Putting your life in TBB's hands is maybe not so wise...
September 22nd, 2016 --
On this week's show we'll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That's a really, really interesting chat with Ryan Duff, coming up after the news.
Not a crazy amount of news this week, but some cool stuff nonetheless...
September 22nd, 2016 --
Links to everything discussed in episode 428 of the Risky Business podcast.
PLUS: Cylance CEO Stuart McClure on the OPM hack...
September 15th, 2016 --
We have a great feature interview this week. Risky Business contributor Brian Donohue spoke with Cahill law firm partner Brad Bondi about the suit St Jude Medical has brought against MedSec and Muddy Waters over the short-sell of the medical device manufacturer's shares. That is an illuminating chat that certainly gave me an understanding of where this all could be heading, both in terms of the upcoming trial and how likely it is we'll see similar stuff in the future.
Lots of good stuff this week...
September 15th, 2016 --
Links to everything discussed in episode 427 of the Risky Business information security podcast.
Mark Piper joins Risky Business with the week's security news...
September 8th, 2016 --
In this week's feature interview we chat with Stephen Ridley about all things IoT. Stephen is a researcher turned entrepreneur and he'll be along to talk about the platform consolidation we're going to see when it comes to "things". Once that settles, he argues, we'll get a better idea of the security risks we should really, actually be worried about. In this week's sponsor interview we're chatting with Simon Galbally at Senetas.
All the news that's fit to read!
September 8th, 2016 --
Links to everything discussed in episode 426 of the Risky Business information security podcast.
It's a... different... path to disclosing bugs, that's for sure...
September 1st, 2016 --
On this week's show we've landed what looks to be a fairly exclusive interview -- at least as far as the tech press is concerned. Justine Bone will be joining us to explain why the company she works with, MedSec, decided to use vulnerability information on implantable medical devices to drive a short-selling scheme in partnership with Muddy Waters. This week's show is sponsored by Tenable Network Security. We're doing something a bit different in this week's sponsor interview -- we're chatting with one of Tenable's customers, City of San Diego CISO Gary Hayslip.
News from the show, plus other stuff we cut!
September 1st, 2016 --
Links to everything discussed in episode 425 of the Risky Business infosec podcast. I had to cut a fair bit this week so there's stuff in here that you won't hear on the show.
PLUS! News with Grugq...
August 25th, 2016 --
On this week's show we chat with Jessie Frazelle. Jessie is a former Docker maintainer who now works at Google on all things "containery". So we talk to her about what's up with containers, basically, and where the security pitfalls are. Like it or not, containers are likely going to be used in your environment, so getting to know them is a must. That's this week's feature.
Not just shadowbrokers news! ZOMG!
August 25th, 2016 --
Links to everything discussed in this week's edition of the Risky Business security podcast.
What a time to be alive...
August 18th, 2016 --
This week's feature interview is incredible. We're speaking with David Wang from Azimuth Security. He, his colleague Tarjei Mandt and Mat Solnik of OffCell Research delivered an absolutely blockbuster talk at Black Hat. I didn't see the talk at the time but I got a chance to review the slides and oh-my-god I can't believe this one got so little attention.
News, slide decks and more!
August 18th, 2016 --
Links to everything discussed in episode 423 of the Risky Business security podcast.
Revisiting last week's post...
August 15th, 2016 --
Last week I dashed off a very quick post about #CensusFail that went stupid viral. I think it was retweeted about 1200 times and it sort of became "the story" of what happened. As far as I know the information I posted is accurate, but I wanted to write this to add a bit more context and look at where it's shaky. I literally wrote that thing up in about 10 minutes while I was working on last week's show. I was doubly under the pump because The Project had a camera guy coming to my house that evening to record an interview about the whole debacle. I'd also just arrived back in Australia after spending six days in Las Vegas attending Black Hat, B-Sides and Defcon. Prior to that I was in Brazil. So yes, long story short, I was exhausted, jet lagged, slammed with work and I didn't really have much time to write a decent post. I certainly wasn't expecting what I did write to be spread so widely. So, now that I've had a minute to breathe, let's look back through the bullet points in original post to see where it's solid and where it isn't.
You can't make this stuff up.
August 11th, 2016 --
On this week's show we talk about the week's security news with Adam Boileau and I spill on what my sources have told me about #censusfail.
CensusFail. The mind boggles.
August 11th, 2016 --
Links to everything discussed in this week's episode of the Risky Business podcast.
High level sources say...
August 11th, 2016 --
I have been able to cobble together the following by talking to my sources. Sorry this post is so brief, but I'm still trying to get this week's show out and I'm massively under the pump. So here it is: Set your faces to stunned. IBM and the ABS were offered DDoS prevention services from their upstream provider, NextGen Networks, and said they didn't need it. Their plan was to just ask NextGen to geoblock all traffic outside of Australia in the event of an attack. This plan was activated when there was a small-scale attack against the census website.
PLUS: Rapid7's Wade Woolwine in the sponsor chair!
August 6th, 2016 --
On this week's show we speak with Signal Sciences' co-founder Zane Lackey about hackers building defensive tools and software companies. Dan Guido and Andy Greenberg talk about car hacking and the week's security news, and Wade Woolwine of Rapid7 is in the sponsor slot talking about EDR/IDR software. Links to everything are in this week's show notes.
All the news that's fit to read!
August 6th, 2016 --
Links to everything discussed in episode 421 of the Risky Business security podcast.
In Soviet Russia, shark jumps you!
July 29th, 2016 --
On this week's show we're taking a look at the DNC leaks, but don't worry, we won't be getting bogged down in the same old angles. Instead, we're going to chat to Lorenzo Franceschi-Bicchierai from VICE motherboard about his experience in interviewing the Guccifer 2 persona. Then we'll hear from Kevin Poulsen about what these latest developments mean for Wikileaks. It's a topic you're probably sick of hearing about this week, but stick with us, we've got some new angles, and they're relevant.
Don't worry, there's news that doesn't involve Trump, Putin, or DNC hax...
July 29th, 2016 --
Links to items discussed in episode 420 of the Risky Business information security podcast.