From the ground at Breakpoint!
October 20th, 2012 --
Here's this week's show notes. Lots of fun, lots of fail. I forgot to record this week's outro, so I should point out that this week's feature track is by the Cactus Channel. See the last link!
Mass murder, Windows exploits, hacking Apple and owning spy agencies…
October 17th, 2012 --
The inaugural Ruxcon Breakpoint security conference has kicked off with a bang in Melbourne. This morning's first presentation was a talk by Roelof Temmingh, the creator of Maltego. The Maltego software, for those who don't know it, is essentially a data analysis and reconnaissance tool with some pretty powerful features.
Crims could send 830 volts straight to your heart...
October 17th, 2012 --
Pacemakers and implanted defibrillators are vulnerable to wireless attacks that could kill tens of thousands, says the security researcher best known for "jackpotting" an ATM on stage at the BlackHat security conference in Las Vegas in 2010. The researcher in question, Barnaby Jack, today told the Ruxcon Breakpoint security conference in Melbourne, Australia that “the most obvious scenario would be a targeted attack against a high profile individual.” Jack also warned of a worst-case scenario “worm with the ability to commit mass murder".
How gaps in your authentication procedures will be exploited...
October 11th, 2012 --
On this week's show we're chatting with Kevin Mitnick! Arguably the world's best known hacker, Kevin used to be a very naughty boy, and that saw him sent to prison a few times... but since his most recent release over 12 years ago he's established himself as a security consultant, author and globetrotting public speaker. We're chatting to him about the fundamentals of identity verification. How can you be sure that person on the phone requesting a password reset really is your customer? Can you rely solely on static identity information in this day and age?
Links to news and more!
October 11th, 2012 --
Here is a list of news stories discussed in episode 258 of the Risky Business podcast.
The kernel is the new battleground, says ReactOS and iOS co-author Alex Ionescu
October 10th, 2012 --
Windows 8 will make hackers' lives hard, says Windows internals expert, security researcher and co-author of the open source Windows XP clone ReactOS Alex Ionescu. Now chief architect at CrowdStrke, a security company focused on nation-state adversaries, Ionescu says Windows 8 builds on the usermode exploit mitigations introduced into Windows Vista and 7 with new approaches to security that attempt to mitigate kernel mode attacks.
Windows internals expert Alex Ionescu talks Win8 security features...
October 5th, 2012 --
On this week's show we're taking a look at Windows 8 with Alex Ionescu. Alex works for Crowdstrike, he's a genuine expert in Windows internals and he says exploit writing and persistence when it comes to owning windows boxes is about to get a whole lot harder. That's after the news.
Links to news, training rego, music and more!
October 5th, 2012 --
This week's feature guest Alex Ionescu is a smart cookie indeed. Scroll to the links below to find a link to a synopsis of his Ruxcon Breakpoint talk.
An endless ticket to ride?
September 27th, 2012 --
On this week's show we're taking a look at public transport ticketing security. Some clever fellows from the US of A have figured out how to reset their RFID tickets with a nifty little app for NFC-enabled smartphones. All this due to some positively boneheaded mistakes made during the initial rollout of some ticketing systems. That interview is with Corey Benninger of Intrepidus Group.
News, music and more!
September 27th, 2012 --
These show notes include links to a few stories that didn't make it to the final edit of the show. Also included is Corey Benninger's slide deck from EU Sec West, and a video demo.
Bumper news session plus a look at autoupdaters in the enterprise...
September 21st, 2012 --
This week's show is a shorter one than usual -- we've just got the news segment with Adam and a sponsor interview. This week's show is sponsored by our benevolent overlords at Adobe! Big thanks to them. And we've got a fascinating chat in this week's show with Adobe's Steve Gotwalls about auto updaters. How have they been architected? What do the update mechanisms look like? Are the update packages served via https or http? Can you cache them at your border? Should enterprise networks swallow updates without doing independent QA?
Lots of interesting linkage here!
September 21st, 2012 --
Here's a list of the week's news items as discussed in the show, plus a few that didn't make the final cut. We've also got a link to Saskwatch's (featured track) page, go check out a show, and a link to the Ruxcon Breakpoint website. Breakpoint is a great new conference kicking off in Melbourne in October. Mention "Risky Business Apple TV" when you register and the Ruxcon Breakpoint team will send you a shiny new Apple TV! It's limited to the next five people to register, so get in quick!
A new take on quality control for penetration testers...
September 14th, 2012 --
This week's feature interview is with Wayne Ronaldson. Wayne's a security consultant with a company here called CQR, but he's cobbled together a fascinating little side project called Exploitable Labs.
Linkage! Get your linkage here!
September 14th, 2012 --
Here's a list of the news items discussed in Risky Business episode 254.
Network infoleaks for the win...
September 6th, 2012 --
On this week's show we're taking a look at the new release of the data mining and network footprinting tool Maltego. it's called Radium and the focus is very much on automation. One click network footprinting for the win! Maltego creator Roelof Temmingh will be along in this week's feature interview to walk us through the new features. There's some interesting stuff in that interview about network information leaks. All your internal IP ranges R belong to Roelof!
News, music and more!
September 6th, 2012 --
Get your links! I've pasted all the news items discussed in this week's show below. I've also thrown in a link to Paterva's Maltego page and a YouTube clip of this week's feature track. Same song, different version, still good. I've also linked to our sponsor's website because hey, they deserve the kudos and the SEO juice. :) Apple: We didn't pass iPhone, iPad device IDs to FBI | ZDNet http://www.zdnet.com/apple-we-didnt-pass-iphone-ipad-device-ids-to-fbi-7...
HD Moore chimes in with his view on the Aramco incident...
August 31st, 2012 --
On this week's show we're talking to Rapid7's HD Moore about recent attacks against the Saudi Aramco oil company that saw 30,000 of 40,000 machines rendered inoperable for around 10 days. It's the single most destructive attack I've ever heard of. This week's show is brought to you by Insomnia Security. You might know this week's sponsor guest -- it's out news buddy Adam Boileau, aka Metlstorm.
Linkage!
August 31st, 2012 --
Here's a list of this week's news items... Oracle reportedly knew of critical Java bugs under attack for 4 months | Ars Technica http://arstechnica.com/security/2012/08/critical-java-bugs-reported-4-mo... Second accused LulzSec hacker arrested in Sony breach | Security & Privacy - CNET News http://news.cnet.com/8301-1009_3-57502233-83/second-accused-lulzsec-hack... Researchers Hack Brainwaves to Reveal PINs, Other Personal Data | Threat Level | Wired.com http://www.wired.com/threatlevel/2012/08/brainwave-hacking/
Snare's been up to his sneaky tricks again...
August 23rd, 2012 --
In this week's feature interview we're getting an update on some research we looked at last year. Loukas of Assurance.com.au in Melbourne had been playing around with some "evil maid" EFI hacks on Macs, but he's done some more work on them and presented his findings at BlackHat in July. He joins the show to discuss his latest EFI work. See this week's show notes for links to his slide deck and paper, as well as links to this week's news.
Links! PDFs! Papers!
August 23rd, 2012 --
Here are the news items discussed at the top of episode 251 of the Risky Business podcast. I've also included some items that didn't make the final cut that you may find interesting anyway. Google to Hold Pwnium 2 Contest, Offers $2M in Rewards | threatpost http://threatpost.com/en_us/blogs/google-hold-pwnium-2-contest-offers-2m... Google Building Privacy Red Team | threatpost http://threatpost.com/en_us/blogs/google-building-privacy-red-team-082212 Assange Calls on U.S. to End 'Witchhunt' Against WikiLeaks | Threat Level | Wired.com