Links to this week's news stories!
April 5th, 2013 --
Here are links to the news stories discussed in this week's edition of the Risky Business podcast. You can find this week's show here.
What to do with all dem hashes and IPs!
March 28th, 2013 --
This week's show is brought to you by our longest term sponsor, Tenable Network Security, thanks guys. In this week's sponsor interview we chat with the CEO and co-founder of Tenable, industry stalwart Ron Gula. We're chatting to him about a funny idea -- that the release of indicators of compromise might become so regular that they'll have to be handled in regular info sec team workflow. So we'll have Patch Tuesday and "which IPs owned us" Wednesday.
News links, music and more!
March 28th, 2013 --
Here are the links to this week's news items, plus music and more!
Stanford law's Jennifer Granick joins the show...
March 22nd, 2013 --
In this week's feature interview we chat with Jennifer Granick, the Head of Civil Liberties at Stanford University's Centre for Internet and Society. Jennifer has extensive experience with cyberlaw -- she has acted for clients as diverse as Aaron Swartz and HBGary! She's done it all! And she joins the show to talk about a few things -- is active defence ever legal? And what the hell is going on with the Computer Abuse and Fraud Act over there in the USA?
South Korea got pwnt pretty hard...
March 22nd, 2013 --
Here are this week's show notes. Absolutely fascinating week in infosec!
C&C-destroying, greyhat, mercenary berserkers could be just around the corner!
March 15th, 2013 --
In this week's feature interview we're chatting to industry legend and In-Q-Tel CSO Dan Geer about the idea of offence as defence. If someone's attacking you do you have the moral right to attack them back? Dan actually thinks you do. This week's show is brought to you by Adobe. Adobe's head of product security and privacy Brad Arkin pops along to have a bit of a chat about the busy few months they've been having at Adobe dealing with some interesting bugs.
Linkage. Copious linkage.
March 15th, 2013 --
Discussion of several of these stories were cut to keep the podcast to its preferred length of about an hour. Plenty of interesting stuff in here though! Episode 273 of the Risky Business podcast can be found here.
PLUS the evils of scoping and MOAR!
March 7th, 2013 --
On this week's show we chat to PGP Corporation co-founder Jon Callas. Jon's been in the security business for a long time and he's bringing us up to speed on his latest venture, Silent Circle. This week's show is brought to you by the Australian security consulting and penetration testing firm HackLabs. And we've got a really interesting sponsor interview with HackLabs head honcho Chris Gatford about how many, many organisations simply don't do any foot-printing... and it means they miss so much! Come on people, it's a two-day job!
We had to cut lots this week!
March 7th, 2013 --
For time considerations I had to cut out our discussion of a lot of these articles... but I've included them in the show notes because they're worth a cursory look. Enjoy! Episode 272 can be found here. The Java Zero-Day Procession Continues | threatpost New Java 0-Day Attack Echoes Bit9 Breach — Krebs on Security
Owning absolutely everyone with 90's technique...
March 1st, 2013 --
On this week's show we're chatting with Mandiant's Managing Director of Threat Intelligence, Dan McWhorter, about that company's report into Chinese cyber espionage activity. Mandiant dropped the report last week and it's caused quite a stir, even eliciting a response from the Whitehouse and Chinese officials. That's an interesting conversation and it's after the news.
Links, music, intelligence reports and more!
March 1st, 2013 --
There are a few links in here that got cut from this week's show. Interesting reading nonetheless, so I've left them in.
Leaked data points to previous compromise...
February 27th, 2013 --
The ABC Website compromised by anonymous attackers overnight was likely already breached by cyber-criminals active on Russian forums as far back as 2011. The user database of the Making Australia Happy television program was published overnight with the emails and hashed passwords of its 50,000 users dumped on paste websites. The pastes were released under the tag "#OpWilders"; the breach ostensibly a revenge attack over the ABC's decision to air an interview with controversial anti-Muslim Dutch politician Geert Wilders, who visited Australia last week.
Secondary targeting all the rage...
February 22nd, 2013 --
On this week's show we're taking a look at the issue of secondary targeting. These days it's borderline likely that attackers who want information on your company's upcoming mergers and acquisition activity won't even bother attacking you to get the intel. They'll go for your law firm instead... or your accountants... or another partner. CERT Australia Executive Manager Dr. Carolyn Patterson joins the show to talk about that.
Oh noes! Not Burger King!?!
February 22nd, 2013 --
Here are this week's show notes for episode 270 of the Risky Business podcast! Links to articles, events, sponsor whitepapers, music and more!
Where to for infosec when clientsides become rare?
February 15th, 2013 --
On this week's show we have a chat with industry stalwart Dave Aitel of Immunity Inc. Dave joins us to chat about a few things -- like what it will be like when clientside memory corruption exploits become as rare as server side corruption exploits are now. How will that change the security discipline? We also have a chat about El Jefe and sneaky ways of handling command and control.
Lots of news this week...
February 15th, 2013 --
Links to stories discussed in this week's show, music, Immunity stuff, NCC stuff, BeEF stuff and more! Security Firm Bit9 Hacked, Used to Spread Malware — Krebs on Security Microsoft Report Examines Socio-Economic Relationships to Malware Infections | threatpost Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives | threatpost
A novel approach to crowdsourced security QA...
February 8th, 2013 --
This week's feature interview is with Casey Ellis of -- a new business that runs outsourced bug bounty programs. It's a great idea and it's one that I personally think will really take off over the next couple of years. This week's show is brought to you by our good friends at Adobe.
Get your links! Links here!
February 8th, 2013 --
Here are links to this week's news items. I had to cut some of these from the segment for space but I left the links in. Enjoy!
A look back on 2012 in infosec, as reported by Risky Business...
December 13th, 2012 --
This week's show takes a look back at some of the big issues and stories of 2012: The arrest of the Lulzsec crew, the release of Stratfor's email by Wikileaks and the Australian government ban on Huawei participating in the NBN rollout. With bonus lulz. This is the final episode of Risky Business for 2012. We'll be back in February 2013!
A truly mixed bag of topics on this week's show...
December 7th, 2012 --
On this week's show we're talking ToR and BitCoin with Alice Hutchings, a Senior Researcher and Analyst with the Australian Institute of Criminology's Global, Economic and Electronic Crime Program. ToR helps dissidents in foreign countries access information their governments deem unsavoury -- but it also provides a layer of protection to the consumers of child porn. Combine it with technology like BitCoin and bang, you've got Silk Road. Given the illicit uses of such technology, is volunteering to run a ToR server moral?