Are Flash and Air apps the mess you'd expect them to be?
September 10th, 2010 --
On this week's show we're taking a look at Flash applications. With tonnes of thick client apps being replaced with apps built on Flash, we thought we'd have a chat to Azimuth Security's Alex Kouzemtchenko about what some of the pitfalls in developing Flash apps are. This week's edition of the show is brought to you by Symantec, and we're stoked to have that company's CTO, Marc Bregman, on the show for this week's sponsor interview. He's an interesting guy and he's got a lot to say, not surprisingly, about where we're all headed as an industry in light of the McAfee Intel deal.
It's not just stolen certs we have to worry about...
September 3rd, 2010 --
On this week's show we're chatting with F-Secure's Jarno Niemela about some of the issues with Authenticode. He'll tell us about one fascinating case where a piece of malware actually carried a valid signature from a real company... stolen keys, right? As it turned out, that company didn't make software and had no idea what an Authenticode cert actually was. Jarno got to the bottom of that little mystery and tells us all about it after the news with Adam Boileau.
Are there really 7.68 billion reasons for Intel to acquire McAfee?
August 27th, 2010 --
In this week's show we take a look at all the big news events over the last week. A newly rediscovered DLL hijacking technique has made some waves over the last seven days, as has the arrest in India of an e-voting machine security researcher. Adam Boileau joins the program to discuss those items and others in this week's news segment. In this week's feature interview we take a detailed look at Intel's decision to acquire security software maker McAfee for USD$7.68 billion. What is the reaction among analysts and the wider market?
Mobile device encryption no match for low-level attacks...
August 20th, 2010 --
This week's guest is Felix "FX" Lindner. A well known researcher, FX has spent more than his fair share of time crawling around the innards of Blackberry devices. He joins us this week to discuss the hubbub about lawful interception and Blackberry devices -- how resistant to wiretapping are they? What's the OS security like? What's the encryption scheme like? As it turns out, the Blackberry holds up pretty well on most fronts, but FX fears law enforcement and intelligence agencies may start exploiting the baseband chipsets on mobile devices in order to intercept the data they carry.
Effective spamming all too easy...
August 17th, 2010 --
Last Tuesday was an unremarkable day. I awoke to the usual E-Mails IRC chatter and RSS reading, the most noteworthy of which was a small cluster of ZDI advisories addressing issues in WebKit. Then I spotted the following, unremarkable tweet from @davidfarrier: "some chap in china just hacked my gmail. and just to tell people about iphone 4s. as if people didn't know already. silly bugger." Quickly followed by this:
John Conner eat your heart out...
August 13th, 2010 --
This week's show is a cracker -- we're joined by IOActive's Barnaby Jack. He made some major waves at BlackHat this year by demonstrating his attacks on ATMs. He joins the show to discuss his research and talk about why his talk -- which was originally scheduled for last year's BlackHat conference -- was cancelled last year. Kaspersky Lab's Vitaly Kamlyuk is this week's sponsor guest. He joins us to discuss what AV companies can do to detect some of the more exotic malware out there such as Stuxnet. Adam Boileau, as always, checks in with the week's news headlines.
H D Moore's VxWorks research is out of this world...
August 6th, 2010 --
On this week's show chat to H D Moore about his research into the security -- or lack thereof -- of the VxWorks embedded operating system. H D did a presentation at the Security B-Sides event that ran concurrently with Black Hat in Las Vegas. As it turns out VxWorks is used in a lot of places and the people who put it together suck at maths. People who suck at maths write bad hashing algos. Really. We'll also have a chat with Ron Gula of Tenable Network Security in this week's sponsor interview, and of course, Adam Boileau stops by for a chat about the week's news headlines.
APTs result of evil genius from marketroids, not hackers...
July 29th, 2010 --
This week we take a look at Verizon Business Security Solutions' data breach investigation report. It declares APTs are nothing more than marketing hype! Polly Waffle! Verizon's Bryan Sartin and Mark Goudie join us to discuss the report and that company's position on APT hype. You can find the full report here. Symantec's Francis deSouza stops by for this week's sponsor interview. In it we discuss the company's plans for its newest acquisitions -- Verisign and PGP corporation.
Stuxnet almost certainly created by intelligence service...
July 23rd, 2010 --
This week's show is a cracker, and it's brought to you by our brand spanking new sponsor Research In Motion, makers of the Blackberry. In this week's show we're taking an in depth look at the Stuxnet malware and the hideous, unpatched .lnk bug still affecting Microsoft systems. Paul Ducklin joins us to chat about that. Ed Curtis from Research in Motion will be along in this week's sponsor interview to have a chat about some of the mistakes people make when rolling out Blackberry Enterprise Server, stay tuned for that.
New Zealand-based Hell Pizza's database gets walked...
July 22nd, 2010 --
The online customer database of a New Zealand-headquartered pizza store chain has been compromised. Risky.Biz understands multiple intruders have compromised Hell Pizza's 400mb database. While it does not contain any credit card information, it does contain in excess of 230,000 rows of customer entries. The company operates 64 stores in New Zealand, three in England, nine in Australia and one in Ireland.
The militarisation of computer hacking is well underway...
July 20th, 2010 --
So here's some food for thought: According to a report in the Washington Post, 22 US Government departments and 143 private companies are involved in top secret "cyber operations" programs.
Want a quick $40k?
July 16th, 2010 --
On this week's show we take a fresh look at the insider threat in light of the news, here in Australia, that criminal syndicates are paying up to $40,000 to bribe service station attendants into helping them skim cards. If the bad guys are willing to pay $40k for someone that low on the food chain, what will they pay to get at someone in your organisation? To find out we'll be joined by Gartner research director, AusCERT co-founder and former Commonwealth Bank security big-wig Rob McMillan. Also this week we chat with Kaspersky's Vitaly Kamlyuk in the sponsor interview.
Jack Daniel vents his frustration with media outlets, including Risky.Biz...
July 12th, 2010 --
Someone has done some wildly successful social engineering.  Amazing, actually.  I am not talking about the “Robin Sage” social media/social engineering case where a lot of people who should know better gave up a lot of information in a lot of different ways.  That may be interesting (we’ll see when it is presented), but even though some of the results were sensitive, that is building on a lot of prior work.
How to MITM the iTunes store for fun and profit...
July 9th, 2010 --
On this week's edition of the show we take a look at the security of Apple's iTunes store. If you haven't heard the news, it seems a rogue app developer was able to bill Apple customers for apps they never bought.
Alleged US military Wikileaks source to get day in court...
July 7th, 2010 --
US soldier Bradley Manning has been charged with disclosing classified material to whistleblower site Wikileaks. But it's what he hasn't been charged with that's interesting. Since the news of Manning's arrest broke there has been much speculation about the fate of 150,000 diplomatic cables the young soldier is alleged to have stolen.
Fuji photo printing kiosks at Big W apparently infecting customers with malware...
July 5th, 2010 --
Photo kiosks in Big W stores are allegedly infecting customers with USB-borne viruses. The Windows-based Fuji photo kiosks located in the company's stores apparently don't run antivirus software, so lovely little bits of malicious software like Trojan.Poison-36 are winding up on customers' USB keys, according to Risky Business listener and blogger Morgan Storey.
WARNING: Contains potty-mouth language...
July 2nd, 2010 --
WARNING: This week we missed some bad language during the edit... so hide this filthy podcast from your children's innocent ears. On this week's show we're chatting with the head of Australia's Internet Industry Association (IIA), Peter Coroneos, about the government's plan to force internet users here to use antivirus software or be kicked off the tubes! Peter was the architect of Australia's just released voluntary code for ISPs, but he'll be along soon to talk about why he thinks regulation here is actually a BAD idea. That's coming up soon.
Infantile rivalry, pissing contest emerge...
July 1st, 2010 --
I've followed with great interest's coverage of the arrest of Private Bradley Manning, the young American soldier who allegedly leaked reams of classified US military material to Wikileaks. I've also watched in disbelief as Wikileaks has lashed out at journalist Kevin Poulsen, suggesting he somehow acted unethically in his reporting of the arrest. In my mind all he did was scoop other outlets with the news of Manning's troubles. That's not unethical, that's just good journalism.
Kimberly Zenz updates us on goings on in Russia...
June 25th, 2010 --
In this week's show we have a chat with iDefense threat analyst Kimberly Zenz. Apparently Russian cybercrooks love to use ICQ, so US-based investigators are worried about the planned sale of ICQ to a Russia-based company called Digital Sky. Kimberly's specialty is the Russian cybercrime scene, and apparently this mooted sale is interesting for a number of reasons. She joins the show to explain!
The gloves come off as CERT Australia and AusCERT duke it out...
June 18th, 2010 --
On this week's show we take a look at Australia's CERT wars. The Australian government has more or less declared AusCERT dead. It says its new group, CERT Australia, which is run out of the Attorney General's Department, will act as the sole point of contact for organisations in Australia when seeking CERT services or coordination. AusCERT doesn't see it that way. Its general manager, Graham Ingram, fronts this week's program to claim it's business as usual for the member-funded NGO. We also have a chat with our secret squirrel, an anonymous source close to the war.