Risky Business

Risky Business #391 -- Dell fails hard

November 26, 2015 -- On this week's show we're chatting with Darren Kemp of Duo Security. He's one of the authors of a post about the latest example of computer manufacturer shitware introducing catastrophic vulnerabilities into shipped systems. This time it's Dell's turn.

If you haven't heard what they actually did you'll hardly even believe it. That's this week's feature interview.

Risky Business #390 -- Crypto derpery abounds in wake of Paris attacks

November 20, 2015 -- In this week's feature interview we're checking in with FireEye's Jonathan Wrolstad. He's a threat intelligence guy at FireEye and they've just published a really interesting report about what a threat group is doing in terms of target recon. They're using marketing company tricks to recon all sorts of high value targets. It's very interesting stuff, and it's likely tied to the Russian state.

Risky Business #389 -- US law: CFAA isn't a bug, it's a feature!

November 12, 2015 -- On this week's show we're chatting with computer crime lawyer extraordinaire Tor Ekeland! He's worked on a number of high profile CFAA cases. Most recently he's been defending former Reuters and LA Times journalist Matthew Keys on some pretty hefty CFAA charges. He's also the guy who got Andrew Aurenheimer out of jail so he could go and live a free life as a Nazi troll. (Is that really a win?) He also defended Lauri Love... basically if you're a hacker who's fallen foul of the CFAA, this is the guy you want on your team.

Risky Business #388 -- Cyber shrinkery, IoT shenanigans and guest Troy Hunt

November 5, 2015 -- This week's feature interview is with Troy Hunt of HaveIBeenPwned.com. And he's noticing something pretty weird. It's common for people to deface websites for bragging rights, and yeah, it's not new that data dumps are the new bragging fodder. But it seems like these days attackers are seeing Troy's site as the definitive place to get cred. Now they'll steal a bunch of data and Troy is their first stop.

Life is strange on the internets. That's this week's feature interview.

Risky Business #387 -- Hack people to death!

October 29, 2015 -- In this week's feature interview we're chatting with Chris Rock from Kustodian. Chris did a great presentation at Ruxcon last week about how easy it is to hack people to death!

He's found out just how easy it is to register births and deaths in the united states and Australia via online systems. He says it's a problem that could result in a virtual baby harvest for fraudsters who plan ahead. It's really fun stuff, that's this week's feature.

Risky Business #386 -- Katie Moussouris on the (groan) disclosure debate

October 9, 2015 -- On this week's show we're checking in with Katie Moussouris of HackerOne. She's an ex Microsoftie who's spent something like a decade working on vulnerability disclosure policies. She even helped get a vuln disclosure ISO standard ratified!

And she'll be joining us this week to discuss disclosure politics, I guess you'd call it... for those of us who've been around infosec for a while, most of us would rather stick our face in a blender than talk about it, but Katie will be along to point out why people should fight their "disclosure debate fatigue" and get involved.

Risky Business #385 -- Richard Bejtlich talks USA/China espionage agreement

October 2, 2015 -- ******LANGUAGE WARNING: The f-bomb features, unbleeped, once in this week's show. Just a note for those of you with the kids in the car.

On this week's show we're chatting with FireEye's chief security strategist Richard Bejtlich about this new agreement between China and the USA. The two countries have apparently agreed that they won't hack each other with the aim of stealing IP anymore. Questions to Richard include: Are they kidding? And: How did they announce this with a straight face?

Risky Business #384 -- Mark Dowd talks AirDrop pwnage, XCode iOS scandal

September 24, 2015 -- We've got a great show for you this week. Mark Dowd drops by to talk about the recent spate of Trojaned iOS apps that made it into Apple's China App Store. We also talk to him about his awesome AirDrop bug. How did it work?

This week's sponsor segment is actually a real cracker. Context IS consultant David Klein tells us how he owned an entire cloud platform by enumerating some shitty 90s-style bugs in some third party libraries they were using. It's comedy gold. This cloud platform that uses security at a selling point. It's bad.

Risky Business #383 -- Inside FireEye's research gag

September 17, 2015 -- On this week's show we take a look at what the hell it happening in Germany, where FireEye sought and obtained an ex parte injunction against a bunch of security researchers over a presentation they were about to do at 44Con. We speak with infosec lawyer Alex Urbelis -- he was at 44Con when all this came to light and he shares his insights.

Risky Business #382 -- Charlie Miller talks car hax, Uber

September 10, 2015 -- On this week's show we're checking in with Charlie Miller. We chat car hacking and we also (kind of) find out what he's up to now he's working at Uber.

This week's show is brought to you by HackLabs, an Australian security consultancy. They're a key sponsor of Australia's Cyber Security Challenge, which is basically a CTF for Australian CS students. What makes this one a bit different is it's being run by the Prime Minister's Office, which is, yeah, unexpected. Chris joins us later to discuss the challenge, that's this week's sponsor interview.