Jack Daniel vents his frustration with media outlets, including Risky.Biz...
July 12th, 2010 --
Someone has done some wildly successful social engineering.  Amazing, actually.  I am not talking about the “Robin Sage” social media/social engineering case where a lot of people who should know better gave up a lot of information in a lot of different ways.  That may be interesting (we’ll see when it is presented), but even though some of the results were sensitive, that is building on a lot of prior work.
How to MITM the iTunes store for fun and profit...
July 9th, 2010 --
On this week's edition of the show we take a look at the security of Apple's iTunes store. If you haven't heard the news, it seems a rogue app developer was able to bill Apple customers for apps they never bought.
Alleged US military Wikileaks source to get day in court...
July 7th, 2010 --
US soldier Bradley Manning has been charged with disclosing classified material to whistleblower site Wikileaks. But it's what he hasn't been charged with that's interesting. Since the news of Manning's arrest broke there has been much speculation about the fate of 150,000 diplomatic cables the young soldier is alleged to have stolen.
Fuji photo printing kiosks at Big W apparently infecting customers with malware...
July 5th, 2010 --
Photo kiosks in Big W stores are allegedly infecting customers with USB-borne viruses. The Windows-based Fuji photo kiosks located in the company's stores apparently don't run antivirus software, so lovely little bits of malicious software like Trojan.Poison-36 are winding up on customers' USB keys, according to Risky Business listener and blogger Morgan Storey.
WARNING: Contains potty-mouth language...
July 2nd, 2010 --
WARNING: This week we missed some bad language during the edit... so hide this filthy podcast from your children's innocent ears. On this week's show we're chatting with the head of Australia's Internet Industry Association (IIA), Peter Coroneos, about the government's plan to force internet users here to use antivirus software or be kicked off the tubes! Peter was the architect of Australia's just released voluntary code for ISPs, but he'll be along soon to talk about why he thinks regulation here is actually a BAD idea. That's coming up soon.
Infantile rivalry, pissing contest emerge...
July 1st, 2010 --
I've followed with great interest Wired.com's coverage of the arrest of Private Bradley Manning, the young American soldier who allegedly leaked reams of classified US military material to Wikileaks. I've also watched in disbelief as Wikileaks has lashed out at Wired.com journalist Kevin Poulsen, suggesting he somehow acted unethically in his reporting of the arrest. In my mind all he did was scoop other outlets with the news of Manning's troubles. That's not unethical, that's just good journalism.
Kimberly Zenz updates us on goings on in Russia...
June 25th, 2010 --
In this week's show we have a chat with iDefense threat analyst Kimberly Zenz. Apparently Russian cybercrooks love to use ICQ, so US-based investigators are worried about the planned sale of ICQ to a Russia-based company called Digital Sky. Kimberly's specialty is the Russian cybercrime scene, and apparently this mooted sale is interesting for a number of reasons. She joins the show to explain!
The gloves come off as CERT Australia and AusCERT duke it out...
June 18th, 2010 --
On this week's show we take a look at Australia's CERT wars. The Australian government has more or less declared AusCERT dead. It says its new group, CERT Australia, which is run out of the Attorney General's Department, will act as the sole point of contact for organisations in Australia when seeking CERT services or coordination. AusCERT doesn't see it that way. Its general manager, Graham Ingram, fronts this week's program to claim it's business as usual for the member-funded NGO. We also have a chat with our secret squirrel, an anonymous source close to the war.
Lamo explains why he turned in alleged "Collateral Murder" video leaker Bradley Manning...
June 10th, 2010 --
In this week's feature interview we chat with Adrian Lamo. Best known as the "homeless hacker," Lamo is in the news again over his decision to inform on US Army Specialist Bradley Manning, the alleged leaker of the so-called "Collateral Murder" video published by Wikileaks in April. Manning is now in detention in Kuwait. We ask Lamo why he turned him in. Also this week, Veracode co-founder and chief scientist Christien Rioux joins the show to talk about some fresh approaches to information security and cloud computing in our sponsor interview. Sounds boring. Isn't.
When you get popped through an IE6 'sploit, Microsoft ain't your problem, buddy...
June 4th, 2010 --
On this week's show we take a look at reports that Google is set to banish Microsoft Windows from its operating system over security concerns. The tech giant says running Windows is just too risky. Google was, after all, famously owned in the Aurora incident through holes in Internet Explorer 6. But our guest this week, Neohapsis CTO Greg Shipley, says getting owned by a hole in a nine year old browser is probably a sign that your desktop management is the problem, not the platform you've chosen.
Will malware turn Blackberries... blue?!?!
June 2nd, 2010 --
RB2 is brought to you exclusively by Symantec. Mobile security is all the rage these days, so when Research In Motion (RIM) VP of security Scott Totzke came to Australia a few weeks ago, we made sure we got an interview. RIM is the company that makes the Blackberry. While it doesn't have as many cool points as the iPhone, the Blackberry has become the mobile workhorse of the modern enterprise. US President Barack Obama famously insisted on keeping his Blackberry when he came to office, so obviously anything Scott has to say about mobile security deserves to be heard.
Mark talks about his work on Google Chrome's sandbox...
May 28th, 2010 --
Our feature guest this week Azimuth Security's Mark Dowd. Mark is widely regarded as one of the best vulnerability researchers in the industry. He's published remote flaws in software like Sendmail and SSH, he's even created new classes of bugs. Remember that cross platform Flash bug a while ago? That was him, too.
Is Facebook running out of friends? Hur hur.
May 27th, 2010 --
The following is a longer, uncut version of a story that appeared on the front pages of The Age and Sydney Morning Herald yesterday. Facebook's woeful relationship with law enforcement bodies is hampering police investigations and putting lives at risk, the Australian Federal Police says.
It can be a sneaky tool for sneaky people, or a weapon against oppression...
May 26th, 2010 --
In this presentation you'll hear Tor project leader Roger Dingledine talking all about Tor. Who uses it? Why? What's it good for? For those who don't know what it is, Tor is a free-software anonymizing network that helps people around the world use the Internet in safety, the official blurb says.
Where will we be in 2012?
May 26th, 2010 --
In this presentation, Cisco's Vice President and Chief Security Officer John Stewart tries to pin down where we're going to be in 2012. More devices doing more things! Malware embedded in video streams! All sorts of funky stuff!
IBM "pulls a Telstra," red faces everywhere...
May 21st, 2010 --
Risky.Biz has confirmed IBM staff distributed malware-infected USB drives at the AusCERT security conference this week. In a highly embarrassing admission, the company has sent a broadcast e-mail to all AusCERT attendees warning them of the security lapse. "At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," the message reads. "Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."
Has anyone ever noticed that Max Kilger sounds like Kermit the frog?
May 21st, 2010 --
What you're about to hear is the speed debating panel from AusCERT's 2010 conference. A highlight of the conference, this year's panel was hosted by Australian media personality guy Adam Spencer. Panelists were: Max Kilger, Scott McIntyre, Marcus J. Ranum, Roger Dingledine, Alastair MacGibbon, Paul Gampe and Tim Redhead.
Google doesn't filter easily detectable malicious links...
May 21st, 2010 --
In this podcast you'll hear an interview I did with ZScaler's Michael Sutton. In it he expresses frustration that criminals are able to so easily manipulate Google's search results for trending topics. Sutton claims that malicious pages linked to trending topics are rising through Google's rankings almost immediately. In other words, the bad guys have gotten good at SEO. But if Sutton and his colleagues can identify these pages from outside Google, why can't Google detect them? It's not exactly short on resources or cash.
DEP and ASLR have done more than patching, Mosse argues...
May 21st, 2010 --
In this interview you'll hear me having a quick chat to Stratsec's Ben Mosse about vulnerability mitigation in Windows. Cutting a long story short, he reckons measures like DEP and ASLR work quite well, and it's only a matter of time before more, similar protections are introduced.
You can lead a user to AV, but you can't make them install it...
May 21st, 2010 --
In the following interview, Microsoft's Steve Adegbite joins me for this interview about the potential for a nanny state operating system. With all this rogue AV stuff floating about, the Microsofties are encountering a few fairly significant dilemmas on how to deal with this stuff. Should the OS only accept certain, known brands of AV? Well, then they're acting as a gateway and telling people what they can and can't run. Can't do that. What about a warning system like they did with device drivers? Well, that wasn't much good in the end because people just ignored the warnings.