Friends don't let friends run XP...
April 4th, 2014 --
Here are links to the news stories discussed in episode 316 of the Risky Business podcast.
And the G20 is coming to Brisbane! RUUUUN!!!
March 28th, 2014 --
This week's feature interview is with nmap creator Gordon Lyon, who's probably better known by his handle: Fyodor. Last week we brought you the news that the Full Disclosure mailing list was shuttered following legal threats from someone describing themselves as a security researcher. Fyodor runs the mailing list archive and he's decided to bring FD back from the dead. I got him on the line and asked him why.
Target and Trustwave to be hauled before courts...
March 28th, 2014 --
Not a huge volume of news this week, but certainly some big stories. Obama plans to wind back the NS's metadata collection program and Target is being hauled before the courts alongside its security provider TrustWave.
PLUS Moar PowerShell and Tarjei Mandt on iOS PRNG weaknesses...
March 21st, 2014 --
On this week's show we're taking a look at some absolutely awesome research by Azimuth Security's Tarjei Mandt on the pseudo random number generators used by iOS 6 and 7. Tarjei has figured out a way to blow away iOS's memory mitigations with some very cool tricks.
You know they're making a Brian Krebs movie, right?
March 21st, 2014 --
Some crazy news this week. Full Disclosure has shut down, Sony is apparently going to make a movie about Brian Krebs, Symantec gives another CEO the ass and more!
Why use pwdump when you can just ask 'doze nicely?
March 14th, 2014 --
On this week's show we have a look at PowerShell, the Microsoft sorta scripting language admin thingy. As it turns out, PowerShell can be an attacker's best friend when it comes to lateral movement through a network. We'll chat with Kieran Jacobson about that in this week's feature interview. He did a cracker presentation at CrikeyCon where he demo'd owning a domain controller and dumping all its creds with something like five lines of PowerShell. I mean, there are caveats there, but wow... the demotime was food for thought.
All is quiet...
March 14th, 2014 --
Here's a bunch of links to items discussed on episode 313 of the Risky Business podcast!
This week's show is overflowing...
March 7th, 2014 --
It's a solid week for BitCoin news. The (maybe) outing of the elusive Satoshi Nakamoto, the MtGox mystery, dead exchanges and even, unfortunately, a suicide of a former BitCoin exchange CEO in Singapore. But there's been plenty of other news! Apple's gotofail bug, GnuTLS issues, more NTP amplification attacks, and of course YahooWebcamGate. You can find links to the news items discussed in this week's show here.
A bad two weeks for BitCoin...
March 7th, 2014 --
In keeping with tradition, I take a week off and everything goes berserk. MtGox imploded, gotofail, dead BTC exchanges, more NTP mayhem. Here's a list of the stories discussed on this week's show.
A quick chat about a novel idea...
February 20th, 2014 --
This week we chat with a local consultant, Mark Brand of Datacom TSS, about the general topic of authentication. We've seen some interesting cases of things going wrong with auth on consumer sources lately. The @n Twitter username hijacking, the Matt Honan disaster of 2012. Now Google's run off and bought SlickLogin, a novel approach to mobile app auth. Will that get us anywhere? And what about NameCoin -- a BitCoin protocol-derived peer-to-peer authentication scheme? I'd never heard of it, but the concept is fascinating. Mark pops by to fill us in.
BitCoin has DogeCoin. Will NameCoin have NomCoin?
February 20th, 2014 --
Show notes for episode 311 of the Risky Business podcast!
COSEINC's Thomas Lim joins the show...
February 14th, 2014 --
On this week's show we're chatting with COSEINC's Thomas Lim about the Wassenaar Arrangement. It's basically a worldwide framework that restricts the sale of munitions and dual use technologies, and it has exploits in its sites. COSEINC is a security research company that engages in exploit development, and Lim thinks extending regulations to exploit sales is pointless. This week's show is brought to you by BugCrowd, a company that was founded in Australia but is now based in San Francisco thanks to VC investment.
Lots of cool stuff this week!
February 14th, 2014 --
Here are the stories discussed in episode 310 of the Risky Business podcast...
Meterpreter gets some new tricks...
February 7th, 2014 --
We're back after a nice long rest, and boy oh boy did a lot of stuff happen during the break. Adam Boileau joins the show to discuss the choicest selection of news items to emerge over the last six weeks. In this week's feature slot we chat to OJ Reeves about his work in upgrading Meterpreter, the Metasploit payload. There are some cool new features on the way, he'll clue us in on those. This week's show is brought to you by Tenable Network Security.
Lots of links for the first 2014 show!
February 7th, 2014 --
We're back from a long break and catching up on a whole bunch of news. And, umm. Here it is!
So what about that Snowden guy, huh?
December 13th, 2013 --
This is the final Risky Business podcast for 2013. The show will resume its weekly schedule in February 2014. Oh, and there are still three sponsor slots left between now and July. If you're interested, drop us a line with the contact form... This week's show looks back over the key events and trends of 2013; how media focus shifted from focussing on China's cyber-espionage to the scandalous revelations of the Snowden leaks.
A chat with Bromium co-founder and CTO Simon Crosby...
December 6th, 2013 --
On this week's show we speak to Bromium co-founder and CTO Simon Crosby all about its tech. We don't normally interview vendors about their technology in the feature slots, but Bromium is very interesting stuff. It's all about hardware-enabled task isolation with Xen-based micro VMs. The way they've implemented this makes it quite difficult for an attacker to gain persistence on a target machine. Simon is a very technical guy, it's a great interview and it's after the news.
What does one do with USD$100m in stolen Bitcoins?
December 6th, 2013 --
Here are links to the items discussed in this week's show, plus a couple of bonus links. In particular, check out the ABC's coverage of the Australian intelligence scandal involving ASIS and ASIO whistleblowers. Very interesting stuff!
$600 million buys you a lot of fail, apparently...
November 29th, 2013 --
In this week's show we speak with TrustedSec CEO Dave Kennedy about his testimony to the US congress about the Obama administration's website. It cost over $600m and it's riddled with infosec 101 bugs. We find out just how bad it is and what can be done about it.
Get your fill of the week's news!
November 29th, 2013 --
Not a crazy news week for us. Americans are too busy eating turkeys.