News for the Easter weekend...
April 17th, 2014 --
Links to items discussed in this week's edition of Risky Business!
...and XP is dead. Long live XP...
April 11th, 2014 --
This week's feature guest is the man with the Midas touch -- former McAfee president and current FireEye CEO Dave DeWalt. This is the guy who sold McAfee to Intel for $7.8 billion dollars, so I chat to him about a whole bunch of topics, from his thoughts on how Intel has handled that deal, through to Snowden, to the security business overall. It's a great chat with one of the most interesting executives in this whole industry.
Be still my (bleeding) heart...
April 11th, 2014 --
It seems the infosec media was mostly concerned with Heartbleed stories this week! Here are links to what made it into the show, and a few things that got cut out. Don't forget to order your 7 inch vinyl recording of this week's feature track! Link down below.
Special guest, former assistant NY District Attorney Dave Stampley...
April 4th, 2014 --
On this week's show we're taking a look at the Target/Trustwave suit. A couple of banks were suing Target and its alleged security auditor Trustwave over the massive credit card data breach last year. That suit has been withdrawn, possibly temporarily, and another has been filed on behalf of some other banks. We speak with former New York assistant DA and infosec law specialist Dave Stampley about these types of suits. Do they have legs? This week we welcome a new sponsor -- Rapid7.
Friends don't let friends run XP...
April 4th, 2014 --
Here are links to the news stories discussed in episode 316 of the Risky Business podcast.
And the G20 is coming to Brisbane! RUUUUN!!!
March 28th, 2014 --
This week's feature interview is with nmap creator Gordon Lyon, who's probably better known by his handle: Fyodor. Last week we brought you the news that the Full Disclosure mailing list was shuttered following legal threats from someone describing themselves as a security researcher. Fyodor runs the seclists.org mailing list archive and he's decided to bring FD back from the dead. I got him on the line and asked him why.
Target and Trustwave to be hauled before courts...
March 28th, 2014 --
Not a huge volume of news this week, but certainly some big stories. Obama plans to wind back the NS's metadata collection program and Target is being hauled before the courts alongside its security provider TrustWave.
PLUS Moar PowerShell and Tarjei Mandt on iOS PRNG weaknesses...
March 21st, 2014 --
On this week's show we're taking a look at some absolutely awesome research by Azimuth Security's Tarjei Mandt on the pseudo random number generators used by iOS 6 and 7. Tarjei has figured out a way to blow away iOS's memory mitigations with some very cool tricks.
You know they're making a Brian Krebs movie, right?
March 21st, 2014 --
Some crazy news this week. Full Disclosure has shut down, Sony is apparently going to make a movie about Brian Krebs, Symantec gives another CEO the ass and more!
Why use pwdump when you can just ask 'doze nicely?
March 14th, 2014 --
On this week's show we have a look at PowerShell, the Microsoft sorta scripting language admin thingy. As it turns out, PowerShell can be an attacker's best friend when it comes to lateral movement through a network. We'll chat with Kieran Jacobson about that in this week's feature interview. He did a cracker presentation at CrikeyCon where he demo'd owning a domain controller and dumping all its creds with something like five lines of PowerShell. I mean, there are caveats there, but wow... the demotime was food for thought.
All is quiet...
March 14th, 2014 --
Here's a bunch of links to items discussed on episode 313 of the Risky Business podcast!
This week's show is overflowing...
March 7th, 2014 --
It's a solid week for BitCoin news. The (maybe) outing of the elusive Satoshi Nakamoto, the MtGox mystery, dead exchanges and even, unfortunately, a suicide of a former BitCoin exchange CEO in Singapore. But there's been plenty of other news! Apple's gotofail bug, GnuTLS issues, more NTP amplification attacks, and of course YahooWebcamGate. You can find links to the news items discussed in this week's show here.
A bad two weeks for BitCoin...
March 7th, 2014 --
In keeping with tradition, I take a week off and everything goes berserk. MtGox imploded, gotofail, dead BTC exchanges, more NTP mayhem. Here's a list of the stories discussed on this week's show.
A quick chat about a novel idea...
February 20th, 2014 --
This week we chat with a local consultant, Mark Brand of Datacom TSS, about the general topic of authentication. We've seen some interesting cases of things going wrong with auth on consumer sources lately. The @n Twitter username hijacking, the Matt Honan disaster of 2012. Now Google's run off and bought SlickLogin, a novel approach to mobile app auth. Will that get us anywhere? And what about NameCoin -- a BitCoin protocol-derived peer-to-peer authentication scheme? I'd never heard of it, but the concept is fascinating. Mark pops by to fill us in.
BitCoin has DogeCoin. Will NameCoin have NomCoin?
February 20th, 2014 --
Show notes for episode 311 of the Risky Business podcast!
COSEINC's Thomas Lim joins the show...
February 14th, 2014 --
On this week's show we're chatting with COSEINC's Thomas Lim about the Wassenaar Arrangement. It's basically a worldwide framework that restricts the sale of munitions and dual use technologies, and it has exploits in its sites. COSEINC is a security research company that engages in exploit development, and Lim thinks extending regulations to exploit sales is pointless. This week's show is brought to you by BugCrowd, a company that was founded in Australia but is now based in San Francisco thanks to VC investment.
Lots of cool stuff this week!
February 14th, 2014 --
Here are the stories discussed in episode 310 of the Risky Business podcast...
Meterpreter gets some new tricks...
February 7th, 2014 --
We're back after a nice long rest, and boy oh boy did a lot of stuff happen during the break. Adam Boileau joins the show to discuss the choicest selection of news items to emerge over the last six weeks. In this week's feature slot we chat to OJ Reeves about his work in upgrading Meterpreter, the Metasploit payload. There are some cool new features on the way, he'll clue us in on those. This week's show is brought to you by Tenable Network Security.
Lots of links for the first 2014 show!
February 7th, 2014 --
We're back from a long break and catching up on a whole bunch of news. And, umm. Here it is!
So what about that Snowden guy, huh?
December 13th, 2013 --
This is the final Risky Business podcast for 2013. The show will resume its weekly schedule in February 2014. Oh, and there are still three sponsor slots left between now and July. If you're interested, drop us a line with the contact form... This week's show looks back over the key events and trends of 2013; how media focus shifted from focussing on China's cyber-espionage to the scandalous revelations of the Snowden leaks.