Risky Business

Risky Business #355 -- Gemalto op exposes cellphone crypto flaws

February 26, 2015 -- On this week's show we're speaking with Philippe Langlois. You may remember him as the founder of Qualys in the 90s, but these days he's the CEO and founder of P1 Security, a telecommunications security firm. He'll be joining us to discuss the NSA and GCHQ operation against SIM card manufacturer Gemalto.

Risky Business #354 -- Breaking exploit automation

February 20, 2015 -- On this week's show we're chatting with Assured Information Security senior research engineer Jacob Torrey about some work he's due to present at SysCAN and Infiltrate. It's called HARES, and it's basically a pretty impressive party trick that makes reverse engineering malware payloads a lot harder.

He's also been following some work around some compile-time tricks that make software builds unique. This can make your 0day a lot less useful because exploit has to be custom built for each target... think of it as a compile-time ASLR trick, but better.

Risky Business #353 -- Andy Greenberg: Why I feel sorry for Ross Ulbricht

February 12, 2015 -- This week's feature interview is with Andy Greenberg, senior writer with WIRED. He's covered Silk Road from the get go, even scoring an in depth interview with DPR before he was caught and unmasked as Ross Ulbricht. He attended every day of Ulbricht's trial and says he was there every minute the jury was.

He joined me via Skype earlier this week to talk about the trial of Ross Ulbricht, the future of underground markets and the disconnect between Ross Ulbricht's real life and online personas.

Risky Business #352 -- Bye bye DPR, plus special guest Dave Aitel

February 5, 2015 -- In this week's feature we're chatting with Dave Aitel of Immunity Inc. We chat to him about the Sony hack being a demonstration of North Korean capability as opposed to genuine revenge... we also talk about security conferences in 2015 and chat to him about his rage-inspiring musings on so-called junk hacking from last year.

In this week's sponsor interview we speak with HackLabs big cheese Chris Gatford about the so-called Ghost vulnerability.

Risky Business #351 -- Kim Zetter talks Stuxnet: Countdown to Zero Day

January 30, 2015 -- In this week's feature interview we're chatting with Wired journalist Kim Zetter about her fantastic book Stuxnet: Countdown to Zero Day. As it turns out, the assumption that US and Israeli intelligence agencies had "boots on ground" intelligence to design the malicious code could very well be bunkum!

Risky Business #350 -- We're baaaaaack

January 22, 2015 -- Welcome back to Risky Business for another year. This is the ninth year of weekly Risky Business podcasts, we're stoked you're sticking around for more.

In this week's show Patrick Gray and Adam Boileau discuss the last month's crazy CyberNews(tm) and Palo Alto CTO and founder Nir Zuk stops by for the sponsor interview.

You can now support Risky Business by becoming a Patron.

Risky Business #349 -- 2014 in review

December 11, 2014 -- In this special edition we take a look back over the big news items of 2014.

Risky Business #348 -- Did DPRK pwn Sony? PLUS Dan Guido on DARPA's Cyber Grand Challenge

December 5, 2014 -- On this week's show Adam and I establish that it's actually quite possible the disaster unfolding at Sony Pictures is, in fact, a North Korean government plot. I know, I know, there are sceptics, but any way you slice or dice it, it actually looks plausible. Tune in to find out why.

Risky Business #347 -- So what does Detekt... detect?

November 28, 2014 -- There's lots of fun news in this week's show. Sony Pictures got absolutely flattened, Regin is all the rage and the SEA has been enjoying some success.

Risky Business #346 -- Haters gonna hate, Americans gonna 'muric

November 21, 2014 -- On this week's show we're chatting with Peter Fillmore about payment card security. He was able to clone a contactless card and use it to do his shopping here in Australia -- this is something you shouldn't be able to do. So the question becomes, how can the USA, which is taking tentative steps towards chip cards, avoid some of the mistakes made in more advanced markets like ours?

We also find out chip-enabled ATMs pass card data through the chip reader straight into a parser running on the main ATM OS... which, yeah... That's pretty bad.