Microsoft's Katie Moussouris reflects...
August 3rd, 2012 --
On this week's show we chat with Microsoft's Katie Moussouris about the company's BlueHat prize. How successful was the prize, and did it get Microsoft value for money in terms of quality entries? Katie took some time out from her maternity leave to join the show. This week's show is brought to you by Tenable Network Security. In this week's sponsor interview with Tenable founder and CEO Ron Gula we get a bit philosophical. Has it become culturally acceptable in the business world to get owned?
Click through for newsy goodness!
August 3rd, 2012 --
The following is a list of news stories discussed by Patrick Gray and Adam Boileau in this week's edition of the Risky Business podcast. Get the podcast here. Expert: Huawei routers are riddled with vulnerabilities | Security & Privacy - CNET News Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate Full Disclosure: nvidia linux binary driver priv escalation exploit
This week's sponsor interview is awesomely creeeepy...
July 26th, 2012 --
I've been busy preparing my debate speech for tomorrow's Splendour in the Grass music festival, so this week's show is a shorter one than usual; there's no feature interview.
Links! Get your news links!
July 26th, 2012 --
Stories discussed in this week's news segment: Australia, Canada 'primary spy targets' Nearly 5 Million People Have Government Security Clearances | Threat Level | AAPT hacked by Anonymous - Security - Technology - News - CRN Australia,aapt-hacked-by-anonymous.aspx
Ex-NSA bigwig Brian Snow joins the show...
July 20th, 2012 --
On this week's show the NSA's former Technical Director of Information Assurance, Brian Snow, joins the program to warn us that recent advancements in quantum computing could invalidate all of our cryptographic systems within 15 years. So we'd better get cracking on finding alternatives!
Get your linkage here...
July 20th, 2012 --
News items discussed in this week's show: Password Leaks Continue: Billabong, NVIDIA Accounts Compromised | threatpost Hacker Claims Compromise of IT Recruiter | threatpost Yahoo gives all clear after hack attack | Security & Privacy - CNET News
1961-2012. Dead at 51...
July 13th, 2012 --
On this week's edition of the show we catch up with Mark Dowd of Azimuth security for a bit of a chat about Apple's upcoming iOS 6 operating system and its security features. We also wind up chatting about Apple's approach to OS security in general and the whole signed code appstore thing, it's fun stuff! This week's show is brought to you by Tenable Network Security -- the most long term and loyal supporter of this podcast.
The humble pwnplug has turned out to be very useful...
July 6th, 2012 --
In this week's podcast we're chatting with Jonathan Cran of Pwnie Express. Pwnie Express makes dropboxes that were designed to be used by pentesters. Funnily enough people have actually found all sorts of non-illicit uses for them. In this week's sponsor interview we chat with HackLabs' penetration tester Jody Melbourne to ask if there's a future for hacktivists after SQLi bugs are a thing of the past. In this week's news segment with Adam Boileau we discuss the following items:
Is the sky falling or is this a case of "nothing to see"?
June 28th, 2012 --
There's a lot of really interesting news this week. Adam Boileau is back on deck at the top of the show to discuss shitty security at the Ecuadorian embassy in London, the new tool DroidSheep, DARPA's (DERPA? Lol.) attempts at securing the architectural mess that is Android, dudes going to prison, other dudes getting away with stuff and much, much more!
How to be a martyr in style...
June 22nd, 2012 --
In this week's news segment we cover Julian Assange's attempt at martyrdom in style, claims of a Twitter outage, the cracking of 923-bit pairing-based encryption in Japan, the blackmailing of an American firm by hackers,'s tragic fail, The Washington Post's stunning (not) revelation that Flame was the work of the US and Israel, AutoCAD worms, bug bounties and more! Insomnia Security's Mark Piper tackles all that at the top of the show. He's filling in for Adam Boileau.
PLUS Marcus Ranum talks password hashing, general auth approaches...
June 15th, 2012 --
On this week's show we chat with Rapid7's H D Moore about massive recon in both the IPv4 and IPv6 worlds. He's been busy basically banner grabbing the entire Internet and he's found some really, really weird stuff out there. There are some very interesting nuggets in that interview. Check it out.
Prison. Not so lulzy...
June 8th, 2012 --
On this week's show we'll be chatting with Forbes' London bureau chief Parmy Olson. Parmy did a great job of covering the whole LulzSec fiasco last year for Forbes, but she's gone one better and written a book about the whole thing. It's called We Are Anonymous: Inside the hacker world of LulzSec and you know what? It's pretty good! Actually, it's really, really good. I'm about a third of the way through a review copy. Parmy will joins us to talk about what it was like to stitch a story like this together.
When it's Chinese it's a back door. When it's European it's a debugger.
May 31st, 2012 --
On this week's show we're taking a look at some research out of Cambridge University that's drawn a lot of attention. It involves a claim that researchers found a hardware back door on a Chinese-made FPGA (Field Programmable Gate Array). That FPGA is apparently used in military hardware. You can find links to the draft paper and a write-up here. So was this "back door" put there by super-secret Chinese cyber-warriors? Or is it something much less interesting like an undocumented debugging interface?
Forbes journalist book alleges close relationship between Assange and FBI snitch...
May 30th, 2012 --
If people are wondering why on Earth Wikileaks' chief Julian Assange is apparently being pursued by the US Department of Justice, a new book by Forbes' London Bureau chief Parmy Olson might help to clear things up for you. Assange likes to proclaim that the DoJ investigation is a case of the big bad gummint being out to persecute him for being a truth-teller, but if Olson's book (Amazon) is to be believed it looks like he's been a very naughty boy.
The Internet as "tactical cloud computing"...
May 25th, 2012 --
This week's feature audio is an excerpt from an AusCERT presentation I recorded last week. The talk, by Brad Barker of the HALO Corporation, discusses the Zeta drug cartel's use of technology and social media. HALO Corporation does everything from intelligence support to kidnap and ransom consulting. Barker has an interesting analysis of how civilian technology is altering methods of operation and the wider battlefield. It's good stuff.
This is always fun...
May 22nd, 2012 --
The following is the closing session from AusCERT's 2012 conference, the speed debate. It's a chance to have a bit of a laugh at all things security and it's hosted by ABC personality Adam Spencer. Enjoy!
The Sophos guys dissect an age old issue...
May 22nd, 2012 --
At AusCERT last week I caught up with Phil Piotrowski, a threat researcher with Sophos, as well as Rob Forsyth, a director of Sophos here in Australia.
Affix your tinfoil hat and tune in...
May 18th, 2012 --
The following is a recording Susan Landau's plenary presentation. She's a Visiting Scholar in the Computer Science Department at Harvard University. Prior to that she worked as a Distinguished Engineer at Sun Microsystems, and held faculty positions at the University of Massachusetts and Wesleyan University. Her talk is titled Surveillance or Security? The Risks Posed by New Wiretapping Technologies.
There's more than one way to skin the DDoS cat. Meow.
May 18th, 2012 --
In this sponsored podcast we chat with both Arbor Networks' Nick Race and Matt Hollis of Vocus. We discuss the state of both application and volumetric based DDoS techniques. As you'd no doubt be aware, Arbor makes DDoS mitigation equipment -- there's the enterprise stuff that blocks application-based attacks, like attacks that exhaust resources on the target, then there's the telco stuff that blocks the volumetric attacks -- a.k.a. bandwidth exhaustion attacks.
Can governments mandate success?
May 18th, 2012 --
Yesterday I caught up with SCADA security expert and AusCERT speaker Mark Fabro of Lofty Perch. We spoke about attempts by governments to mandate minimum security requirements for critical infrastructure through regulation. I started off by asking him what regulation attempts in North America look like now.