Owning absolutely everyone with 90's technique...
March 1st, 2013 --
On this week's show we're chatting with Mandiant's Managing Director of Threat Intelligence, Dan McWhorter, about that company's report into Chinese cyber espionage activity. Mandiant dropped the report last week and it's caused quite a stir, even eliciting a response from the Whitehouse and Chinese officials. That's an interesting conversation and it's after the news.
Links, music, intelligence reports and more!
March 1st, 2013 --
There are a few links in here that got cut from this week's show. Interesting reading nonetheless, so I've left them in.
Leaked data points to previous compromise...
February 27th, 2013 --
The ABC Website compromised by anonymous attackers overnight was likely already breached by cyber-criminals active on Russian forums as far back as 2011. The user database of the Making Australia Happy television program was published overnight with the emails and hashed passwords of its 50,000 users dumped on paste websites. The pastes were released under the tag "#OpWilders"; the breach ostensibly a revenge attack over the ABC's decision to air an interview with controversial anti-Muslim Dutch politician Geert Wilders, who visited Australia last week.
Secondary targeting all the rage...
February 22nd, 2013 --
On this week's show we're taking a look at the issue of secondary targeting. These days it's borderline likely that attackers who want information on your company's upcoming mergers and acquisition activity won't even bother attacking you to get the intel. They'll go for your law firm instead... or your accountants... or another partner. CERT Australia Executive Manager Dr. Carolyn Patterson joins the show to talk about that.
Oh noes! Not Burger King!?!
February 22nd, 2013 --
Here are this week's show notes for episode 270 of the Risky Business podcast! Links to articles, events, sponsor whitepapers, music and more!
Where to for infosec when clientsides become rare?
February 15th, 2013 --
On this week's show we have a chat with industry stalwart Dave Aitel of Immunity Inc. Dave joins us to chat about a few things -- like what it will be like when clientside memory corruption exploits become as rare as server side corruption exploits are now. How will that change the security discipline? We also have a chat about El Jefe and sneaky ways of handling command and control.
Lots of news this week...
February 15th, 2013 --
Links to stories discussed in this week's show, music, Immunity stuff, NCC stuff, BeEF stuff and more! Security Firm Bit9 Hacked, Used to Spread Malware — Krebs on Security http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spr... Microsoft Report Examines Socio-Economic Relationships to Malware Infections | threatpost http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-econom... Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives | threatpost
A novel approach to crowdsourced security QA...
February 8th, 2013 --
This week's feature interview is with Casey Ellis of BugCrowd.com -- a new business that runs outsourced bug bounty programs. It's a great idea and it's one that I personally think will really take off over the next couple of years. This week's show is brought to you by our good friends at Adobe.
Get your links! Links here!
February 8th, 2013 --
Here are links to this week's news items. I had to cut some of these from the segment for space but I left the links in. Enjoy!
A look back on 2012 in infosec, as reported by Risky Business...
December 13th, 2012 --
This week's show takes a look back at some of the big issues and stories of 2012: The arrest of the Lulzsec crew, the release of Stratfor's email by Wikileaks and the Australian government ban on Huawei participating in the NBN rollout. With bonus lulz. This is the final episode of Risky Business for 2012. We'll be back in February 2013!
A truly mixed bag of topics on this week's show...
December 7th, 2012 --
On this week's show we're talking ToR and BitCoin with Alice Hutchings, a Senior Researcher and Analyst with the Australian Institute of Criminology's Global, Economic and Electronic Crime Program. ToR helps dissidents in foreign countries access information their governments deem unsavoury -- but it also provides a layer of protection to the consumers of child porn. Combine it with technology like BitCoin and bang, you've got Silk Road. Given the illicit uses of such technology, is volunteering to run a ToR server moral?
Risky Business. Now in Hi-Fi STEREO!
December 7th, 2012 --
Here are a bunch of links to the news stories discussed with Adam Boileau in this week's edition of Risky Business. I've also thrown in a link to the story about the Austrian police arresting the operator of a ToR exit node, PLUS Senetas's hybrid quantum encryption product page... because YEAH SCIENCE! MR. WHITE!! YEAH! (And yes, I wrote that because there's a Heisenberg reference in this week's sponsor interview.)
Using Dr. Watson to uncover failed exploitation attempts...
November 30th, 2012 --
On this week's show were chatting with Rex Warren of Leviathan Security in the United States. Leviathan has been working with DARPA on an interesting new system that can reliably detect failed 0day exploitation attempts against hosts. Basically these guys are just grabbing Dr. Watson crash dumps at the gateway, but where it gets interesting is when we look at what they do with those crash dumps. Emulation FTW.
Links to this week's news stories!
November 30th, 2012 --
Here are links to all news articles discussed in episode 265 of Risky Business!
PLUS: How your iPad kicks your mainframe's ass...
November 23rd, 2012 --
On this week's show I'll being playing an excerpt from a panel discussion that took place at Kiwicon -- the session was called Three Guys with Ponytails Talk Security. The three guys are PGP Corporation co-founder Jon Callas, nCipher co-founder Nicko van Someren and the University of Auckland's Peter Gutmann.
Can't get enough can't get enough no, can't get enough...
November 23rd, 2012 --
Lots of fun news this week, plus a link to John McAfee's blog and some great old Kiwi music. Sweet as, cuz.
AFP Assistant Commissioner Neil Gaughan joins the show...
November 15th, 2012 --
In this week's feature interview we're chatting with the Assistant Commissioner of the Australian Federal Police, Neil Gaughan. He's the national manager of High Tech Crime Operations and he's joining us to discuss the ongoing national security review. As a part of that review the government is introducing laws that will force ISPs and other Carriage Service Providers (CSPs) to store information on Australian citizens for two years. It sounds scary, but as you'll hear the data covered by the proposed new law is actually pretty mundane stuff like DHCP and SIP logs.
John McAfee's bath salt shelving instructions not included...
November 15th, 2012 --
This week's show notes are chock-a-block! We've got the official, AFP/ASIO/AG definition of communications data, we've got music, we've got sponsored whitepapers! Go bonkers! Go nuts!
Peter Gutmann discusses a particularly sophisticated attack...
November 8th, 2012 --
On this week's show we're chatting with renowned megabrain Peter Gutmann about a paper on side channel attacks against crypto keys in virtualised environments. It's really complicated stuff, but very, very interesting. Peter didn't do this research or write the paper, but I always like getting his take on this stuff because... well... he's really smart and he doesn't overhype stuff. That's after the news. This week's show is brought to you by a new sponsor! NCC Group! Yay!
Extra news items this week!
November 8th, 2012 --
Here are this week's show notes. Normally we just include links to stuff we spoke about, but I wound up cutting a few of these items out of the audio during the edit... But I included them here anyway!