PLUS: Did you know bug bounties are considered adequate testing in PCI audits?
October 30th, 2014 --
HD Moore is filling in for Adam Boileau in the news seat this week. In the news segment we chat about Facebook's OSquery tool, chip and pin relay attacks, Russian and Chinese haxx and more. You can find links to all the items discussed in this week's show notes.
All the news that's fit to read...
October 30th, 2014 --
Links to items discussed in episode 343 of the Risky Business podcast.
Two feature interviews in this week's show!
October 24th, 2014 --
Despite some technical challenges we have a great show for you all this week. We'll be chatting with Mike Ryan of iSec Partners and his pal, independent hardware hacker Joe Fitzpatrick, all about the NSA Playset! It's a hobbyist project that aims to recreate all the awesome tools in the leaked NSA ANT catalogue. Such fun! We'll also be hearing a tale of cloud woe from the trenches of enterprise IT. A friend of the show had his entire global email infrastructure pulled offline by Symantec with what he says was inadequate warning. And he might just have a point there. Have a listen to the interview and make your own mind up.
Palo Alto... Oh the mirth... the MIRTH...
October 24th, 2014 --
Links to items discussed in this week's edition of the Risky Business podcast.
Oh, and the other stuff no one is talking about that could get absolutely everything owned...
October 16th, 2014 --
In this week's show we're chatting with Matt Solnik of Accuvant Labs about his stellar presentation at Breakpoint last week. In this interview he describes how he can leverage crappy carrier management client software into full remote compromise attacks against most smartphones, including fully patched iOS8 and Android. It's savage stuff and if you work in telcoland you'd be nuts to miss it.
Click through to see ThreatPost's awesome infosec clipart...
October 16th, 2014 --
Show notes for episode 341 of the Risky Business podcast.
The Breakpoint edition...
October 9th, 2014 --
This week's show was recorded on site at the Ruxcon Breakpoint conference in Melbourne. There have been a handful of absolute jaw-droppers among the presentations here, including a demo showcasing remote code exec against *most* mobile devices, including fully patched iOS8.
All the news that's fit to sigh over...
October 9th, 2014 --
Links to items discussed in episode 340 of the Risky Business podcast.
PLUS news with Adam, and Rahul Kashyap on malvertising...
October 3rd, 2014 --
On this week's show we're chatting with Neel Mehta, a security researcher with Google. Neel is best known for finding the Heartbleed bug, and he joins us this week to talk about Heartbleed, ShellShock, the security of SSL stacks and where he expects vuln research to go in the future. Funnily enough this is Neel's first interview about Heartbleed, so I guess we can call this a scoop!
Heartsweat? Shellsurprise?
October 3rd, 2014 --
Links to items discussed in episode 339 of the Risky Business podcast.
All your things are belong to everyone...
September 26th, 2014 --
In addition to covering the end of the world, this week's Risky Business features Don Bailey of Lab Mouse Security on his excellent IoT blog post, written largely in response to a Daily Dave post by Dave Aitel on so-called "junk hacking".
Repent! Repent! Bashtacular ownage!! Repent!
September 26th, 2014 --
Links to items discussed in episode 338 of the Risky Business podcast.
All your chats R belong to no one...
September 19th, 2014 --
In this week's show we chat with The Grugq about the latest invisible.im announcement and we'll also meet the creator of the Ricochet anonymous messenger software, John Brooks.
Arrrrrr...
September 19th, 2014 --
Links to items discussed in episode 337 of the Risky Business podcast.
Hack the planeeeeeeet!!
September 18th, 2014 --
With Wired.com running a great piece about invisible.im's latest announcement, I thought it would be a good idea to throw together a post that talks a bit about the motivations behind the project and what its roadmap actually looks like.
Haroon Meer sorts the wheat from the chaff...
September 12th, 2014 --
On this week's show we've got a great interview with Haroon Meer of Thinkst. Thinkst has a paid service that analysis the output of security conferences and puts together reports. Now, some of you might wonder why such a service would be needed, so let's put things in perspective: there were 2,700 conference presentations in the second quarter of this year at 116 events over 140 conference days. Yikes!
Grab all your links here...
September 12th, 2014 --
Links to items discussed in episode 336 of the Risky Business podcast.
Democracy in NZ takes a strange turn to the cybarz...
September 5th, 2014 --
I'm back from a two week holiday in beautiful Indonesia, so we'll be spending most of this show catching up on what I missed while I was away! So there's plenty of news to talk about with Adam Boileau, and also a chat about some very interesting politicking going on in New Zealand.
You won't find celebrity n00ds here...
September 5th, 2014 --
Links to items discussed in episode 335 of the Risky Business podcast...
A fascinating chat with a 34-year veteran of NSA...
August 14th, 2014 --
On this week's show we're having an extended chat with 34-year NSA veteran Brian Snow. During his career he rose to director level -- he acted as technical director of three divisions within the agency -- before he retired in 2006. Brian joins us to talk about the Snowden disclosures and how the NSA's culture changed post 9/11.