Lots of money going into "cyber"...
May 24th, 2013 --
In this sponsor interview with chat with Casey Ellis, the founder of BugCrowd. BugCrowd is an Australian business, but Casey is currently in the USA where the appetite for information security investment opportunities is apparently hitting fever pitch. In this interview I ask him how one might get started off on the path to massive phatcash through their cybersecurity startup.
A global vulnerability analysis…
May 23rd, 2013 --
The following is a recording of HD Moore's AusCERT plenary, all about the research he's done scanning the entire Internet. HD is one of the smartest guys in the business, and it's a great talk. But you might actually need to slow it down a bit, because I don't think I've ever encountered anyone in my life who can speak as fast as HD does. He sometimes speaks at a pace that is faster than my ability to comprehend what he's saying. But as I say, it's a great talk -- it's called Global Vulnerability Analysis.
In some cases, yes!
May 23rd, 2013 --
In this sponsor interview with chat with Casey Ellis, the founder of BugCrowd. When Casey co-founded the business the idea was simple -- the company would host outsourced bug bounty programs for clients that didn't have the expertise to run their own. As some of you may know, the idea really took off, but what no one expected was for BugCrowd's registered testers to do a better job than many penetration testing teams.
Handy talk for CIOs and CSOs...
May 23rd, 2013 --
The following is a recorded presentation from AusCERT. It's by Al Blake, the Chief Information Officer of the Department of Sustainability, Environment, Water, Population and Communities. In it he talks about BYOD, basically, from an Australian government perspective. It's not an overly technical talk, but it is a good overview of what a CIO like him has to consider when allowing staff to use their own devices in a heavily regulated environment.
How far do decent crypto controls get us?
May 23rd, 2013 --
In this sponsor interview we chat with Paul Ducklin of Sophos about trends in code signing technology designed to combat malware. During the great "SSL wars" of 2011, when hackers like Comodohacker went cyber-berserk owning CAs and minting their own certificates for sites like Gmail and Facebook, valuable lessons were learned. It's becoming the norm for browsers to pin certs for well known websites... and now this same approach to certificate sanity checking is finding its way into code signing checks.
A call to action for infosec pros…
May 23rd, 2013 --
We're kicking off our AusCERT 2013 coverage today with the conference's opening keynote by Michael Jones, Google's chief technology advocate. He's charged with advancing technology to organise the world's information and make it universally accessible and useful. Michael has worked as chief technologist of Google Maps, Earth, was the CTO of Keyhole Corporation, the company that developed the technology behind Google Earth and was also CEO of Intrinsic Graphics, and was director of advanced graphics at Silicon Graphics.
Public satellite imagery yields a wealth of intelligence...
May 17th, 2013 --
This week's feature interview is with Dave Jorm, a Brisbane-based security geek and environmental science aficionado who's done some really interesting OSINT analysis of agricultural efficiency in North Korea with publicly available satellite data. He's presenting his findings at AusCERT's annual conference on the Gold Coast next week; he joins the podcast to talk about his work and the online community of North Korea watchers. Ok, so it's not exactly about infosec, but it's really interesting stuff and I hope you all enjoy it!
Awesome feature track this week. Check it out here!
May 17th, 2013 --
LulzSec guys go to the PMIA, ATM scam dudes gettin' smoked playing dominos... it's what you might call an "action week". You can find episode 281 of the Risky Business podcast here.
Special guests The Grugq, Singe, Charl and Andrew...
May 10th, 2013 --
This week's show was being produced on the road so it's a bit of a different format -- I did a longer than usual news panel session from the conference floor! Our news discussion panel consists of: The Grugq Dominic White, SensePost Charl van der Walt, SensePost Andrew MacPherson, Paterva (Maltego)
Pwnage! Malware! Cats and dogs living together!
May 10th, 2013 --
Lots of news to catch up on this week!
All your herp derps are belong to RPTs...
April 25th, 2013 --
This week's edition of the show is pre-recorded because I'm off surfing in Jeffreys Bay, South Africa. There will be no show next week, but the week after that I'll be bringing you an episode from the ITWeb Security Summit in Johannesburg where I'm speaking. In this week's show we've got a great interview with Wade Baker, the managing principal of Verizon's RISK team, and the topic, of course, is this year's Verizon Data Breach Investigations Report.
Just like the Chewbacca defence, market figures do not make sense...
April 19th, 2013 --
This week's show is jam packed. We'll be hearing from our favourite firmware hacker, sneaky Snare, all about the leak of AMI's UEFI implementation source code and firmware signing key. What will it mean for firmware research?
News links, music, PDFs and more!
April 19th, 2013 --
Here are this week's show notes... Don't forget to grab your free copy of Coast to Coast by PILOTS. It's the Triple J link below.
Plus news, music and more!
April 11th, 2013 --
This week's feature interview is with Mark Dowd of Azimuth Security. Mark joins the show to fill us in on the latest trends in vulnerability research and exploit development. We recap CanSecWest's Pwn2Own competition and look at what 2013 has in store research-wise. Risky.Biz is pleased to welcome a new sponsor to the lineup -- Solera Networks, makers of fine, big data security software.
Free music in this week's notes!
April 11th, 2013 --
Here are this week's show notes, including a link to M Jack Bee's SoundCloud page where you can leech a bunch of good music.
Cough cough...
April 6th, 2013 --
This week's show is another shorter one! I've been sick so I just couldn't pull together a feature interview. But we've got an extra long news segment for you with Adam Boileau. Click through to the show notes to see what we discussed. We've also got a chat with this week's sponsor guest Chris Gatford of the Australian security consulting firm HackLabs.
Links to this week's news stories!
April 5th, 2013 --
Here are links to the news stories discussed in this week's edition of the Risky Business podcast. You can find this week's show here.
What to do with all dem hashes and IPs!
March 28th, 2013 --
This week's show is brought to you by our longest term sponsor, Tenable Network Security, thanks guys. In this week's sponsor interview we chat with the CEO and co-founder of Tenable, industry stalwart Ron Gula. We're chatting to him about a funny idea -- that the release of indicators of compromise might become so regular that they'll have to be handled in regular info sec team workflow. So we'll have Patch Tuesday and "which IPs owned us" Wednesday.
News links, music and more!
March 28th, 2013 --
Here are the links to this week's news items, plus music and more!
Stanford law's Jennifer Granick joins the show...
March 22nd, 2013 --
In this week's feature interview we chat with Jennifer Granick, the Head of Civil Liberties at Stanford University's Centre for Internet and Society. Jennifer has extensive experience with cyberlaw -- she has acted for clients as diverse as Aaron Swartz and HBGary! She's done it all! And she joins the show to talk about a few things -- is active defence ever legal? And what the hell is going on with the Computer Abuse and Fraud Act over there in the USA?