PLUS news with Adam and BugCrowd's Casey Ellis in the sponsor chair...
March 10th, 2016 --
On this week's show we're chatting with re/code's senior editor and "enterprise dude" Arik Hesseldahl about the business of infosec. Information security related stocks and shares are tanking on indexes all over the world... why? How can this be happening in a $75bn sector that is tipped to grow into a $175bn sector in the next four years? Arik will join us with the skinny on that. But don't panic, tanking infosec share prices might be a good thing for the discipline. We'll find out why a bit later on. In this week's sponsor interview we chat with BugCrowd CEO Casey Ellis.
Not the craziest week in infosec, but still plenty to talk about...
March 10th, 2016 --
Links to everything discussed in episode 402 of the Risky Business infosec podcast.
YSoSerial makes deserialisation attacks serious...
March 3rd, 2016 --
On this week's show we get into a serious technical discussion about deserialisation attacks with with one of Adam Boileau's colleagues, Brendan Jamieson about the biggest issue in infosec that no one is talking about -- deserialisation vulnerabilities and their exploitation. This attack class is a serious problem in enterprise environments thanks to the release of the YSoSerial tool about a year ago. Pen-testers who are across this bug class are finding issues everywhere they look, and hardly anyone is talking about it. But we do, this week.
Lots of policy news this week!
March 3rd, 2016 --
Links to items discussed in this week's episode of the Risky Business podcast.
Apple and FBI are both silly sausages...
February 25th, 2016 --
On this week's podcast we'll hear from Daniel Hodson of Elttam Security here in Australia. Daniel and his business partner Matt Jones have been looking into the security of messaging software that has recommended by the EFF. Does a bunch of ticks from the EFF actually say much about app security? Well, not really, as it turns out.
Apple, FBI still dominate agenda...
February 25th, 2016 --
A list of security items making the agenda this week.
Oops. This is going to get... tricky...
February 18th, 2016 --
On this week's show we chat with Dan Guido from Trail of Bits about the stoush between Apple and the US department of justice. In this week's sponsor interview we speak with Cris Thomas, a.k.a. Space Rogue. Cris works for Tenable Network Security, this week's sponsor, and he joins us in this week's podcast to talk about NIST's cyber security framework. Adam Boileau joins the show to discuss the week's security news. Links to everything are in this week's show notes.
The glibc bug is this week's other show-stopper...
February 18th, 2016 --
Links to everything discussed in episode 399 of the Risky Business information security podcast.
Bonus lulz courtesy of Cisco...
February 11th, 2016 --
This week's show is one for the CSOs! It's the economics edition, I guess you'd call it. We'll be chatting with Professor Lawrence Gordon, co-creator of the Gordon Loeb model for Cyber Security investment. We speak to him about contemporary infosec budgets and how spending of $500m a year by some financial institutions in the USA is actually sensible.
Lots of malware news this week...
February 11th, 2016 --
Links to items discussed in episode 398 of the Risky Business podcast.
You're a diverse bunch...
February 9th, 2016 --
As many of you would know, last week I posted a listener survey to SurveyMonkey. I dropped the link on Twitter and then mentioned it in the show. I wasn't really expecting much of a response, but after about a week, 500 of you have already spent the time to fill out the questionnaire. Thanks!
PLUS: Java deserialisation attacks are coming to eat your soul...
February 5th, 2016 --
******Here's a link to the Risky Business listener survey. Please take some time to fill it in! It'll really help the show!********
News, analysis and more!
February 5th, 2016 --
Links to everything discussed in episode 397 of the Risky Business podcast. Please do click through here to our listener survey to help me put together some demographics on the audience. ------------ Oracle deprecates the Java browser plugin, prepares for its demise | Ars Technica Good Riddance to Oracle’s Java Plugin — Krebs on Security
PLUS Martijn Grooten, Haroon Meer and Adam Boileau!
January 28th, 2016 --
On this week's show we've got two feature interviews! We're talking to Chris Wysopal from Veracode about using static analysis techniques to find back doors in software. With Juniper, AMX, Fortinet and Cisco all experiencing either maliciously planted or accidental backdoors, this is a hot topic. Chris joins us to talk about how you go about finding this stuff and whether or not vendors are taking this issue seriously enough.
Links! Links! Get your links!
January 28th, 2016 --
Links to everything discussed in episode 396 of the Risky Business security podcast.
We're back!
January 21st, 2016 --
In this week's feature interview Facebook CISO Alex Stamos joins us to discuss a few things. We'll be talking about moves by both browser developers and some CAs to deprecate SHA1 signed certificates. He says we need to support SHA-1 for now and he explains why soon. We're also chatting with him about the Juniper fiasco. We also get his thoughts on NSA surveillance now he's responsible for the security of user information at the world's biggest social media platform.
Headlines covering the last month!
January 21st, 2016 --
Links to items discussed in episode 395 of the Risky Business podcast.
The last episode for 2015! Back in January 2016!
December 16th, 2015 --
On this week's show we're chatting with Johns Hopkins University cryptographer Matthew Green about rumblings emanating out of DC with regard to "stopping encryption", whatever the hell that means. In this week's sponsor interview we're chatting with Oliver Fay from Context about a paper they did in conjunction with UK's CERT about exploit kits. How much do they cost? Are there any that stick out as being particularly good? Or bad, depending on your point of view... Links to everything are in this week's show notes.
Satoshi v3.0, epic bugs, arrests and more!
December 16th, 2015 --
Links to items discussed in episode 394 of the Risky Business podcast.
And other assorted bits and pieces...
December 10th, 2015 --
On this week's show -- in addition to covering the latest claims about the true identity of Satoshi Nakamoto -- we're taking a look at a recent deal between a very large bank in Australia and Sydney's University of New South Wales.