Carrot versus stick: stick wins
April 13th, 2010 --
In this edition of the RB2 podcast we're chatting with Declan Ingram from Securus Global about an interesting report that was recently released by analysis house Forrester. It was commissioned by Microsoft and was intended to assess the data security practices of North American, European, and Australian enterprises by surveying CISOs.
Blunt tools can be useful too
April 13th, 2010 --
Risky Business 2 is sponsored exclusively by Symantec. This week we're chatting with the company's vice president of security response, Vincent Weafer. In this interview, Vincent and I discuss the relative complexity of modern malware. Gone are the days of 214-byte malware that could spread via a single UDP packet. They were good days, but now they're gone and we're dealing with some really diabolically complicated stuff.
STOP PRESS: Turns out most software sucks balls, security wise...
April 9th, 2010 --
This week we speak to iDefense analyst Kim Zenz, who's currently based in Moscow. We'll be getting an update on what the bad guys are up to in the former USSR, after all it's usually a good indicator of what they'll get up to in Western countries in the not too distant future.
Anyone for phishing? Trend "pulls a McAfee"...
April 6th, 2010 --
Security vendor Trend Micro accidentally e-mailed a planned outage notification to over 1200 of its Australian customers with their e-mail addresses in the open CC field. While not the worst kind of data leak, the mistake has left the vendor somewhat red faced and contrite. Following enquiries from Risky.Biz last week the company e-mailed the users affected by the blunder.
Special news segment plus an interview with Ron Gula...
April 1st, 2010 --
There's no feature interview in this week's show -- it has an empty middle, just like an Easter egg! Between me getting bumped out with a cold for a couple of days last week and this being a four day week, I just couldn't pull one together in time. Apologies. So on this week's show we've got an extra long news segment with Adam Boileau, which is a bunch of fun. In it we discuss: Aurora not all it's cracked up to be RIP SCO Claims of a Vietnamese government sponsored botnet. (WTF?) The march of China's great firewall
Special guest, AFP Assistant Commissioner Neil Gaughan, joins the show!
March 26th, 2010 --
This week we chat with Assistant Commissioner Neil Gaughan of Australia's Federal Police about trends in fraud. We'll also have a bit of a chat about all things Gumblar with Vitaly Kamlyuk of Kaspersky Lab in Japan in this week's sponsor interview. Vitaly's been having a bunch of fun with the creators of Gumblar. In fact, it seems the guys behind the system have gotten so sick of Vitaly and his buddies profiling the Gumblar systems from their Japanese offices that they've blackholed the entire country of Japan to slow him down.
PKI couldn't deliver a pizza despite billions in investment...
March 19th, 2010 --
This week we've got Brian Snow on the show again. Brian had a 34 year career with the NSA in the States -- when he retired just a few years ago he was the technical director of Information Assurance there. He's joining the show this week to talk about PKI, and specifically, why PKI hasn't taken off like we all thought it would. Brian actually has a pretty decent explanation for why things like federated identity never took off in the early to mid naughties like we all thought it would. That's after the news.
Abusive e-mails target Sourcefire partners in Asia Pacific...
March 17th, 2010 --
Sourcefire partners in the Asia Pacific region have been bombarded with abusive e-mails purporting to come from Ammar Hindi, the company's APAC and Japan managing director. Hindi isn't sending the mail. The company suspects the messages are the work of a disgruntled ex-employee based in Singapore. "We have strong suspicions who it is, but haven't been able to establish it definitively," a source close to the matter told Risky.Biz. "It was our hope that they'd lose interest and move on, but after every period of quiet, another wave goes off."
Are your electron-tubez cloudy?
March 12th, 2010 --
On this week's show we're having an extended chat with our good mate Greg Shipley. Greg's best known as the CTO of Chicago-based information security consultancy Neohapsis, and he'll be joining us to talk about what was on the agenda at the RSA conference. Apparently it's cloud, cloud, cloud... but what does that actually mean, mean, mean? Greg will be along soon to discuss, he's always good.
"Mostly pointless" research yields interesting results...
March 5th, 2010 --
Risky Business is hosted by the team at Virtual.Offis in Sydney but sponsored, this week, by Tenable Network Security. This week's feature guest is H D Moore, who'll be joining us to talk about some fun stuff he's been doing with NTP. Believe it or not you can use NTP to do massive recon on the Intertubez. H D has built a database of millions of hosts by querying NTP boxens. It's cool. Tenable Network Security CEO Ron Gula joins us in this week's sponsor interview, and Adam "Beardy McUNIXguy" Boileau drops in to discuss the week's news.
All your patchings are belong to big vendors...
March 4th, 2010 --
This is a sponsored podcast. Symantec sponsors the RB2 podcast so once a month we get one of their staff on the line to talk about industry trends, malware... whatever, really! And today we're speaking with Vincent Weafer, Symantec's director of security response. Regular listeners of Risky.Biz podcasts would have heard me tonking on a LOT about patch management lately, and in particular the moves by large security vendors like McAfee, Trend and Symantec into that space.
An interview with IT lawyer Erhan Karabardak...
February 26th, 2010 --
In this podcast we chat to a solicitor who specialises in IT. His name is Erhan Karabardak and he's with the firm Cooper Mills in Melbourne. Erhan mostly specialises in technology-related stuff, and I wanted to get his thoughts on this so-called hacking scandal engulfing the corridors of power in New South Wales.
Has much changed in 10 years?
February 25th, 2010 --
This week's edition of Risky Business is brought to you by Kaspersky and hosted by Virtual.Offis. This week we take a look at patch management and ask why it still sucks. Security professionals have been advising their clients to sort out their patching processes for more than ten years, but it's still at the top of many, many a post-audit report. We chat to Securosis analyst Rich Mogull about his research on patch management.
When can the feds demand your encryption keys?
February 19th, 2010 --
In this instalment of RB2 we'll be hearing from Australian Federal Police Assistant Commissioner Neil Gaughan, who heads up High Tech and Child Protection Operations, for the AFP. A recent report in the Sydney Morning Herald detailed changes to Australian law that would allow the Australian Federal Police to physically destroy computers if they contain encrypted data the police can't unlock. The story also talked about further changes to laws that would stiffen penalties for suspects who refuse to hand over encryption keys and passwords.
Be nice to Brian or he'll crush your tinfoil hat with a black helicopter...
February 18th, 2010 --
On this week's show we're joined by a very special guest -- Brian Snow. Until his recent retirement, Brian was the technical director of information assurance for the United States National Security Agency. So, in other words he knows a few things about information security and in this week's show we cover a bunch of stuff with him -- everything from Google's recent trouble in China to e-voting, to cyrpto trust models and more. That's after the news.
Brett Moore joins Risky Business for a chat...
February 11th, 2010 --
On this week's show we'll be checking the news with Adam Boileau, as we always do, then we're going to have a chat with Brett Moore of Insomnia Security. A bug Brett found featured in the most recent patch Tuesday release, so we thought we'd get him on the line and get the latest scuttlebut from the world of vulnerability research. Where are the new bugs popping up? What are the trends? What can we expect? That's after the news.
iPad ahoy! General purpose computers are on the way out, says security industry legend...
February 3rd, 2010 --
Risky Business is back for 2010! On this week's program we chat with information security legend Dan Geer. Dan's the Chief Information Security Officer for In-Q-Tel, which is, in essence, the technology investment arm of the CIA. He's not appearing in Risky Business is his capacity as an In-Q-Tel employee, however, he joins us as a veteran of the information security industry. Dan helped create Kerberos during his tie with project Athena at MIT and was the chief technology officer at @Stake for a time.
Risky Business wraps 2009...
December 23rd, 2009 --
This week's edition of Risky Business is brought to you by Check Point Software. It's our last episode for the year -- Risky Business will be back in February 2010. Until then, here's our year in review special. It's a light hearted look back on 2009, the year that was. Check Point's Steve MacDonald stops by for this week's sponsor interview.
Neal Wise busts out his one finger punch...
December 18th, 2009 --
This week's episode of Risky Business is the second last for the year! In this week's feature interview we're chatting with Neal Wise about his "one finger punch". Neal's done some really interesting work in hacking Cisco firmware and the exploit he's developed is literally a two word command that gives you unrestricted access to a whole bunch of Cisco kit. It's not a massive story or anything. It's just funny.
Paul fuzzes the absolute crap out of some rare software...
December 17th, 2009 --
In this edition of RB2 you'll hear Paul Craig's Kiwicon 3 presentation, Hacking Scientists. As you'll hear, Paul has developed some fuzzing methodologies that he's applied to scientific software. This sort of software -- chemistry stuff, fluid dynamics stuff etc -- is used by weapons designers, pharmaceutical engineers, car manufacturers and all sorts of very interesting people. In other words, this software is found on the same systems as the world's most valuable IP. It's good stuff to find bugs in.