Risky Business

Risky Business #318 -- TrueCrypt passes audit, Weev off the hook and more

April 17, 2014 -- It's a four day week this week and a four day next week so I'm afraid I couldn't organise feature interviews for both, so this week you're getting an extra long news section and a sponsor interview!

Risky Business #317 -- Cryptocalypse news plus Dave DeWalt interview

April 11, 2014 -- This week's feature guest is the man with the Midas touch -- former McAfee president and current FireEye CEO Dave DeWalt. This is the guy who sold McAfee to Intel for $7.8 billion dollars, so I chat to him about a whole bunch of topics, from his thoughts on how Intel has handled that deal, through to Snowden, to the security business overall. It's a great chat with one of the most interesting executives in this whole industry.

Risky Business #316 -- Data breach suits could have legs

April 4, 2014 -- On this week's show we're taking a look at the Target/Trustwave suit. A couple of banks were suing Target and its alleged security auditor Trustwave over the massive credit card data breach last year. That suit has been withdrawn, possibly temporarily, and another has been filed on behalf of some other banks. We speak with former New York assistant DA and infosec law specialist Dave Stampley about these types of suits. Do they have legs?

This week we welcome a new sponsor -- Rapid7.

Risky Business #315 -- Nmap's Fyodor talks FD relaunch

March 28, 2014 -- This week's feature interview is with nmap creator Gordon Lyon, who's probably better known by his handle: Fyodor.

Last week we brought you the news that the Full Disclosure mailing list was shuttered following legal threats from someone describing themselves as a security researcher. Fyodor runs the seclists.org mailing list archive and he's decided to bring FD back from the dead. I got him on the line and asked him why.

Risky Business #314 -- FD closure foreshadows cyberpocalypse

March 21, 2014 -- On this week's show we're taking a look at some absolutely awesome research by Azimuth Security's Tarjei Mandt on the pseudo random number generators used by iOS 6 and 7. Tarjei has figured out a way to blow away iOS's memory mitigations with some very cool tricks.

Risky Business #313 -- Why you should know PowerShell

March 14, 2014 -- On this week's show we have a look at PowerShell, the Microsoft sorta scripting language admin thingy. As it turns out, PowerShell can be an attacker's best friend when it comes to lateral movement through a network. We'll chat with Kieran Jacobson about that in this week's feature interview. He did a cracker presentation at CrikeyCon where he demo'd owning a domain controller and dumping all its creds with something like five lines of PowerShell. I mean, there are caveats there, but wow... the demotime was food for thought.

Risky Business #312 -- RSA special edition

March 7, 2014 -- It's a solid week for BitCoin news. The (maybe) outing of the elusive Satoshi Nakamoto, the MtGox mystery, dead exchanges and even, unfortunately, a suicide of a former BitCoin exchange CEO in Singapore.

But there's been plenty of other news! Apple's gotofail bug, GnuTLS issues, more NTP amplification attacks, and of course YahooWebcamGate. You can find links to the news items discussed in this week's show here.

Risky Business #311 -- Does NameCoin have legs?

February 20, 2014 -- This week we chat with a local consultant, Mark Brand of Datacom TSS, about the general topic of authentication. We've seen some interesting cases of things going wrong with auth on consumer sources lately. The @n Twitter username hijacking, the Matt Honan disaster of 2012.

Now Google's run off and bought SlickLogin, a novel approach to mobile app auth. Will that get us anywhere? And what about NameCoin -- a BitCoin protocol-derived peer-to-peer authentication scheme? I'd never heard of it, but the concept is fascinating. Mark pops by to fill us in.

Risky Business #310 -- Export exploits? Wassenaar says no

February 14, 2014 -- On this week's show we're chatting with COSEINC's Thomas Lim about the Wassenaar Arrangement. It's basically a worldwide framework that restricts the sale of munitions and dual use technologies, and it has exploits in its sites.

COSEINC is a security research company that engages in exploit development, and Lim thinks extending regulations to exploit sales is pointless.

This week's show is brought to you by BugCrowd, a company that was founded in Australia but is now based in San Francisco thanks to VC investment.

Risky Business #309 -- All your clipboards R belong 2 OJ

February 7, 2014 -- We're back after a nice long rest, and boy oh boy did a lot of stuff happen during the break. Adam Boileau joins the show to discuss the choicest selection of news items to emerge over the last six weeks.

In this week's feature slot we chat to OJ Reeves about his work in upgrading Meterpreter, the Metasploit payload. There are some cool new features on the way, he'll clue us in on those.

This week's show is brought to you by Tenable Network Security.