Bob Clark returns to AusCERT…
May 15th, 2014 --
PRESENTATION: When is a cyberwar (drink!) a cyberwar (drink!)? Bob Clark returns to AusCERT… This is a recording of a presentation by Bob Clark, who these days teaches at the US Naval Academy. He has a long history as a department of defence lawyer including a stint as the counsel for the US Army Cyber Command. In this talk Bob covers some ground he has covered before -- looking at when an online action represents an act of war under the laws of armed conflict -- but also takes a look at some legal cases in the civilian world involving the CFAA.
10 years on and Oracle’s report card still lacking…
May 15th, 2014 --
David Litchfield is a very well known researcher in the field of database security. He’s been at it for over a decade, and managed to be a permanent pain in Oracle’s neck since he first started dropping database 0day a million years ago. So I asked him what has changed in the field of database security. Has Oracle improved its procedures?
Dude doesn’t dig on the Google...
May 15th, 2014 --
We’re going to kick things off with a recording of the opening keynote from the conference... this talk is by Felix "FX" Lindner of Recurity Labs. Felix is a very well known hacker and researcher, and his talk is titled we come in peace, they don’t. As you’ll hear, he’s not exactly Google’s number one fan. Here he is, I hope you enjoy it!
All your remotes are belong to Silvio...
May 9th, 2014 --
On this week's show we're chatting with Silvio Cesare about his new pastime of messing around with home alarm systems, garage door remotes and car immobilisers. How secure do you think your little key ring transmitters are? Well, not very. But the interesting thing is, the tools that you need to crack these things are now very cheap -- could we see thieves roaming the streets with software defined radios, opening up your neighbourhood's garages? Tune in to find out
Get your links here!
May 9th, 2014 --
This week's show features an absolutely killer new track from Pilots. You can download it for free using the Triple J Unearthed link provided.
Charlie makes a good argument for driving a classic...
May 2nd, 2014 --
On this week's show we're chatting with security researcher Charlie Miller about the work he's been doing with Chris Valasek on hacking cars. It's fun stuff, but yeah, it might make you want to go back to driving an older car. This week's show is sponsored by BugCrowd. We've got a great interview with BugCrowd founder and CEO Casey Ellis about a really, really interesting little case study he went through involving a random bug-hunter who'd tried blackmailing a BugCrowd client. The solution they came up with was ingenious and spectacularly lulzy.
Links, music and more!
May 2nd, 2014 --
Show notes for episode 320 of Risky Business! Get all your links here!
Sigh...
April 24th, 2014 --
This week's show is brought to you by Adobe! Big thanks to Adobe for making this week's show possible. And we've got an... err... *interesting* program for you this week... we'll be chatting with Andrew Auernheimer, aka weev, about the recent appeal victory that saw him out of prison after 14 months inside. Is he going to pull his head in after his scrape with the law? He says no way!
Moar sigh...
April 24th, 2014 --
Here's a pile 'o links for you.
Risky Business pre-Easter edition!
April 17th, 2014 --
It's a four day week this week and a four day next week so I'm afraid I couldn't organise feature interviews for both, so this week you're getting an extra long news section and a sponsor interview!
News for the Easter weekend...
April 17th, 2014 --
Links to items discussed in this week's edition of Risky Business!
...and XP is dead. Long live XP...
April 11th, 2014 --
This week's feature guest is the man with the Midas touch -- former McAfee president and current FireEye CEO Dave DeWalt. This is the guy who sold McAfee to Intel for $7.8 billion dollars, so I chat to him about a whole bunch of topics, from his thoughts on how Intel has handled that deal, through to Snowden, to the security business overall. It's a great chat with one of the most interesting executives in this whole industry.
Be still my (bleeding) heart...
April 11th, 2014 --
It seems the infosec media was mostly concerned with Heartbleed stories this week! Here are links to what made it into the show, and a few things that got cut out. Don't forget to order your 7 inch vinyl recording of this week's feature track! Link down below.
Special guest, former assistant NY District Attorney Dave Stampley...
April 4th, 2014 --
On this week's show we're taking a look at the Target/Trustwave suit. A couple of banks were suing Target and its alleged security auditor Trustwave over the massive credit card data breach last year. That suit has been withdrawn, possibly temporarily, and another has been filed on behalf of some other banks. We speak with former New York assistant DA and infosec law specialist Dave Stampley about these types of suits. Do they have legs? This week we welcome a new sponsor -- Rapid7.
Friends don't let friends run XP...
April 4th, 2014 --
Here are links to the news stories discussed in episode 316 of the Risky Business podcast.
And the G20 is coming to Brisbane! RUUUUN!!!
March 28th, 2014 --
This week's feature interview is with nmap creator Gordon Lyon, who's probably better known by his handle: Fyodor. Last week we brought you the news that the Full Disclosure mailing list was shuttered following legal threats from someone describing themselves as a security researcher. Fyodor runs the seclists.org mailing list archive and he's decided to bring FD back from the dead. I got him on the line and asked him why.
Target and Trustwave to be hauled before courts...
March 28th, 2014 --
Not a huge volume of news this week, but certainly some big stories. Obama plans to wind back the NS's metadata collection program and Target is being hauled before the courts alongside its security provider TrustWave.
PLUS Moar PowerShell and Tarjei Mandt on iOS PRNG weaknesses...
March 21st, 2014 --
On this week's show we're taking a look at some absolutely awesome research by Azimuth Security's Tarjei Mandt on the pseudo random number generators used by iOS 6 and 7. Tarjei has figured out a way to blow away iOS's memory mitigations with some very cool tricks.
You know they're making a Brian Krebs movie, right?
March 21st, 2014 --
Some crazy news this week. Full Disclosure has shut down, Sony is apparently going to make a movie about Brian Krebs, Symantec gives another CEO the ass and more!
Why use pwdump when you can just ask 'doze nicely?
March 14th, 2014 --
On this week's show we have a look at PowerShell, the Microsoft sorta scripting language admin thingy. As it turns out, PowerShell can be an attacker's best friend when it comes to lateral movement through a network. We'll chat with Kieran Jacobson about that in this week's feature interview. He did a cracker presentation at CrikeyCon where he demo'd owning a domain controller and dumping all its creds with something like five lines of PowerShell. I mean, there are caveats there, but wow... the demotime was food for thought.