Paul fuzzes the absolute crap out of some rare software...
December 17th, 2009 --
In this edition of RB2 you'll hear Paul Craig's Kiwicon 3 presentation, Hacking Scientists. As you'll hear, Paul has developed some fuzzing methodologies that he's applied to scientific software. This sort of software -- chemistry stuff, fluid dynamics stuff etc -- is used by weapons designers, pharmaceutical engineers, car manufacturers and all sorts of very interesting people. In other words, this software is found on the same systems as the world's most valuable IP. It's good stuff to find bugs in.
Sorting good from bad with a rankings approach to malware...
December 17th, 2009 --
In this sponsored podcast, Symantec's VP of security response joins RB2 to talk about some novel new approaches to the malware problem. We don't normally talk to sponsors about their own technology, but this is just where the conversation went, and it's pretty interesting stuff!
All your sekret science are belong to Paul Craig.....
December 11th, 2009 --
This week's show is brought to you by the fine folks at Sophos. This week we're looking at what the mainstream media is calling "climategate". As world leaders meet in Copenhagen to try to hammer out a coordinated response to global warming, the blogosphere and indeed the mainstream press are all in a tizz over thousands of hacked e-mails from the Climate Research Unit of the University of East Anglia.
Moar Metl for your tubez
December 4th, 2009 --
This week's show is a bit different -- we're giving you a double dose of our regular guest Adam Boileau. Following Kiwicon last weekend I checked in to Chez Boileau for a few nights, so we were able to do the news in his kitchen before I buggered off back to Australia. While I was there we also had a chat about Kiwicon and discussed some of the presentations we saw. Adam is a key organiser of Kiwicon so it made sense to discuss it with him. Topics covered include GPS security, shared hosting insecurity, Linux kernel rootkit detection, hacking scientists and much, much more.
When it comes to memory we tend to forget...
December 1st, 2009 --
This edition of RB2 features Ben Hawkes' recent talk at Kiwicon. It was called A History Of Corruption, and it really is a historical recap of memory corruption bugs. It doesn't exactly sound thrilling from that description, but it's a great talk and it's really well delivered. Hawkes is a young security researcher based in New Zealand who's well and truly on the way up. His work on hacking the Vista heap was pretty awesome. If you are familiar with it then you know why a talk about memory corruption as done by Hawkes is going to be interesting. He knows what he's talking about.
Pages and pages of... pages
November 26th, 2009 --
This week's show is brought to you by Microsoft. We've got a couple of great stories in this week's show. We'll be chatting with our semi regular guest Adam Pointon, who's taken a bit of a look through the leaked 911 pager messages that popped up on Wikileaks overnight. While everyone's been trawling through them looking for evidence that the aliens did it, Adam's been taking a look at the automatically generated messages that network equipment was sending out. It's interesting stuff.
Some love him, some hate him: Brazen blogger is back.
November 24th, 2009 --
"Unu's blog" is back online and has claimed the high-profile scalp of a Symantec website. The anonymous blogger, who goes by the pseudonym Unu, successfully extracted customer data including license keys, usernames and passwords from a Symantec website that "facilitates customer support for users of Symantec’s Norton-branded products in Japan and South Korea," the company acknowledged in a statement. He or she published their findings overnight on the resurrected blog.
"It's a miracle the Internet works at all."
November 24th, 2009 --
This podcast features excerpts from Jose Nazario's session at the GovCERT Symposium in Rotterdam. The recording isn't fantastic, but you can understand what he's saying -- it's clear enough. Jose works for Arbor networks and his talk at GovCERT was on BGP security -- security issues in core routing. He covers off some pretty interesting stuff, like why isn't there some sort of global route registry that actually authorises routes? Currently there's nothing like that. If you’re not into routing stuff you’ll probably get lost with this one, but otherwise you’ll likely enjoy it.
Beware of Kiwis with pliers near your DSLtubes and moustached Aussies near your mobiletubes...
November 19th, 2009 --
We've got two feature interviews in this week's show. We'll be chatting with Security-Assessment.com's Carl Purvis, who's found a way to man-in-the-middle ADSL connections by spending only $1,000 on kit. Want to own a branch office of a major corporation? No problem! Carl's due to give a talk at the upcoming Kiwicon conference in which he'll show everyone how it's done, so the interview's a bit of a preview.
Security megalegend Schneier manifests in physical form to take questions...
November 13th, 2009 --
In this podcast you'll hear a Q&A with Bruce Schneier of BT Counterpane, as moderated by Risky Business host Patrick Gray at the recent GovCERT Symposium in Rotterdam, Netherlands. Topics covered include cloud computing, privacy, software manufacturer liability for defects, two factor authentication and more!
Naughty kid or satanic cyberterrorist? You decide!
November 11th, 2009 --
This week's feature guest is the creator of the iPhone worm, Ashley Towns, aka Ikee. This guy is either a cheeky kid or a cyber terrorist, depending on who you ask, and yup -- we've got him on the show. We also check in with Paul Ducklin of Sophos in this week's sponsor interview. You've never heard two interviews that clash more, it's hilarious. In one corner is the heavily pierced kid from Wollongong with the funny haircut, in the other is the middle aged AV guy who's a real stickler for the rules.
What's happened to everyone's favourite Web app blog?
November 9th, 2009 --
"Unu's blog", a website chronicling one hacker's brazen compromises of high-profile web applications, has been yanked offline. Visitors to the blog are now shown text suggesting Unu has shut up shop voluntarily. "This user has elected to delete their account and the content is no longer available," is the only explanation offered.
Chris Disspain of auDA dispels some myths...
November 6th, 2009 --
This week's show is sponsored by the wonderful people from Tenable Network Security. This week's feature interview is with Chris Disspain, the CEO of Australia's domain name regulator auDA. This week we're discussing the move to Cyrillic domain names -- some media commentators have gone a bit berserk on this one, saying that the move will introduce massive risks because people will be able to do phishing campaigns with domains made up partially of Cyrillic characters. Chris will be along to talk about why he thinks that's wrong.
Smart meters are all the rage, but are they securable?
October 29th, 2009 --
This week's podcast is hosted by Vigabyte virtual hosting but sponsored by Check Point. On this week's show we're taking a look at smart metering. It's all the rage these days -- it will usher in an era of automated billing for electricity, gas and water as well as letting the utilities companies do all sorts of intelligent grid management stuff. Utilities across Australia and indeed throughout the world are rolling this technology out as we speak. But as you'll hear, there are opposing views on whether or not this stuff is ready for roll out.
What size is this new, underground business?
October 29th, 2009 --
In this sponsored podcast, Risky.Biz chats with Symantec's Kevin Haley about rogue AV. More specifically, how can we measure the extent of the rogue AV problem? How can we know how much money is involved, and what can be done to shut down this nasty trade?
Two interviews for the price of one!
October 27th, 2009 --
Risky Business 2 is brought to you by Symantec and hosted by Vigabyte virtual hosting! In this podcast you'll hear our roving reporter Paul Craig interviewing a couple of presenters from BruCon, Belgium's security conference. In the first interview, Paul chats to Stephan Chenette of Websense about script fragmentation, a concept that's a bit similar to TCP fragmentation for IDS evasion. Interview number two is about advanced SQL injection attacks, with Gotham Digital Science's Justin Clarke.
Metasploit's fate rests in commercial hands...
October 22nd, 2009 --
This week's edition of Risky Business is brought to you by Sophos. And what a show it is! We've got the exclusive podcast interview with HD Moore, who fills us in on the acquisition of the Metasploit project by Rapid7. Now, before you GPL freaks run to the shed to dig out the pitchforks and flaming torches, you should hear this interview. The way HD describes it, this acquisition is about the best thing that could have happened to Metasploit.
Rapid7 acquires Metasploit project promising development resources
October 21st, 2009 --
The Metasploit project has been acquired by Rapid7, a US-based vulnerability management company. Metasploit creator H D Moore confirmed the sale in a podcast interview with Risky.Biz overnight (Click to hear the podcast). "This is more of a buy in than a sell out," he told Risky.Biz "It's about taking Metasploit to the next level with a real company with real funding."
What can the IT security industry learn from food science?
October 16th, 2009 --
This week's show features an excerpt from David Rice's plenary speech at the GovCERT Symposium in Rotterdam, The Netherlands. In his talk, David asks what the security business could learn from pasta sauce, Diet Pepsi and food science in general. It's a bit out there, but it's well worth a listen.
Sometimes industry standard controls are not enough...
October 8th, 2009 --
This week's show is a bit of a special edition, prepared at the GovCERT.nl Symposium at the World Trade Centre in Rotterdam, Netherlands. This isn't a regular edition of the show, so sadly we will not be joined by our regular news guest Adam Boileau for our weekly news segment. Instead, we'll be having a chat with Neohapsis CTO Greg Shipley, who's also here to give his own talk at GovCERT.nl.