Risky Business Podcast

We've got two feature interviews in this week's show. We'll be chatting with Security-Assessment.com's Carl Purvis, who's found a way to man-in-the-middle ADSL connections by spending only $1,000 on kit. Want to own a branch office of a major corporation? No problem!

Carl's due to give a talk at the upcoming Kiwicon conference in which he'll show everyone how it's done, so the interview's a bit of a preview.

We'll also check in very briefly with Assurance.com.au's Oliver Greiter, who's been having a lot of fun with Microsoft's ActiveSync. He'll also be presenting his findings in a lightning talk at Kiwicon.

This week's episode is sponsored by Microsoft, and the company's strategic security advisor, Stuart Strathdee joins us for an interview about the company's latest Security Intelligence Report in this week's sponsor interview.

Adam Boileau is this week's news guest.

Sponsor RB's Movember Team here.

Follow RB on Twitter here.

This week's feature guest is the creator of the iPhone worm, Ashley Towns, aka Ikee. This guy is either a cheeky kid or a cyber terrorist, depending on who you ask, and yup -- we've got him on the show.

We also check in with Paul Ducklin of Sophos in this week's sponsor interview. You've never heard two interviews that clash more, it's hilarious.

In one corner is the heavily pierced kid from Wollongong with the funny haircut, in the other is the middle aged AV guy who's a real stickler for the rules.

It's the naughty kid versus the school principal, both interviewed about the same series of events.

We're also joined by Adam Boileau for a discussion of the week's news.

This week's show is sponsored by the wonderful people from Tenable Network Security.

This week's feature interview is with Chris Disspain, the CEO of Australia's domain name regulator auDA.

This week we're discussing the move to Cyrillic domain names -- some media commentators have gone a bit berserk on this one, saying that the move will introduce massive risks because people will be able to do phishing campaigns with domains made up partially of Cyrillic characters.

Chris will be along to talk about why he thinks that's wrong.

We're also joined by Tenable Network Security's CEO Ron Gula in this week's sponsor interview. Ron gives us his take on Rapid7's acquisition of Metasploit.

Adam Boileau also pops in for a look at the week's news headlines.

PLEASE NOTE: We're having some technical problems with the site and the flash player below doesn't work at the moment. Just use the direct download link or pull the file through your podcatcher/iTunes... sorry for the inconvenience!

This week's podcast is hosted by Vigabyte virtual hosting but sponsored by Check Point.

On this week's show we're taking a look at smart metering. It's all the rage these days -- it will usher in an era of automated billing for electricity, gas and water as well as letting the utilities companies do all sorts of intelligent grid management stuff. Utilities across Australia and indeed throughout the world are rolling this technology out as we speak.

But as you'll hear, there are opposing views on whether or not this stuff is ready for roll out.

Could a smart meter worm that can shut down whole cities be on the horizon? It sounds a bit extreme, but that's one concern Professor Bart Jacobs of Radboud University in the Netherlands highlights. We'll hear from him later.

We'll also hear from Logica's smart metering security expert Karl Dawson. He has extensive experience working with utilities on this sort of thing and says it can be done securely, if it's done right and monitored properly.

In this week's sponsor interview we'll be chatting with Steve MacDonald from Check Point. He's Check Point's engineering services manager here in Australia which means he spends a lot of time with big, big companies dealing with their issues. This week we're chatting to Steve about some of the more idiotic things he's seen customers do. Allow ANY blanket firewall rules anyone?

This week's edition of Risky Business is brought to you by Sophos.

And what a show it is! We've got the exclusive podcast interview with HD Moore, who fills us in on the acquisition of the Metasploit project by Rapid7.

Now, before you GPL freaks run to the shed to dig out the pitchforks and flaming torches, you should hear this interview. The way HD describes it, this acquisition is about the best thing that could have happened to Metasploit.

Rapid7's director of products and operations, Corey Thomas, also joins the show with some soothing words for anyone with concerns about the acquisition.

We're also joined this week by Adam Boileau, who discusses the week's news headlines, and Paul Ducklin of Sophos joins us for the week's sponsor interview.

Subscribe to the Risky Business podcast here.

Follow Risky Business on Twitter here.

Sign up for a forum account and our weekly newsletter here.

...or leave us a voicemail on Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's show features an excerpt from David Rice's plenary speech at the GovCERT Symposium in Rotterdam, The Netherlands.

In his talk, David asks what the security business could learn from pasta sauce, Diet Pepsi and food science in general. It's a bit out there, but it's well worth a listen.

You'll also hear from Microsoft Australia's Andrew Parsons about a couple of programs Microsoft is running that involve giving away an absolute tonne of expensive software to students and start-ups. It's not a security related interview, but hey, the programs are pretty interesting and worth featuring.

There's no news guest this week -- I'm still travelling back to Australia from Europe. It's a long way. No, really... It's far.

But we'll be back to regular programming next week.

This week's show is a bit of a special edition, prepared at the GovCERT.nl Symposium at the World Trade Centre in Rotterdam, Netherlands.

This isn't a regular edition of the show, so sadly we will not be joined by our regular news guest Adam Boileau for our weekly news segment. Instead, we'll be having a chat with Neohapsis CTO Greg Shipley, who's also here to give his own talk at GovCERT.nl.

Greg's firm actually did some of the forensics work on one of the organisations allegedly attacked by Alberto Gonzalez, the Internet super-villain. If you've been in a cave for the last few months, Gonzalez is the guy who's suspected of stealing up to 135 million credit card numbers over several years... and he's now in prison as a result.

Greg's and I discussed how these sorts of breaches could actually happen in organisations that actually pay attention to their security.

In this week's sponsor interview, Check Point's Engineering Services Manager Steve MacDonald will be along to have a talk about a recent report -- one that we mentioned on last week's show -- that claimed up to nine percent of corporate machines are actually infected with custom-designed malware.

Working for Check Point, Steve has a lot of exposure to large corporate clients, and depressingly, says the report is entirely plausible.

On this week's show we'll be chatting with Stratsec's Chief Technology guy Nick Ellsmore about bank fraud liability. A couple in the USA who fell victim to a phishing scam are suing their bank to get their money back. Nick's not a lawyer, but he's one of those guys who follows the law as it relates to security very, very closely, so he'll be on the show to talk about that.

We'll also check in with the head of Australia's domain name regulator auDA, Chris Disspain. A couple of years ago an Australian domain name registrar, Bottle Domains, had its credit card database walked out through the perimeter. That's lead to auDA taking court action and by the looks of things it's set to drag out a bit longer.

In this week's sponsor interview we're joined by Microsoft's Stuart Strathdee. That one's a bit of a mixed chat about all sorts of stuff. We're talking all things Microsoft. And there's been a lot of MS-related news of late.

Adam Boileau is this week's news guest.

[MINOR CORRECTION: It's mentioned in the show that it's rare for a TLD regulator to take action against registrars. Risky.Biz is told that is not the case.]

On this week's show we'll be taking a look at the disclosure of security vulnerabilities in Web applications.

An interesting blog has recently popped up here. If you visit (at your own risk), what you'll see there is basically nothing but screen caps of owned Web applications. They're big targets, too.

We're talking about Facebook, RBS WorldPay, that sort of thing. Browsing through that blog is a very diverting 20 minutes.

Is owning sites and posting the results like this unethical? We thought we'd ask our guest Adam Pointon. He's a CSO for a financial services company that operates a very complicated web application for tens of thousands of users.

We'll also be chatting with our sponsor guest Paul Asadoorian this week. Paul is the co-host of the PaulDotCom Security Weekly podcast. When he's not in front of a microphone, Paul's out there being Tenable Network Security's evangelist. This week we're chatting with him about some interesting research the SANS Institute has released which revealed which weaknesses in corporate security are actually doing the most damage.

This week's special news guest is Munir Kotadia.

Risky.Biz has been asked to help a well respected security company find a new penetration tester in Melbourne. E-mail jobs at risky dot biz for more information. Details are in the show... if you're not interested, put someone forward for a $1,000 finder's fee.

You can find Risky Business on Twitter here.

Sign up to our weekly newsletter here.

This week's edition of Risky Business is brought to you by the fine folks at Sophos, the makers of all types of security software and the employer many, many smart cookies.

This week's show is a bit of a mixed bag. We'll of course be checking in with our buddy Adam Boileau to discuss the week's news headlines, then we'll be having a chat with journalist Cameron Stewart. He works for The Australian, a Murdoch-owned newspaper, and he's written a series of articles alleging Australia's spy agency ASIO has been called in to investigate Chinese networking equipment manufacturer Huawei over alleged links to Chinese intelligence organisations.

Interesting stuff to say the least.

Then we're going all Mac on you. We'll be chatting to Brett Olsen, who's been doing some interesting work in looking at the privacy implications of some iPhone applications. Yes, I know iPhone stuff has been done to death, but Olsen's i-phone-home project could be a preview of things to come across the whole mobile computing space.

Then of course we'll be chatting with Sean Richmond of Sophos in this week's sponsor interview. He'll be giving us a vendor take on Apple's decision to build some rudimentary AV into its operating system.

Sign up to the Risky.Biz newsletter here.