Boneheaded superannuation firm tries shooting messenger...
October 13th, 2011 --
Well-known Australian information security professional Patrick Webster has been visited by NSW Police officers following his disclosure of an embarrassing Web application security bug to his superannuation fund.
But what are the REAL issues?
October 11th, 2011 --
By now you've likely read about the German Chaos Computer Club's (CCC) reverse engineering of the so-called "Bundestrojaner," or "federal trojan". Someone found a copy of a remote access trojan in the wild, claimed it was government spyware and submitted it to CCC for analysis. The resulting publications give us a bit of an insight into at least one country's alleged "computer tapping" capabilities.
PLUS Adam Boileau rejoins the show in this week's news segment...
October 7th, 2011 --
This week's feature guest is Kevin Mitnick! Possibly one of the world's best known computer hackers, Kevin has been the subject of several books and even a B-Grade movie. He spent years on the run evading capture by the FBI, eventually winding up in prison for something like five years. Since his release in January 2000 he's become a successful public speaker, security consultant and author. His latest work, however, is his most well received. Kevin, with writer William L. Simon, has finally written an autobiography, and from nowhere it's become a New York Times bestseller.
You know things are getting crazy when Microsoft is dropping dox...
September 30th, 2011 --
There's no feature interview in this week's show, instead we're focussing on news instead! And what a week it's been. Browser makers have slayed the SSL BEAST attacks, Goldman Sachs' CEO got dox'd, as did Sgt. Douchebag of the NYPD. You know the one... he's the guy who maced a bunch of peaceful protestors in the face. Microsoft even got in on the action and dox'd the operator of the Kelihos botnet! Meanwhile if you're a Cisco admin you're likely having a tough week, as are the folks at Diebold, who apparently STILL can't make secure e-voting machines.
Plus details on the latest SSL/TLS bug, 'droid bugs and more!
September 23rd, 2011 --
This week's feature guest is the head honcho of the Beef Project, NGS Secure's Wade Alcorn. Wade joins the program to talk about the SSL/TLS flaw that Juliano Rizzo and Thai Duong plan to demonstrate at the Ekoparty security conference. They've found some really nice flaws in TLS 1.0 that mean you can, under some circumstances, when six planets align in the June dawn, extract session cookies from SSL connections. It's not a bug that marks the end of the world, but it's just a really interesting one so Wade will be along to discuss it.
Misleading the public for fun and profit...
September 21st, 2011 --
Over the last couple of weeks you may have spotted some news stories floating about claiming cybercrime costs society US$388bn annually, with Australia alone suffering A$4.6bn in yearly losses. If the numbers are to be believed, these reports say, that means cybercrime costs us nearly as much as the global trade in illicit drugs. It's a sensational claim and makes an awesome headline, but any way you slice or dice the numbers they just simply don't stack up.
Ain't no one gonna stop this crazy old infosec bus...
September 16th, 2011 --
On this week's show we chat with Ruxcon organiser and vulnerability researcher Chris Spencer. Chris pops by to offer a five percent discount on Ruxcon training to Risky Business listeners, and we also have a quick chat to him about trends in the vulnerability research game. Chris was popping shells and publishing exploits since the nineties, so he's seen a few things change!
Live from the "wanker chillout area"...
September 15th, 2011 --
The following is a recording of a panel discussion about Wikileaks that took place at the Splendour in the Grass music festival in Woodford, QLD, Friday, 29 July 2011. Moderating the panel is The Chaser's Julian Morrow. On the panel: * Nicholas Hayden, Hungry Beast, ABC TV * Marc Fennell, Hungry Beast, ABC TV * Grace Morgan, Julian Assange's Australia-based solicitor * Suelette Dreyfus, Author, Underground * Patrick Gray, Host of the Risky Business podcast * Christine Assange, Julian Assange's mother The recording is unedited. Enjoy!
Someone has their sights set on Australian users...
September 14th, 2011 --
It seems the bad guys are targeting Australian Internet users this week. I got a few of these this morning, as did a couple of Risky.Biz listeners: From: Date: 14 September 2011 10:05:53 AM AEST To: Subject: Attention for the ABN owners x-original-to: REDACTED x-mailer: azzgnshjz.46 Australian Taxation Office together with Australian Business Register wants to inform you that starting from January, 1 2012 new rules of use of ABN number are being introduced. The changes will concern: - GST credits;
Man, those CAs sure to know how to screw things up, huh?
September 9th, 2011 --
On this week's show we take a look at the security of browser JIT engines with two extremely smart guys: Chris Rohlf and Yan Ivnitskiy of Matasano Security. They presented a paper in Vegas all about attacking clientside JIT compilers. It's good, old-fashioned security research -- the type of research that's increasingly being withheld from the public these days. What is a JIT compiler? How does it work? Do they present inherent security problems? Tune in to find out!
Risky Business gets all political and stuff...
September 2nd, 2011 --
What a week in information security! Between getting owned, the Iranian Government apparently hacking a Dutch CA to mint around 250 valid certs for stuff like * and Wikileaks experiencing a spectacular opsec fail, there's plenty to talk about in this week's news segment with Adam Boileau.
Secret squirrel Diocyde joins the show to discuss attribution and Chinese cyber-espionage...
August 26th, 2011 --
This week's feature interview is with anonymous infosec blogger Diocyde. He has access to some fairly sensitive shit, so we can't tell you his name and we've had to disguise his voice. Diocyde is best known as the author of the Veiled Shadows blog.
Microsoft defends its prize for defensive security research...
August 19th, 2011 --
You may have heard about Microsoft's Blue Hat Prize for defensive security research. The company is running a contest for the best memory corruption bug mitigation technology. So, if you reckon you've found the next DEP or ASLR, you could be eligible for the company's $200,000 first prize. It marks a departure from bug bounties -- this is a contest that rewards defensive research, not just new attacks.
Massive APT-related dump matches leaked HBGary analysis...
August 18th, 2011 --
A massive Pastebin dump of domain names and IP addresses supposedly linked to a cyber espionage ring appears to be the real deal. The Pastebin dump, dated August 15, lists around 850 entries containing domain names and IP addresses, supposedly leaked by "RSA Employee #15666". The dump asserts the IP addresses and domain names listed are used in command and control operations by a cyber-espionage ring.
Is IOS 4.x enterprise ready? Well, maybe...
August 12th, 2011 --
In this week's feature interview we're chatting with Dino A Dai Zovi about Mac security -- Dino's well known as a Mac hacker and he's just done a BlackHat talk in which he evaluated Apple's IOS 4.x operating system for enterprise suitability. How did it stack up? Find out after the news! Also this week we check in with Sophos Network Security director of support Alan Toews about Moxie Marlinspike's latest work, an alternative way of doing SSL certificates that completely does away with CAs. That's this week's sponsor interview. Adam Boileau, of course, joins us for this week's news.
How a McAfee "research paper" turned into a media circus...
August 5th, 2011 --
On this week's show we're taking a look at the most devastating state sponsored planet melting, child eating APT the world has ever seen... according to Gizmodo it's the BIGGEST CYBER ATTACK IN HISTORY. Ummm... actually no, it's a fairly unsophisticated botnet comprising of 70 targeted infections.
Authorities scoop up Topiary, "Evil"...
July 28th, 2011 --
This week we're chatting with Detective Superintendent Brad Marden of the Australian Federal Police. While the FBI are out locking up Low Orbit Ion Cannon users on no-bail warrants, Mr. Marden and his team, apparently, are out doing real, actual police work to catch real, alleged criminals. How refreshing! Listeners to this program would have heard of the case of Distribute.IT -- an Australian domain name registrar and hosting company that got majorly worked by a hacker calling himself "Evil from efnet".
LulzSec makes a spectacular return. PLUS Silvio Cesare talks academia.
July 22nd, 2011 --
In this week's feature interview we're chatting with Silvio Cesare. Silvio's an extremely well regarded infosec guy down here in Oz. He'll be chatting to us about his experience in academia. Silvio argues much criticism of academia in industry largely misses the point, and academia actually serves infosec quite well. Cryptography anyone?
Are authorities misleading us or are they actually this stupid?
July 20th, 2011 --
As many readers would no doubt already be aware, the FBI has just arrested 16 "members" of Anonymous in relation to DDoS attacks and intrusions. The US Department of Justice swiftly issued a press release with the catchy, ALL CAPS title of "SIXTEEN INDIVIDUALS ARRESTED IN THE UNITED STATES FOR ALLEGED ROLES IN CYBER ATTACKS". So this is a massive blow to "Anonymous" and its sophisticated campaign of mayhem, right? Wrong.
Did you hear the one about Sony's CAPTCHA?
July 15th, 2011 --
This week's show is all about the news -- a 30 minute dose of Metl! With Anons being arrested, parties unknown pwning defence contractors in the name of #antisec, Sony doing (even more) dumb stuff, Zeus-grade viruses smashing Android devices, India trying to wiretap Skype, support for XP running out in less than three years, Microsoft Security Centre dishing out porn and Morgan Stanley losing customer info on unencrypted disks, we just didn't have time for a feature interview this week!