Chaos, mayhem, business as usual...
October 2nd, 2015 --
Links to items discussed in episode 385 of the Risky Business information security podcast.
PLUS ContextIS consultant David Klein drops some comedy bugs in cloud services...
September 24th, 2015 --
We've got a great show for you this week. Mark Dowd drops by to talk about the recent spate of Trojaned iOS apps that made it into Apple's China App Store. We also talk to him about his awesome AirDrop bug. How did it work? This week's sponsor segment is actually a real cracker. Context IS consultant David Klein tells us how he owned an entire cloud platform by enumerating some shitty 90s-style bugs in some third party libraries they were using. It's comedy gold. This cloud platform that uses security at a selling point. It's bad.
Don't forget to reset your fingerprints... oh, wait...
September 24th, 2015 --
Links to items discussed in episode 384 of the Risky Business infosec podcast.
PLUS: The time to move to quantum-resistant crypto is NOW!
September 17th, 2015 --
On this week's show we take a look at what the hell it happening in Germany, where FireEye sought and obtained an ex parte injunction against a bunch of security researchers over a presentation they were about to do at 44Con. We speak with infosec lawyer Alex Urbelis -- he was at 44Con when all this came to light and he shares his insights.
Stagefright having a bad week...
September 17th, 2015 --
Links to items discussed in episode 383 of the Risky Business infosec podcast.
PLUS all the news you can handle...
September 10th, 2015 --
On this week's show we're checking in with Charlie Miller. We chat car hacking and we also (kind of) find out what he's up to now he's working at Uber. This week's show is brought to you by HackLabs, an Australian security consultancy. They're a key sponsor of Australia's Cyber Security Challenge, which is basically a CTF for Australian CS students. What makes this one a bit different is it's being run by the Prime Minister's Office, which is, yeah, unexpected. Chris joins us later to discuss the challenge, that's this week's sponsor interview.
Madness, pwnage and carnage...
September 10th, 2015 --
Links to items discussed in episode 382 of the Risky Business infosec podcast...
And other cheery news...
September 7th, 2015 --
Hey everyone and welcome to Serious Business number 5! This is the podcast I do about non infosec related topics. It's less of a professional information security digest and more of an excuse for me to blab with my cohost, comedian Dan Ilic, about serious stuff every few weeks. WARNING: Contains a fair bit of discussion about Australian politics. You may be permanently scarred after listening.
Hard to imagine this dude as a wildman of the Internet, but there you go...
September 3rd, 2015 --
On this week's show we're chatting with hacker superstar and YouTube phenomenon Samy Kamkar. Samy is a security researcher of note -- his recent hardware hacks have been coming thick and fast. This week I spoke to him about his brush with the law following his unleashing of the Samy worm on MySpace a decade ago, some of his recent research and his plans for the future.
More AshMad fallout, threats of sanctions (again), car hacking (again) etc...
September 3rd, 2015 --
Links to items discussed in episode 381 of the Risky Business infosec podcast.
PLUS all your regular news...
August 27th, 2015 --
On this week's show we look at the fallout from the Ashley Madison attack. Did Brian Krebs just dox the Impact Team ringleader? Is he Australian? Adam Boileau and I talk about all the AshMad fallout and other infosec news.
There's news that doesn't involve AshMad, I swear!
August 27th, 2015 --
Links to items discussed in episode 380 of the Risky Business information security podcast.
This week's show features surprise guest: Cold and flu!
August 20th, 2015 --
In this week's podcast we check in with Troy Hunt from HaveIBeenPwned.com. Troy has done the responsible thing in adding the Ashley Madison dataset to his service -- you can only search for email addresses in the dump after you've verified that you control them. We'll talk to him about why he did that.
So how about that data breach no one is talking about?
August 20th, 2015 --
Links to items discussed in episode 379 of the Risky Business infosec podcast.
The plans. They change.
August 19th, 2015 --
Hey to all you Patreon people! First up, a big thanks to you for helping out the show. It's been really heartening to see so many of you value Risky Business enough to put your hands in your pockets and make a contribution. The original idea behind the Patreon campaign was that if I hit the target I could take that money and throw it at an industrial unit here in Byron Bay and turn it into a proper studio. After 11.5 years working from home full time, I've been feeling a bit cooped up.
PLUS: "Islamic State publishes hacked kill list"
August 13th, 2015 --
On this week's show we're chatting with Mark Dowd and Brian Krebs about Oracle CSO Mary Ann Davidson's somewhat odd blog post from earlier this week. In the post she laid into security researchers for violating Oracle's EULA when reverse engineering their products. The post got pulled, much drama, we sift through the ashes of that. Plus we chat to Brian about the daring $46.7m online heist against Ubiquiti Networks.
Islamic State cyber hackers are coming to eat your face off...
August 13th, 2015 --
Links to items discussed in episode 378 of the Risky Business security podcast.
You're drunk, Wassenaar. Go home.
August 6th, 2015 --
On this week's show we discuss the BIS decision to ditch its car-a-zay plans for Wassenaar regulation, the latest car hacking news and more. We also check in with Trey Ford in this week's feature slot. Trey was the General Manager of the BlackHat conference, these days he works at Rapid7, and he joins us to talk about the vibe in Vegas at this year's conference.
Everything is under control...
August 6th, 2015 --
Links to items discussed in episode 377 of the Risky Business infosec podcast.
Are 950m devices really at risk? Joshua Drake talks Stagefright bugs...
July 30th, 2015 --
This week we're checking in with Josh Drake of Zimperium. With exploitation of Stagefright via Josh's sweet, sweet exploit you'd think the mother of all worms is coming. Well, probably not. Later versions of Android are tricky to exploit, and the diversity of hardware in earlier versions means coming up with one exploit to rule them all isn't really feasible. We'll drill down into that with Josh in a little while.