Influx of VMs could mean an influx of network equipment bugs...
November 7th, 2014 --
On this week's show we're chatting with Alec Stuart Muirk about some of his research into Cisco appliance security. That interview is not so much a blow by blow of the bugs he found, which were pretty devastating by the way, but more about how accessibility is a major hurdle when researching various bits of kit. As you'll hear, many security vendors are starting to release their kit as VMs, which means researchers will be more likely to poke at them. Does that mean more boneheaded bugs like the stuff he found? Well, probably.
Links to news, presentation slides and gigs!
November 7th, 2014 --
Links to all items discussed in episode 344 of the Risky Business podcast.
PLUS: Did you know bug bounties are considered adequate testing in PCI audits?
October 30th, 2014 --
HD Moore is filling in for Adam Boileau in the news seat this week. In the news segment we chat about Facebook's OSquery tool, chip and pin relay attacks, Russian and Chinese haxx and more. You can find links to all the items discussed in this week's show notes.
All the news that's fit to read...
October 30th, 2014 --
Links to items discussed in episode 343 of the Risky Business podcast.
Two feature interviews in this week's show!
October 24th, 2014 --
Despite some technical challenges we have a great show for you all this week. We'll be chatting with Mike Ryan of iSec Partners and his pal, independent hardware hacker Joe Fitzpatrick, all about the NSA Playset! It's a hobbyist project that aims to recreate all the awesome tools in the leaked NSA ANT catalogue. Such fun! We'll also be hearing a tale of cloud woe from the trenches of enterprise IT. A friend of the show had his entire global email infrastructure pulled offline by Symantec with what he says was inadequate warning. And he might just have a point there. Have a listen to the interview and make your own mind up.
Palo Alto... Oh the mirth... the MIRTH...
October 24th, 2014 --
Links to items discussed in this week's edition of the Risky Business podcast.
Oh, and the other stuff no one is talking about that could get absolutely everything owned...
October 16th, 2014 --
In this week's show we're chatting with Matt Solnik of Accuvant Labs about his stellar presentation at Breakpoint last week. In this interview he describes how he can leverage crappy carrier management client software into full remote compromise attacks against most smartphones, including fully patched iOS8 and Android. It's savage stuff and if you work in telcoland you'd be nuts to miss it.
Click through to see ThreatPost's awesome infosec clipart...
October 16th, 2014 --
Show notes for episode 341 of the Risky Business podcast.
The Breakpoint edition...
October 9th, 2014 --
This week's show was recorded on site at the Ruxcon Breakpoint conference in Melbourne. There have been a handful of absolute jaw-droppers among the presentations here, including a demo showcasing remote code exec against *most* mobile devices, including fully patched iOS8.
All the news that's fit to sigh over...
October 9th, 2014 --
Links to items discussed in episode 340 of the Risky Business podcast.
PLUS news with Adam, and Rahul Kashyap on malvertising...
October 3rd, 2014 --
On this week's show we're chatting with Neel Mehta, a security researcher with Google. Neel is best known for finding the Heartbleed bug, and he joins us this week to talk about Heartbleed, ShellShock, the security of SSL stacks and where he expects vuln research to go in the future. Funnily enough this is Neel's first interview about Heartbleed, so I guess we can call this a scoop!
Heartsweat? Shellsurprise?
October 3rd, 2014 --
Links to items discussed in episode 339 of the Risky Business podcast.
All your things are belong to everyone...
September 26th, 2014 --
In addition to covering the end of the world, this week's Risky Business features Don Bailey of Lab Mouse Security on his excellent IoT blog post, written largely in response to a Daily Dave post by Dave Aitel on so-called "junk hacking".
Repent! Repent! Bashtacular ownage!! Repent!
September 26th, 2014 --
Links to items discussed in episode 338 of the Risky Business podcast.
All your chats R belong to no one...
September 19th, 2014 --
In this week's show we chat with The Grugq about the latest announcement and we'll also meet the creator of the Ricochet anonymous messenger software, John Brooks.
September 19th, 2014 --
Links to items discussed in episode 337 of the Risky Business podcast.
Hack the planeeeeeeet!!
September 18th, 2014 --
With running a great piece about's latest announcement, I thought it would be a good idea to throw together a post that talks a bit about the motivations behind the project and what its roadmap actually looks like.
Haroon Meer sorts the wheat from the chaff...
September 12th, 2014 --
On this week's show we've got a great interview with Haroon Meer of Thinkst. Thinkst has a paid service that analysis the output of security conferences and puts together reports. Now, some of you might wonder why such a service would be needed, so let's put things in perspective: there were 2,700 conference presentations in the second quarter of this year at 116 events over 140 conference days. Yikes!
Grab all your links here...
September 12th, 2014 --
Links to items discussed in episode 336 of the Risky Business podcast.
Democracy in NZ takes a strange turn to the cybarz...
September 5th, 2014 --
I'm back from a two week holiday in beautiful Indonesia, so we'll be spending most of this show catching up on what I missed while I was away! So there's plenty of news to talk about with Adam Boileau, and also a chat about some very interesting politicking going on in New Zealand.