor Ekeland joins the show to get all lawyerly...
November 12th, 2015 --
On this week's show we're chatting with computer crime lawyer extraordinaire Tor Ekeland! He's worked on a number of high profile CFAA cases. Most recently he's been defending former Reuters and LA Times journalist Matthew Keys on some pretty hefty CFAA charges. He's also the guy who got Andrew Aurenheimer out of jail so he could go and live a free life as a Nazi troll. (Is that really a win?) He also defended Lauri Love... basically if you're a hacker who's fallen foul of the CFAA, this is the guy you want on your team.