Links to news and more!
October 11th, 2012 --
Here is a list of news stories discussed in episode 258 of the Risky Business podcast.
The kernel is the new battleground, says ReactOS and iOS co-author Alex Ionescu
October 10th, 2012 --
Windows 8 will make hackers' lives hard, says Windows internals expert, security researcher and co-author of the open source Windows XP clone ReactOS Alex Ionescu. Now chief architect at CrowdStrke, a security company focused on nation-state adversaries, Ionescu says Windows 8 builds on the usermode exploit mitigations introduced into Windows Vista and 7 with new approaches to security that attempt to mitigate kernel mode attacks.
Windows internals expert Alex Ionescu talks Win8 security features...
October 5th, 2012 --
On this week's show we're taking a look at Windows 8 with Alex Ionescu. Alex works for Crowdstrike, he's a genuine expert in Windows internals and he says exploit writing and persistence when it comes to owning windows boxes is about to get a whole lot harder. That's after the news.
Links to news, training rego, music and more!
October 5th, 2012 --
This week's feature guest Alex Ionescu is a smart cookie indeed. Scroll to the links below to find a link to a synopsis of his Ruxcon Breakpoint talk.
An endless ticket to ride?
September 27th, 2012 --
On this week's show we're taking a look at public transport ticketing security. Some clever fellows from the US of A have figured out how to reset their RFID tickets with a nifty little app for NFC-enabled smartphones. All this due to some positively boneheaded mistakes made during the initial rollout of some ticketing systems. That interview is with Corey Benninger of Intrepidus Group.
News, music and more!
September 27th, 2012 --
These show notes include links to a few stories that didn't make it to the final edit of the show. Also included is Corey Benninger's slide deck from EU Sec West, and a video demo.
Bumper news session plus a look at autoupdaters in the enterprise...
September 21st, 2012 --
This week's show is a shorter one than usual -- we've just got the news segment with Adam and a sponsor interview. This week's show is sponsored by our benevolent overlords at Adobe! Big thanks to them. And we've got a fascinating chat in this week's show with Adobe's Steve Gotwalls about auto updaters. How have they been architected? What do the update mechanisms look like? Are the update packages served via https or http? Can you cache them at your border? Should enterprise networks swallow updates without doing independent QA?
Lots of interesting linkage here!
September 21st, 2012 --
Here's a list of the week's news items as discussed in the show, plus a few that didn't make the final cut. We've also got a link to Saskwatch's (featured track) page, go check out a show, and a link to the Ruxcon Breakpoint website. Breakpoint is a great new conference kicking off in Melbourne in October. Mention "Risky Business Apple TV" when you register and the Ruxcon Breakpoint team will send you a shiny new Apple TV! It's limited to the next five people to register, so get in quick!
A new take on quality control for penetration testers...
September 14th, 2012 --
This week's feature interview is with Wayne Ronaldson. Wayne's a security consultant with a company here called CQR, but he's cobbled together a fascinating little side project called Exploitable Labs.
Linkage! Get your linkage here!
September 14th, 2012 --
Here's a list of the news items discussed in Risky Business episode 254.
Network infoleaks for the win...
September 6th, 2012 --
On this week's show we're taking a look at the new release of the data mining and network footprinting tool Maltego. it's called Radium and the focus is very much on automation. One click network footprinting for the win! Maltego creator Roelof Temmingh will be along in this week's feature interview to walk us through the new features. There's some interesting stuff in that interview about network information leaks. All your internal IP ranges R belong to Roelof!
News, music and more!
September 6th, 2012 --
Get your links! I've pasted all the news items discussed in this week's show below. I've also thrown in a link to Paterva's Maltego page and a YouTube clip of this week's feature track. Same song, different version, still good. I've also linked to our sponsor's website because hey, they deserve the kudos and the SEO juice. :) Apple: We didn't pass iPhone, iPad device IDs to FBI | ZDNet http://www.zdnet.com/apple-we-didnt-pass-iphone-ipad-device-ids-to-fbi-7...
HD Moore chimes in with his view on the Aramco incident...
August 31st, 2012 --
On this week's show we're talking to Rapid7's HD Moore about recent attacks against the Saudi Aramco oil company that saw 30,000 of 40,000 machines rendered inoperable for around 10 days. It's the single most destructive attack I've ever heard of. This week's show is brought to you by Insomnia Security. You might know this week's sponsor guest -- it's out news buddy Adam Boileau, aka Metlstorm.
Linkage!
August 31st, 2012 --
Here's a list of this week's news items... Oracle reportedly knew of critical Java bugs under attack for 4 months | Ars Technica http://arstechnica.com/security/2012/08/critical-java-bugs-reported-4-mo... Second accused LulzSec hacker arrested in Sony breach | Security & Privacy - CNET News http://news.cnet.com/8301-1009_3-57502233-83/second-accused-lulzsec-hack... Researchers Hack Brainwaves to Reveal PINs, Other Personal Data | Threat Level | Wired.com http://www.wired.com/threatlevel/2012/08/brainwave-hacking/
Snare's been up to his sneaky tricks again...
August 23rd, 2012 --
In this week's feature interview we're getting an update on some research we looked at last year. Loukas of Assurance.com.au in Melbourne had been playing around with some "evil maid" EFI hacks on Macs, but he's done some more work on them and presented his findings at BlackHat in July. He joins the show to discuss his latest EFI work. See this week's show notes for links to his slide deck and paper, as well as links to this week's news.
Links! PDFs! Papers!
August 23rd, 2012 --
Here are the news items discussed at the top of episode 251 of the Risky Business podcast. I've also included some items that didn't make the final cut that you may find interesting anyway. Google to Hold Pwnium 2 Contest, Offers $2M in Rewards | threatpost http://threatpost.com/en_us/blogs/google-hold-pwnium-2-contest-offers-2m... Google Building Privacy Red Team | threatpost http://threatpost.com/en_us/blogs/google-building-privacy-red-team-082212 Assange Calls on U.S. to End 'Witchhunt' Against WikiLeaks | Threat Level | Wired.com
Getting nostalgic with Huawei stack-based overflows...
August 14th, 2012 --
On this week's show we chat with Recurity Labs' Felix "FX" Lindner and Greg Kopf in the feature segment. These guys recently shredded some Huawei equipment. They owned it hard and turned it into a DEFCON talk [pdf]. They'll be along a bit later on to tell us why hacking away at Huawei kit made them feel nostalgic.
Click through for some quality linkage...
August 14th, 2012 --
Felix and Greg's Huawei slidedeck can be found here: http://phenoelit.org/stuff/Huawei_DEFCON_XX.pdf THIS WEEK'S NEWS ITEMS: Stratfor emails reveal secret, widespread TrapWire surveillance system — RT http://rt.com/usa/news/stratfor-trapwire-abraxas-wikileaks-313/ Is TrapWire surveillance really spying on Americans? - Technolog on NBCNews.com http://www.technolog.msnbc.msn.com/technology/technolog/trapwire-surveil... New Gauss Malware, Descended From Flame and Stuxnet, Found On Thousands of PCs in Middle East | threatpost
Microsoft's Katie Moussouris reflects...
August 3rd, 2012 --
On this week's show we chat with Microsoft's Katie Moussouris about the company's BlueHat prize. How successful was the prize, and did it get Microsoft value for money in terms of quality entries? Katie took some time out from her maternity leave to join the show. This week's show is brought to you by Tenable Network Security. In this week's sponsor interview with Tenable founder and CEO Ron Gula we get a bit philosophical. Has it become culturally acceptable in the business world to get owned?
Click through for newsy goodness!
August 3rd, 2012 --
The following is a list of news stories discussed by Patrick Gray and Adam Boileau in this week's edition of the Risky Business podcast. Get the podcast here. Expert: Huawei routers are riddled with vulnerabilities | Security & Privacy - CNET News http://news.cnet.com/8301-1009_3-57482813-83/expert-huawei-routers-are-r... Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ Full Disclosure: nvidia linux binary driver priv escalation exploit