Using Dr. Watson to uncover failed exploitation attempts...
November 30th, 2012 --
On this week's show were chatting with Rex Warren of Leviathan Security in the United States. Leviathan has been working with DARPA on an interesting new system that can reliably detect failed 0day exploitation attempts against hosts. Basically these guys are just grabbing Dr. Watson crash dumps at the gateway, but where it gets interesting is when we look at what they do with those crash dumps. Emulation FTW.
Links to this week's news stories!
November 30th, 2012 --
Here are links to all news articles discussed in episode 265 of Risky Business!
PLUS: How your iPad kicks your mainframe's ass...
November 23rd, 2012 --
On this week's show I'll being playing an excerpt from a panel discussion that took place at Kiwicon -- the session was called Three Guys with Ponytails Talk Security. The three guys are PGP Corporation co-founder Jon Callas, nCipher co-founder Nicko van Someren and the University of Auckland's Peter Gutmann.
Can't get enough can't get enough no, can't get enough...
November 23rd, 2012 --
Lots of fun news this week, plus a link to John McAfee's blog and some great old Kiwi music. Sweet as, cuz.
AFP Assistant Commissioner Neil Gaughan joins the show...
November 15th, 2012 --
In this week's feature interview we're chatting with the Assistant Commissioner of the Australian Federal Police, Neil Gaughan. He's the national manager of High Tech Crime Operations and he's joining us to discuss the ongoing national security review. As a part of that review the government is introducing laws that will force ISPs and other Carriage Service Providers (CSPs) to store information on Australian citizens for two years. It sounds scary, but as you'll hear the data covered by the proposed new law is actually pretty mundane stuff like DHCP and SIP logs.
John McAfee's bath salt shelving instructions not included...
November 15th, 2012 --
This week's show notes are chock-a-block! We've got the official, AFP/ASIO/AG definition of communications data, we've got music, we've got sponsored whitepapers! Go bonkers! Go nuts!
Peter Gutmann discusses a particularly sophisticated attack...
November 8th, 2012 --
On this week's show we're chatting with renowned megabrain Peter Gutmann about a paper on side channel attacks against crypto keys in virtualised environments. It's really complicated stuff, but very, very interesting. Peter didn't do this research or write the paper, but I always like getting his take on this stuff because... well... he's really smart and he doesn't overhype stuff. That's after the news. This week's show is brought to you by a new sponsor! NCC Group! Yay!
Extra news items this week!
November 8th, 2012 --
Here are this week's show notes. Normally we just include links to stuff we spoke about, but I wound up cutting a few of these items out of the audio during the edit... But I included them here anyway!
GPS receiver bugs have some unexpected consequences...
November 2nd, 2012 --
We've got a great feature interview in this week's show with a computer science undergrad in the US who worked on a paper dealing with GPS security. You'll find out how you can melt down power lines with GPS haxx! Fun for the whole family! This week's show is sponsored by Tenable Network Security. We'll be having Tenable product manager Jack Daniel on the line to talk about the death of periodical vulnerbility scanning. Apparently continuous scanning is all the rage these days!
You'll find the GPS software security paper here...
November 2nd, 2012 --
Here are this week's show notes; links to our news items, the paper discussed in the news segment and, of course, a link to our featured artist!
Travis Goodspeed on his new gizmo...
October 31st, 2012 --
This podcast is an interview I did at the Breakpoint security conference with security researcher Travis Goodspeed. He's come up with a hardware device called FaceDancer that allows him to capture USB device firmware by emulating the devices. What can you do with that? Well, you can start messing with those devices, loading up custom firmware, and even use modified USB devices to attack hosts.
Low level pwnage for the win!
October 31st, 2012 --
This podcast is an interview with Eric "Musclenerd" McDonald. Eric is a renowned iPhone jailbreaker and as such has a very detailed understanding of smartphone platforms. His talk at Ruxcon Breakpoint was all about the security of baseband chipsets. If you follow this stuff you might know that the baseband chipsets in these smartphones -- which handle all the basic communications functions of the phones -- are actually quite sophisticated. And where there's sophistication, there are potential problems.
Mixed bag this week...
October 26th, 2012 --
This week's show is brought to you by our benevolent overlords at Adobe! And this week's sponsor interview is a must listen. Adobe's director of product security and privacy Brad Arkin joins us to discuss the breach at Adobe HQ that lead to malicious binaries being signed as valid by their code signing boxes.
Links to news, feature topics and more!
October 26th, 2012 --
I've included links to all news items plus the three feature topics covered off with Paul Ducklin. Enjoy!
New research a real heartstopper...
October 25th, 2012 --
This podcast is an interview I did with Barnaby Jack, a security researcher with IOActive. Barnes is probably best known for his work on ATM security. He famously "jackpotted" an ATM live on stage at BlackHat in 2010, but if he were to do a live demo of his latest research he'd probably wind up in prison.
Why realtime prevention is fantasy...
October 25th, 2012 --
All our coverage of the Breakpoint security conference was made possible by our sponsor PacketLoop. PacketLoop is a new Australian business that applies big data analysis techniques to your packet captures... you can visualise your captures, drill down into them, and even spot successful 0day attacks against your organisation after the event -- that's a simple trick, that one, they just loop your packet captures through IPSs after the fact... when they get signature updates, they loop them through again. Hence the name, PacketLoop.
New exploit mitigations in Android look pretty good...
October 25th, 2012 --
This podcast is an interview I did with Accuvant's Joshua Drake, aka jduck. His Breakpoint presentation was on the topic of Android security. As regular listeners of the Risky Business podcast would know, we're pretty much convinced Android was rushed to market -- it was insecure, immature, way too open and a big, glaring risk to its users. Combine that with the inherent problems with the Android ecosystem and you had a recipe for disaster.
From location at the Ruxcon Breakpoint conference in Melbourne…
October 20th, 2012 --
This week's show is being produced entirely on the ground at the Ruxcon Breakpoint security conference in my old home town of Melbourne Australia! And it's a shorter show than usual because I'm pretty busy down here producing a bunch of podcasts as a part of some joint coverage I'm doing for both Risky.Biz and The Register. If you want to check out some audio and blog posts from Breakpoint, head to http://risky.biz/breakpoint.
From the ground at Breakpoint!
October 20th, 2012 --
Here's this week's show notes. Lots of fun, lots of fail. I forgot to record this week's outro, so I should point out that this week's feature track is by the Cactus Channel. See the last link!
Mass murder, Windows exploits, hacking Apple and owning spy agencies…
October 17th, 2012 --
The inaugural Ruxcon Breakpoint security conference has kicked off with a bang in Melbourne. This morning's first presentation was a talk by Roelof Temmingh, the creator of Maltego. The Maltego software, for those who don't know it, is essentially a data analysis and reconnaissance tool with some pretty powerful features.