App maker accuses Xipiter of "doctoring" disastrous PoC...
March 26th, 2015 --
This week Risky Business takes you behind the scenes of a spat between the makers of the Whisper App and Stephen Ridley's company Xipiter. Ridley's crew say they found some 24-carat-facepalm security problems with the app, subsequently publishing a blog post and video detailing the bugs. You'd think whisper would patch the bugs and move on. But no, they decided to accuse Xipiter of making the whole thing up, even going so far as to accuse them of doctoring their proof of concept video! Stephen Ridley will join the show to discuss all of that.
Your weekly fix of fail...
March 26th, 2015 --
Links to items discussed in episode 359 of the Risky Business podcast.
What would YOU do to "fix it"?
March 19th, 2015 --
On this week's show we chat with Rapid7's HD Moore (feature) and Thinkst head honcho Haroon Meer (sponsor) about the big-picture changes that could see enterprise security actually change. They're both high-level interviews with two of the industry's sharpest. Adam Boileau, as usual, joins us to discuss the week's news headlines. You can find links to everything discussed in this week's show in the show notes. Don't forget to check out this week's Risky Business video!
Your Evolution order has been delayed...
March 19th, 2015 --
Links to items discussed in this week's podcast.
The fault, dear Brutus, is not in the stars but in ourselves...
March 17th, 2015 --
The infosec industry has failed to protect the Internet and networks attached to it. So why do people who work in it engage in victim-shaming?
March 12th, 2015 --
On this week's show we're having a chat with Mark Dowd about the so-called Rowhammer exploit. And yeah, if you haven't heard about this one you're in for a treat. It's among the most badass research I've ever seen. You know, you can skin a cat with a knife, or you can do what the Google Project Zero team did and skin it with 300 synchronised lasers.
Microsoft: No biscuit.
March 12th, 2015 --
Links to items discussed in episode 357 of the Risky Business podcast.
DJ S-Ludz words it up...
March 9th, 2015 --
Senator Scott Ludlam of the Greens party is the only Australian politician kicking up a stink about the government's metadata retention bill. And we're glad about that, it's a pretty defective bill, even if some recent amendments recommended by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) have made it much more palatable. Scott was passing through my town last week campaigning on behalf of the local Greens state election candidate for Ballina -- the NSW election is coming up at the end of March. So, we caught up and did this interview all about the latest with the bill and the politics behind it.
PLUS Security at scale, risks to bug bounties...
March 5th, 2015 --
This week's feature interview is with Alex Stamos, CISO of Yahoo. Alex did a fantastic AppSec keynote in early February that I wanted to ask him about, so we booked this interview a couple of weeks ago. Then, last week, Alex made the news. Big time. While on a panel with Admiral Mike Rogers, Alex challenged the NSA chief on the government's apparent desire to mandate the introduction of interception capabilities into products made by technology companies.
So much crypto in the news these days...
March 5th, 2015 --
Links to items discussed in episode 356 of the Risky Business podcast.
P1 Security (and Qualys) founder Philippe Langlois talks SIM key haxx...
February 26th, 2015 --
On this week's show we're speaking with Philippe Langlois. You may remember him as the founder of Qualys in the 90s, but these days he's the CEO and founder of P1 Security, a telecommunications security firm. He'll be joining us to discuss the NSA and GCHQ operation against SIM card manufacturer Gemalto.
Dramatic fails FTW!
February 26th, 2015 --
Links to everything discussed in episode 355 of the Risky Business podcast.
New compile-time tricks, split TLB tricks and MOAR...
February 20th, 2015 --
On this week's show we're chatting with Assured Information Security senior research engineer Jacob Torrey about some work he's due to present at SysCAN and Infiltrate. It's called HARES, and it's basically a pretty impressive party trick that makes reverse engineering malware payloads a lot harder. He's also been following some work around some compile-time tricks that make software builds unique. This can make your 0day a lot less useful because exploit has to be custom built for each target... think of it as a compile-time ASLR trick, but better.
News, a keynote video and more!
February 20th, 2015 --
Links to this week's news!
PLUS Microsoft's MS15-011 is coming to eat your soul...
February 12th, 2015 --
This week's feature interview is with Andy Greenberg, senior writer with WIRED. He's covered Silk Road from the get go, even scoring an in depth interview with DPR before he was caught and unmasked as Ross Ulbricht. He attended every day of Ulbricht's trial and says he was there every minute the jury was. He joined me via Skype earlier this week to talk about the trial of Ross Ulbricht, the future of underground markets and the disconnect between Ross Ulbricht's real life and online personas.
News, music, Risky Business on YouTube and MOAR...
February 12th, 2015 --
It's been a cracker news week.
All your datas R belong to anyone who asks nicely, really...
February 11th, 2015 --
Despite Australian Attorney General George Brandis's stellar explanation, some people are still a tad confused about what proposed law changes mean. Funny, that.
Don't let the door hit you on your way out, pal...
February 5th, 2015 --
In this week's feature we're chatting with Dave Aitel of Immunity Inc. We chat to him about the Sony hack being a demonstration of North Korean capability as opposed to genuine revenge... we also talk about security conferences in 2015 and chat to him about his rage-inspiring musings on so-called junk hacking from last year. In this week's sponsor interview we speak with HackLabs big cheese Chris Gatford about the so-called Ghost vulnerability.
Superbowl weekend makes for a light news week...
February 5th, 2015 --
It's a pretty light news week, but DPR is done like a dinner.
PLUS! Marcus Ranum and Beardy McSweatybeard...
January 30th, 2015 --
In this week's feature interview we're chatting with Wired journalist Kim Zetter about her fantastic book Stuxnet: Countdown to Zero Day. As it turns out, the assumption that US and Israeli intelligence agencies had "boots on ground" intelligence to design the malicious code could very well be bunkum!