All the news that's fit to tab up...
April 24th, 2015 --
Links to items discussed in episode 363 of the Risky Business podcast.
PLUS all the news that's fit to podcast...
April 16th, 2015 --
In this week's show we're chatting with Bob Rudis of Verizon about that company's annual data breach investigation report. After what I thought was a bit of a lapse in relevance last year, the 2015 report has come back stronger than ever. There are some genuinely interesting findings.
Links to everything!
April 16th, 2015 --
Links to items discussed in episode 362 of the Risky Business podcast.
You know, business as usual...
April 9th, 2015 --
We've got a shorter than usual show for you this week. It's actually been a three day week here in Australia because we get Easter Friday and Easter Monday off. So there's no feature interview this week, sorry about that. But nonetheless we've got a great podcast for you this week. We'll be checking the week's news headlines with Adam Boileau then moving right on into this week's sponsor interview.
We're not owned by ISIS. Yet.
April 9th, 2015 --
Links to items discussed in episode 261 of the Risky Business security podcast.
...and other assorted things...
April 2nd, 2015 --
In this week's show we chat with Arbor Networks' Roland Dobbins about the Great GitHub DDoS of 2015, Paul Asadoorian of Tenable Network Security about vulnerability management and, of course, Adam Boileau about the week's security news. Links are in this week's show notes.
All the news that's fit to... browse.
April 2nd, 2015 --
Links to items discussed in episode 360 of the Risky Business podcast.
App maker accuses Xipiter of "doctoring" disastrous PoC...
March 26th, 2015 --
This week Risky Business takes you behind the scenes of a spat between the makers of the Whisper App and Stephen Ridley's company Xipiter. Ridley's crew say they found some 24-carat-facepalm security problems with the app, subsequently publishing a blog post and video detailing the bugs. You'd think whisper would patch the bugs and move on. But no, they decided to accuse Xipiter of making the whole thing up, even going so far as to accuse them of doctoring their proof of concept video! Stephen Ridley will join the show to discuss all of that.
Your weekly fix of fail...
March 26th, 2015 --
Links to items discussed in episode 359 of the Risky Business podcast.
What would YOU do to "fix it"?
March 19th, 2015 --
On this week's show we chat with Rapid7's HD Moore (feature) and Thinkst head honcho Haroon Meer (sponsor) about the big-picture changes that could see enterprise security actually change. They're both high-level interviews with two of the industry's sharpest. Adam Boileau, as usual, joins us to discuss the week's news headlines. You can find links to everything discussed in this week's show in the show notes. Don't forget to check out this week's Risky Business video!
Your Evolution order has been delayed...
March 19th, 2015 --
Links to items discussed in this week's podcast.
The fault, dear Brutus, is not in the stars but in ourselves...
March 17th, 2015 --
The infosec industry has failed to protect the Internet and networks attached to it. So why do people who work in it engage in victim-shaming?
March 12th, 2015 --
On this week's show we're having a chat with Mark Dowd about the so-called Rowhammer exploit. And yeah, if you haven't heard about this one you're in for a treat. It's among the most badass research I've ever seen. You know, you can skin a cat with a knife, or you can do what the Google Project Zero team did and skin it with 300 synchronised lasers.
Microsoft: No biscuit.
March 12th, 2015 --
Links to items discussed in episode 357 of the Risky Business podcast.
DJ S-Ludz words it up...
March 9th, 2015 --
Senator Scott Ludlam of the Greens party is the only Australian politician kicking up a stink about the government's metadata retention bill. And we're glad about that, it's a pretty defective bill, even if some recent amendments recommended by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) have made it much more palatable. Scott was passing through my town last week campaigning on behalf of the local Greens state election candidate for Ballina -- the NSW election is coming up at the end of March. So, we caught up and did this interview all about the latest with the bill and the politics behind it.
PLUS Security at scale, risks to bug bounties...
March 5th, 2015 --
This week's feature interview is with Alex Stamos, CISO of Yahoo. Alex did a fantastic AppSec keynote in early February that I wanted to ask him about, so we booked this interview a couple of weeks ago. Then, last week, Alex made the news. Big time. While on a panel with Admiral Mike Rogers, Alex challenged the NSA chief on the government's apparent desire to mandate the introduction of interception capabilities into products made by technology companies.
So much crypto in the news these days...
March 5th, 2015 --
Links to items discussed in episode 356 of the Risky Business podcast.
P1 Security (and Qualys) founder Philippe Langlois talks SIM key haxx...
February 26th, 2015 --
On this week's show we're speaking with Philippe Langlois. You may remember him as the founder of Qualys in the 90s, but these days he's the CEO and founder of P1 Security, a telecommunications security firm. He'll be joining us to discuss the NSA and GCHQ operation against SIM card manufacturer Gemalto.
Dramatic fails FTW!
February 26th, 2015 --
Links to everything discussed in episode 355 of the Risky Business podcast.
New compile-time tricks, split TLB tricks and MOAR...
February 20th, 2015 --
On this week's show we're chatting with Assured Information Security senior research engineer Jacob Torrey about some work he's due to present at SysCAN and Infiltrate. It's called HARES, and it's basically a pretty impressive party trick that makes reverse engineering malware payloads a lot harder. He's also been following some work around some compile-time tricks that make software builds unique. This can make your 0day a lot less useful because exploit has to be custom built for each target... think of it as a compile-time ASLR trick, but better.