Risky Business #258 -- Kevin Mitnick on identity verification

How gaps in your authentication procedures will be exploited...
11 Oct 2012 » Risky Business

On this week's show we're chatting with Kevin Mitnick! Arguably the world's best known hacker, Kevin used to be a very naughty boy, and that saw him sent to prison a few times... but since his most recent release over 12 years ago he's established himself as a security consultant, author and globetrotting public speaker.

We're chatting to him about the fundamentals of identity verification. How can you be sure that person on the phone requesting a password reset really is your customer? Can you rely solely on static identity information in this day and age?

This week's show is brought to you by PacketLoop, an Australian start-up doing really interesting packet capture analysis. It's big data security analytics! It's really interesting stuff and we're thrilled to have the support of a local company doing new things.

We'll be chatting to PacketLoop co-founder and CTO Michael Baker in this week's sponsor interview about roughly what they're doing.

PacketLoop is also sponsoring our coverage of Ruxcon Breakpoint next week. Just head to http://risky.biz/breakpoint for all our breakpoint coverage, with thanks to PacketLoop. I'll be down there dual filing stories and audio for Risky.Biz and The Register.

Show notes

Report: Chinese Tech Firms Should Be Viewed With Suspicion, Barred From U.S. Networks | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/10/chinese-telecoms-suspicious/

Hackable Huawei - F-Secure Weblog : News from the Lab
http://www.f-secure.com/weblog/archives/00002442.html

Philippines court halts a contentious cybercrime law | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57529298-83/philippines-court-halts-a-c...

Worm spreading on Skype IM installs ransomware | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-...

Symantec: Russian criminals sell Web 'proxy' with backdoors | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57528254-83/symantec-russian-criminals-...

Middle East cyberattacks on Google users increasing | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57525334-83/middle-east-cyberattacks-on...

Microsoft Patches Critical Word Flaw; Certificate Key Length Changes are Official | threatpost
http://threatpost.com/en_us/blogs/microsoft-patches-critical-word-flaw-c...

Adobe, Microsoft Issue Updates for Critical Flaws in Flash Player | threatpost
http://threatpost.com/en_us/blogs/adobe-microsoft-issue-updates-critical...

New Tactics Helping Toll Fraud Malware on Android Avoid Detection | threatpost
http://threatpost.com/en_us/blogs/new-tactics-helping-toll-fraud-malware...

Zitmo Growing More Sophisticated, Prevalent in Android | threatpost
http://threatpost.com/en_us/blogs/zitmo-growing-more-sophisticated-preva...

Malware Signed by Adobe Certificate Only Used in Limited Targeted Attacks | threatpost
http://threatpost.com/en_us/blogs/malware-signed-adobe-certificate-only-...

Hack In The Box: Pirate Bay MIA, Chrome vulnerability found | ZDNet
http://www.zdnet.com/hack-in-the-box-pirate-bay-mia-chrome-vulnerability...

Proof-of-Concept Exploits HTML5 Fullscreen API for Social Engineering | threatpost
http://threatpost.com/en_us/blogs/proof-concept-exploits-html5-fullscree...

\ufeffGoogle App Engine open to session jacking - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/318610,65279google-app-engine-open-to-...

Flaws allow 3G devices to be tracked - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/317819,flaws-allow-3g-devices-to-be-tr...

3000 EU infosec pros engage in mock attacks - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/318261,3000-eu-infosec-pros-engage-in-...

Twitter outage caused by human error, domain briefly yanked | Internet & Media - CNET News
http://news.cnet.com/8301-1023_3-57528165-93/twitter-outage-caused-by-hu...

Hacker Goes on Massive WoW Killing Spree; World Survives | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/10/hacker-kills-thousands-in-wow/

Packetloop
http://www.packetloop.com/

The Izzys: Change Your Mind
http://www.shazam.com/music/web/track?id=57992307

,

The US are really careful of China. They have these kind of measures to ensure they don't get so far. - James D. Sterling