Security megalegend Schneier manifests in physical form to take questions...
November 13th, 2009 --
In this podcast you'll hear a Q&A with Bruce Schneier of BT Counterpane, as moderated by Risky Business host Patrick Gray at the recent GovCERT Symposium in Rotterdam, Netherlands. Topics covered include cloud computing, privacy, software manufacturer liability for defects, two factor authentication and more!
Naughty kid or satanic cyberterrorist? You decide!
November 11th, 2009 --
This week's feature guest is the creator of the iPhone worm, Ashley Towns, aka Ikee. This guy is either a cheeky kid or a cyber terrorist, depending on who you ask, and yup -- we've got him on the show. We also check in with Paul Ducklin of Sophos in this week's sponsor interview. You've never heard two interviews that clash more, it's hilarious. In one corner is the heavily pierced kid from Wollongong with the funny haircut, in the other is the middle aged AV guy who's a real stickler for the rules.
What's happened to everyone's favourite Web app blog?
November 9th, 2009 --
"Unu's blog", a website chronicling one hacker's brazen compromises of high-profile web applications, has been yanked offline. Visitors to the blog are now shown text suggesting Unu has shut up shop voluntarily. "This user has elected to delete their account and the content is no longer available," is the only explanation offered.
Chris Disspain of auDA dispels some myths...
November 6th, 2009 --
This week's show is sponsored by the wonderful people from Tenable Network Security. This week's feature interview is with Chris Disspain, the CEO of Australia's domain name regulator auDA. This week we're discussing the move to Cyrillic domain names -- some media commentators have gone a bit berserk on this one, saying that the move will introduce massive risks because people will be able to do phishing campaigns with domains made up partially of Cyrillic characters. Chris will be along to talk about why he thinks that's wrong.
Smart meters are all the rage, but are they securable?
October 29th, 2009 --
This week's podcast is hosted by Vigabyte virtual hosting but sponsored by Check Point. On this week's show we're taking a look at smart metering. It's all the rage these days -- it will usher in an era of automated billing for electricity, gas and water as well as letting the utilities companies do all sorts of intelligent grid management stuff. Utilities across Australia and indeed throughout the world are rolling this technology out as we speak. But as you'll hear, there are opposing views on whether or not this stuff is ready for roll out.
What size is this new, underground business?
October 29th, 2009 --
In this sponsored podcast, Risky.Biz chats with Symantec's Kevin Haley about rogue AV. More specifically, how can we measure the extent of the rogue AV problem? How can we know how much money is involved, and what can be done to shut down this nasty trade?
Two interviews for the price of one!
October 27th, 2009 --
Risky Business 2 is brought to you by Symantec and hosted by Vigabyte virtual hosting! In this podcast you'll hear our roving reporter Paul Craig interviewing a couple of presenters from BruCon, Belgium's security conference. In the first interview, Paul chats to Stephan Chenette of Websense about script fragmentation, a concept that's a bit similar to TCP fragmentation for IDS evasion. Interview number two is about advanced SQL injection attacks, with Gotham Digital Science's Justin Clarke.
Metasploit's fate rests in commercial hands...
October 22nd, 2009 --
This week's edition of Risky Business is brought to you by Sophos. And what a show it is! We've got the exclusive podcast interview with HD Moore, who fills us in on the acquisition of the Metasploit project by Rapid7. Now, before you GPL freaks run to the shed to dig out the pitchforks and flaming torches, you should hear this interview. The way HD describes it, this acquisition is about the best thing that could have happened to Metasploit.
Rapid7 acquires Metasploit project promising development resources
October 21st, 2009 --
The Metasploit project has been acquired by Rapid7, a US-based vulnerability management company. Metasploit creator H D Moore confirmed the sale in a podcast interview with Risky.Biz overnight (Click to hear the podcast). "This is more of a buy in than a sell out," he told Risky.Biz "It's about taking Metasploit to the next level with a real company with real funding."
What can the IT security industry learn from food science?
October 16th, 2009 --
This week's show features an excerpt from David Rice's plenary speech at the GovCERT Symposium in Rotterdam, The Netherlands. In his talk, David asks what the security business could learn from pasta sauce, Diet Pepsi and food science in general. It's a bit out there, but it's well worth a listen.
Sometimes industry standard controls are not enough...
October 8th, 2009 --
This week's show is a bit of a special edition, prepared at the Symposium at the World Trade Centre in Rotterdam, Netherlands. This isn't a regular edition of the show, so sadly we will not be joined by our regular news guest Adam Boileau for our weekly news segment. Instead, we'll be having a chat with Neohapsis CTO Greg Shipley, who's also here to give his own talk at
Watch out for Americans in your ducts...
October 1st, 2009 --
In today's podcast you'll hear Risky.Biz's New Zealand correspondent Paul Craig discussing Red Team testing with Chris Nickerson. A Red Team test involves more than just a standard pen test, it's an outright simulated attack. You'll hear Chris speak of crawling through ceilings to get to data centres, stealing trade secrets -- actual documents -- and even having his nose smashed in by an overly enthusiastic security guard.
It's not over... Bottle will fight Supreme Court ruling...
September 30th, 2009 --
Domain name registrar Bottle Domains will appeal a court ruling that would have seen it stripped of accreditation as a registrar, Australia's domain name regulator says.
Law, law... more law. And hacking and stuff...
September 30th, 2009 --
On this week's show we'll be chatting with Stratsec's Chief Technology guy Nick Ellsmore about bank fraud liability. A couple in the USA who fell victim to a phishing scam are suing their bank to get their money back. Nick's not a lawyer, but he's one of those guys who follows the law as it relates to security very, very closely, so he'll be on the show to talk about that.
Is grey the new white this season?
September 23rd, 2009 --
On this week's show we'll be taking a look at the disclosure of security vulnerabilities in Web applications. An interesting blog has recently popped up here. If you visit (at your own risk), what you'll see there is basically nothing but screen caps of owned Web applications. They're big targets, too. We're talking about Facebook, RBS WorldPay, that sort of thing. Browsing through that blog is a very diverting 20 minutes.
The propeller heads at Microsoft have been busy making Office less pwnable...
September 17th, 2009 --
Risky Business 2 is sponsored exclusively by Symantec. In this edition of the show we're taking a look at Microsoft's Office 2010. Last week I headed to Microsoft's Tech Ed conference on the Gold Coast and caught up with Reed Shaffner, a product manager with the Office team, to chat about the security features in Office 2010. The company has put a lot of work into making sure the types of attacks that have plagued its office suite over the last few years will be a thing of the past. Will these new measures succeed?
Xenophobic paranoia or genuine spookery?
September 15th, 2009 --
This week's edition of Risky Business is brought to you by the fine folks at Sophos, the makers of all types of security software and the employer many, many smart cookies.
RIP Windows 2000?
September 9th, 2009 --
Microsoft has refused to patch a denial of service vulnerability in Windows 2000, claiming working up a fix is "infeasible". While the bug allows remote code execution several versions of Windows, including Vista and Server 2008, its impact on Windows 2000 is limited to causing a denial of service. Let's hope it's not one of those Denial of Service bugs that turns out to be quite serious later.
Are cyber cartels just... cartels?
September 4th, 2009 --
This week's episode is sponsored by Check Point software. On this week's show we're chatting to Alastair MacGibbon of Surete Group. He was the Australian Federal Police Agent who established the multi-jurisdictional Australian High Tech Crime Centre back in 2003. He was with the AFP for 15 years and spent the majority of his policing career working in drug enforcement. That included investigating criminal drug syndicates. He'll be along this week to dispel some of the current theories doing the rounds about online criminal activity.
When trivial bugs do the Power Rangers thing...
September 4th, 2009 --
Risky Business two is brought to you exclusively by Symantec, so big thanks to the team over there for making this podcast possible! In this week's special interview you'll hear Paul Craig discussing Web application vulnerability chaining with Mark "Pipes" Piper. Chaining is basically combining a whole bunch of trivial bugs into something quite critical. Paul did this interview at New Zealand's OWASP day.