Risky Business

Risky Business #359 -- Whisper? More like shout!

March 26, 2015 -- This week Risky Business takes you behind the scenes of a spat between the makers of the Whisper App and Stephen Ridley's company Xipiter.

Ridley's crew say they found some 24-carat-facepalm security problems with the app, subsequently publishing a blog post and video detailing the bugs. You'd think whisper would patch the bugs and move on. But no, they decided to accuse Xipiter of making the whole thing up, even going so far as to accuse them of doctoring their proof of concept video!

Stephen Ridley will join the show to discuss all of that.

Risky Business #358 -- HD Moore and Haroon Meer play "king for a day"

March 19, 2015 -- On this week's show we chat with Rapid7's HD Moore (feature) and Thinkst head honcho Haroon Meer (sponsor) about the big-picture changes that could see enterprise security actually change. They're both high-level interviews with two of the industry's sharpest.

Adam Boileau, as usual, joins us to discuss the week's news headlines. You can find links to everything discussed in this week's show in the show notes.

Don't forget to check out this week's Risky Business video!

Risky Business #357 -- Mark Dowd talks Rowhammer

March 12, 2015 -- On this week's show we're having a chat with Mark Dowd about the so-called Rowhammer exploit. And yeah, if you haven't heard about this one you're in for a treat. It's among the most badass research I've ever seen. You know, you can skin a cat with a knife, or you can do what the Google Project Zero team did and skin it with 300 synchronised lasers.

Risky Business Extra: Senator Scott Ludlam on mandatory metadata retention

March 9, 2015 -- Senator Scott Ludlam of the Greens party is the only Australian politician kicking up a stink about the government's metadata retention bill. And we're glad about that, it's a pretty defective bill, even if some recent amendments recommended by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) have made it much more palatable.

Scott was passing through my town last week campaigning on behalf of the local Greens state election candidate for Ballina -- the NSW election is coming up at the end of March. So, we caught up and did this interview all about the latest with the bill and the politics behind it.

Risky Business #356 -- Crypto Wars 2.0 with guest Alex Stamos

March 5, 2015 -- This week's feature interview is with Alex Stamos, CISO of Yahoo. Alex did a fantastic AppSec keynote in early February that I wanted to ask him about, so we booked this interview a couple of weeks ago.

Then, last week, Alex made the news. Big time.

While on a panel with Admiral Mike Rogers, Alex challenged the NSA chief on the government's apparent desire to mandate the introduction of interception capabilities into products made by technology companies.

Risky Business #355 -- Gemalto op exposes cellphone crypto flaws

February 26, 2015 -- On this week's show we're speaking with Philippe Langlois. You may remember him as the founder of Qualys in the 90s, but these days he's the CEO and founder of P1 Security, a telecommunications security firm. He'll be joining us to discuss the NSA and GCHQ operation against SIM card manufacturer Gemalto.

Risky Business #354 -- Breaking exploit automation

February 20, 2015 -- On this week's show we're chatting with Assured Information Security senior research engineer Jacob Torrey about some work he's due to present at SysCAN and Infiltrate. It's called HARES, and it's basically a pretty impressive party trick that makes reverse engineering malware payloads a lot harder.

He's also been following some work around some compile-time tricks that make software builds unique. This can make your 0day a lot less useful because exploit has to be custom built for each target... think of it as a compile-time ASLR trick, but better.

Risky Business #353 -- Andy Greenberg: Why I feel sorry for Ross Ulbricht

February 12, 2015 -- This week's feature interview is with Andy Greenberg, senior writer with WIRED. He's covered Silk Road from the get go, even scoring an in depth interview with DPR before he was caught and unmasked as Ross Ulbricht. He attended every day of Ulbricht's trial and says he was there every minute the jury was.

He joined me via Skype earlier this week to talk about the trial of Ross Ulbricht, the future of underground markets and the disconnect between Ross Ulbricht's real life and online personas.

Risky Business #352 -- Bye bye DPR, plus special guest Dave Aitel

February 5, 2015 -- In this week's feature we're chatting with Dave Aitel of Immunity Inc. We chat to him about the Sony hack being a demonstration of North Korean capability as opposed to genuine revenge... we also talk about security conferences in 2015 and chat to him about his rage-inspiring musings on so-called junk hacking from last year.

In this week's sponsor interview we speak with HackLabs big cheese Chris Gatford about the so-called Ghost vulnerability.

Risky Business #351 -- Kim Zetter talks Stuxnet: Countdown to Zero Day

January 30, 2015 -- In this week's feature interview we're chatting with Wired journalist Kim Zetter about her fantastic book Stuxnet: Countdown to Zero Day. As it turns out, the assumption that US and Israeli intelligence agencies had "boots on ground" intelligence to design the malicious code could very well be bunkum!