Rapid7 acquires Metasploit project promising development resources
October 21st, 2009 --
The Metasploit project has been acquired by Rapid7, a US-based vulnerability management company. Metasploit creator H D Moore confirmed the sale in a podcast interview with Risky.Biz overnight (Click to hear the podcast). "This is more of a buy in than a sell out," he told Risky.Biz "It's about taking Metasploit to the next level with a real company with real funding."
What can the IT security industry learn from food science?
October 16th, 2009 --
This week's show features an excerpt from David Rice's plenary speech at the GovCERT Symposium in Rotterdam, The Netherlands. In his talk, David asks what the security business could learn from pasta sauce, Diet Pepsi and food science in general. It's a bit out there, but it's well worth a listen.
Sometimes industry standard controls are not enough...
October 8th, 2009 --
This week's show is a bit of a special edition, prepared at the GovCERT.nl Symposium at the World Trade Centre in Rotterdam, Netherlands. This isn't a regular edition of the show, so sadly we will not be joined by our regular news guest Adam Boileau for our weekly news segment. Instead, we'll be having a chat with Neohapsis CTO Greg Shipley, who's also here to give his own talk at GovCERT.nl.
Watch out for Americans in your ducts...
October 1st, 2009 --
In today's podcast you'll hear Risky.Biz's New Zealand correspondent Paul Craig discussing Red Team testing with Chris Nickerson. A Red Team test involves more than just a standard pen test, it's an outright simulated attack. You'll hear Chris speak of crawling through ceilings to get to data centres, stealing trade secrets -- actual documents -- and even having his nose smashed in by an overly enthusiastic security guard.
It's not over... Bottle will fight Supreme Court ruling...
September 30th, 2009 --
Domain name registrar Bottle Domains will appeal a court ruling that would have seen it stripped of accreditation as a registrar, Australia's domain name regulator says.
Law, law... more law. And hacking and stuff...
September 30th, 2009 --
On this week's show we'll be chatting with Stratsec's Chief Technology guy Nick Ellsmore about bank fraud liability. A couple in the USA who fell victim to a phishing scam are suing their bank to get their money back. Nick's not a lawyer, but he's one of those guys who follows the law as it relates to security very, very closely, so he'll be on the show to talk about that.
Is grey the new white this season?
September 23rd, 2009 --
On this week's show we'll be taking a look at the disclosure of security vulnerabilities in Web applications. An interesting blog has recently popped up here. If you visit (at your own risk), what you'll see there is basically nothing but screen caps of owned Web applications. They're big targets, too. We're talking about Facebook, RBS WorldPay, that sort of thing. Browsing through that blog is a very diverting 20 minutes.
The propeller heads at Microsoft have been busy making Office less pwnable...
September 17th, 2009 --
Risky Business 2 is sponsored exclusively by Symantec. In this edition of the show we're taking a look at Microsoft's Office 2010. Last week I headed to Microsoft's Tech Ed conference on the Gold Coast and caught up with Reed Shaffner, a product manager with the Office team, to chat about the security features in Office 2010. The company has put a lot of work into making sure the types of attacks that have plagued its office suite over the last few years will be a thing of the past. Will these new measures succeed?
Xenophobic paranoia or genuine spookery?
September 15th, 2009 --
This week's edition of Risky Business is brought to you by the fine folks at Sophos, the makers of all types of security software and the employer many, many smart cookies.
RIP Windows 2000?
September 9th, 2009 --
Microsoft has refused to patch a denial of service vulnerability in Windows 2000, claiming working up a fix is "infeasible". While the bug allows remote code execution several versions of Windows, including Vista and Server 2008, its impact on Windows 2000 is limited to causing a denial of service. Let's hope it's not one of those Denial of Service bugs that turns out to be quite serious later.
Are cyber cartels just... cartels?
September 4th, 2009 --
This week's episode is sponsored by Check Point software. On this week's show we're chatting to Alastair MacGibbon of Surete Group. He was the Australian Federal Police Agent who established the multi-jurisdictional Australian High Tech Crime Centre back in 2003. He was with the AFP for 15 years and spent the majority of his policing career working in drug enforcement. That included investigating criminal drug syndicates. He'll be along this week to dispel some of the current theories doing the rounds about online criminal activity.
When trivial bugs do the Power Rangers thing...
September 4th, 2009 --
Risky Business two is brought to you exclusively by Symantec, so big thanks to the team over there for making this podcast possible! In this week's special interview you'll hear Paul Craig discussing Web application vulnerability chaining with Mark "Pipes" Piper. Chaining is basically combining a whole bunch of trivial bugs into something quite critical. Paul did this interview at New Zealand's OWASP day.
List of 0day in Vulndisco's exploit pack gets an airing...
September 3rd, 2009 --
InteVyDis has released a list of exploits included in its VulnDisco exploit pack for CANVAS. It makes for pretty interesting reading. There are 211 exploits on the list, with 117 of them described as confirmed 0day. You can find the list here. As far as Risky.Biz is aware, these guys do not contact vendors and give them details on 0day they acquire. While to most that would seem the right thing to do, it's directly opposed to InteVyDis' commercial interests.
Arbor Networks manager of security research Jose Nazario joins Risky.Biz...
August 27th, 2009 --
This week's show is sponsored by Microsoft and hosted by Vigabyte virtual hosting. On this week's show we chat with Jose Nazario, the manager of security research for Arbor Networks. Jose is joining us to talk about the latest trends in botnet C&C. Apparently, using IRC is sooooo 2005 these days... We also talk to Stuart Strathdee from Microsoft in this week's sponsor segment. In it, we discuss alleged criminal mastermind and all round badass Albert "The SoupNazi" Gonzalez. Will his capture and prosecution be a deterrent or an inspiration to fraudsters?
World first "mathematically verified" microkernel. Whoah.
August 21st, 2009 --
This week's edition of Risky Business is brought to you by Sophos and hosted by Vigabyte virtual hosting. On this week's show we chat with Professor Gernot Heiser. He's the chief Technology Officer of OK-Labs, or Open Kernel Labs. The company makes software for embedded systems, and recently NICTA -- that's a government funded technology R&D lab -- has claimed to have mathematically verified one of the OK-labs kernels as being mathematically perfect. No buffer overflows. No null pointer dereferences. No divide by zeros. The Prof stops by to explain what this all means.
NoScript will not save you from Roberto and Nick's uber-cool technique...
August 21st, 2009 --
In this special interview you'll hear our New Zealand correspondent Paul Craig interviewing Security-Assessment.com's Roberto Suggi Liverani and Nick Freeman discuss their research into exploiting Firefox extensions. These guys were doing a review of a large web application and evaluation of a related firefox extension was in scope.
National two factor authentication scheme collecting dust...
August 14th, 2009 --
On this week's show we're chatting with CEO of Australia's Internet Industry Association, Peter Coroneos. Peter led the charge for a National 2FA scheme many years ago... it hasn't quite gotten off the ground yet, but Peter joins us shortly to discuss the scheme, how it got started and why it hasn't really gone anywhere yet.
Kevin Hogan gives his take on the current state of the badness...
August 14th, 2009 --
In this month's sponsored podcast here on Risky Business 2 we're chatting with Symantec's Senior Director of Global Security Response Operations Group, Kevin Hogan, about quite a few things. We'll be talking about the standardisation of many forms of malware, weaknesses in the packers the bad guys are using -- that's interesting -- and heaps of other stuff around online threats.
Recorded talk from OWASP day NZ...
August 7th, 2009 --
In this presentation from New Zealand's OWASP day, you'll hear Lateral Security's Nick Von Dadelszen describe testing methods for Web services. Unfortunately he does some demonstrations that don't really translate well via audio, but if this is already an area of interest to you, then you'll still find it valuable.
Web application security gets attention, the same cannot be said for Web services security...
August 7th, 2009 --
In this interview, you'll hear Risky.Biz's New Zealand correspondent Paul Craig discuss Web services security with Lateral Security's Nick Von Dadelszen. We all hear a lot of talk about web application vulnerabilities, and not much at all about web services problems. The result is a lot of web services are wide open.