Risky Business

Risky Business #224 -- Lost source and open relays: 2012 is here

February 1, 2012 -- Risky Business is back for 2012! This week's edition of the show is sponsored by Adobe.

And as it's our first week back we're focussing mostly on catching up on the news of the last six weeks or so. Between McAfee turning its customers into open relays -- that wound up being used by spammers -- and Symantec realising its source code walked six years ago, it's been a cracking start to the year.

Risky Business news co-host Adam Boileau joins the show to run through the key highlights of the last six weeks.

Risky Business #223 -- Summer edition: Drones pwned?

December 20, 2011 -- This is a special summer edition of the Risky Business podcast. There's no feature interview or sponsor interview -- just Adam Boileau and Patrick Gray discussing the most interesting security news items of the last three weeks, including:


  • Did Persians pwn Drones?

  • Bradley Manning faces court

  • HP to face printer vulnerability lawsuit

  • Could the USA's SOPA law break DNSSEC?

  • GlobalSign says its CA systems were never compromised

  • New guidelines for issuance of SSL certs

  • Microsoft to silently update IE in 2012

Risky Business #222 -- Never pay for roaming data again

December 2, 2011 -- I thought we'd just have a bit of a fun feature for the last show of the year. It's an interview with Edith Cowan University's Peter Hannay about a presentation he did at Ruxcon back in 2010, all about turning Amazon's Kindle into a completely free internet access device that works all over the world.

That's right, no subscriber fees and 3G access in a zillion countries.

He'll tell you how you can hack your kindle to use it as a completely free USB Internet access device pretty much anywhere in the world. No more data roaming for you! W00t w00t! SSH everywhere!

Risky Business #221 -- Browser GFX security with Ben Hawkes

November 25, 2011 -- In this week's feature interview we're chatting with Google's Ben Hawkes about the risks posed to browsers by new developments in the way they handle graphics. WebGL and Flash Stage3G allow Websites easy access to graphics cards but introduces a bunch of potential security issues. What if there's a bug in your graphics card driver? Can you then exploit that through the browser?

That, for want of a better word, would be... bad.

It's a topic that's been picking up a bit of coverage over the last six months or so, but is it overhyped?

Risky Business #220 -- All your Macs are belong to Snare

November 17, 2011 -- On this week's podcast we take a look at doing some fairly unnatural things to the OS X operating system. We'll hear how to best rootkit OS X and also how messing with EFI bootloaders can be a whole bunch of fun in terms of installing persistent rootkits in PCI firmware.

That's this week's feature interview, with our buddy Loukas from Assurance.com.au.

Risky Business #219 -- NFC puts chip readers everywhere

November 11, 2011 -- On this week's show we're talking Near Field Communications (NFC) with New Zealand's Nick von Dadelszen.

NFC is set to become the next big thing for micropayments, alas it looks likely there's potential to conduct all sorts of mischief using NFC-equipped mobile phones like Google's Nexus S.

NFC equipped phones are RFID readers, and Nick reckons we're about six months away from being able to use them as card emulators as well. Let the fun begin!

Risky Business #218 -- Precisely how badly does Android support suck?

November 3, 2011 -- On this week's show we're taking a look at support for Android devices. If you're a regular listener you would have heard us whingeing about Android's woeful support. We've often said most Android devices out there are running old and insecure versions of the software, and now we have proof.


This week's feature guest, Michael DeGusta, has done a bit of research on this topic and found, well, Android support is even WORSE than we first thought. He turned his research into a chart that went viral. Here it is:

Risky Business #217 -- Patrick Webster joins the show

October 28, 2011 -- In this week's feature we chat to Patrick Webster about his tangle with First State Superannuation.

This is a story we've covered on the show over the last few weeks. If you haven't heard what happened, Pat spotted a bug in First State Super's statements system, probed it, let them know 12 hours later and then wound up with the police on his door!

Since then the whole saga has turned into a pretty big deal here in Australia. The police and civil actions against Webster have both been dropped and First State Super -- and its administrator -- has wound up in a bunch of trouble.

Risky Business #216 -- WebScarab for SAP!

October 20, 2011 -- This week's feature interview is with Ian De Villiers of the South African security firm Sensepost.

Ian recently dropped a couple of interesting SAP security tools at 44con in London and ZACon in South Africa.

SAP makes Enterprise Resource Planning (ERP) solutions... CRM, SCM, PLM... you know, all that three-lettered, thick client enterprise stuff. It's everywhere and as it turns out, one of the only things that has saved it from thorough examination in the past has been the obscurity of its protocol.

Risky Business #215 -- Aussie researcher heavied, Mitnick and more!

October 14, 2011 -- On this week's show we're delving into a troubling story emerging here in Australia. A local security researcher and consultant, Patrick Webster, has been threatened with criminal and civil prosecution after he disclosed a direct object reference bug in his pension fund's systems.

We'll be discussing this in the news with Adam, then we'll be hearing from First State Superannuation's Chief Executive Michael Dwyer himself!