Risky Business

Risky Business #386 -- Katie Moussouris on the (groan) disclosure debate

October 9, 2015 -- On this week's show we're checking in with Katie Moussouris of HackerOne. She's an ex Microsoftie who's spent something like a decade working on vulnerability disclosure policies. She even helped get a vuln disclosure ISO standard ratified!

And she'll be joining us this week to discuss disclosure politics, I guess you'd call it... for those of us who've been around infosec for a while, most of us would rather stick our face in a blender than talk about it, but Katie will be along to point out why people should fight their "disclosure debate fatigue" and get involved.

Risky Business #385 -- Richard Bejtlich talks USA/China espionage agreement

October 2, 2015 -- ******LANGUAGE WARNING: The f-bomb features, unbleeped, once in this week's show. Just a note for those of you with the kids in the car.

On this week's show we're chatting with FireEye's chief security strategist Richard Bejtlich about this new agreement between China and the USA. The two countries have apparently agreed that they won't hack each other with the aim of stealing IP anymore. Questions to Richard include: Are they kidding? And: How did they announce this with a straight face?

Risky Business #384 -- Mark Dowd talks AirDrop pwnage, XCode iOS scandal

September 24, 2015 -- We've got a great show for you this week. Mark Dowd drops by to talk about the recent spate of Trojaned iOS apps that made it into Apple's China App Store. We also talk to him about his awesome AirDrop bug. How did it work?

This week's sponsor segment is actually a real cracker. Context IS consultant David Klein tells us how he owned an entire cloud platform by enumerating some shitty 90s-style bugs in some third party libraries they were using. It's comedy gold. This cloud platform that uses security at a selling point. It's bad.

Risky Business #383 -- Inside FireEye's research gag

September 17, 2015 -- On this week's show we take a look at what the hell it happening in Germany, where FireEye sought and obtained an ex parte injunction against a bunch of security researchers over a presentation they were about to do at 44Con. We speak with infosec lawyer Alex Urbelis -- he was at 44Con when all this came to light and he shares his insights.

Risky Business #382 -- Charlie Miller talks car hax, Uber

September 10, 2015 -- On this week's show we're checking in with Charlie Miller. We chat car hacking and we also (kind of) find out what he's up to now he's working at Uber.

This week's show is brought to you by HackLabs, an Australian security consultancy. They're a key sponsor of Australia's Cyber Security Challenge, which is basically a CTF for Australian CS students. What makes this one a bit different is it's being run by the Prime Minister's Office, which is, yeah, unexpected. Chris joins us later to discuss the challenge, that's this week's sponsor interview.

Risky Business #381 -- Samy Kamkar on his outlaw days

September 3, 2015 -- On this week's show we're chatting with hacker superstar and YouTube phenomenon Samy Kamkar. Samy is a security researcher of note -- his recent hardware hacks have been coming thick and fast. This week I spoke to him about his brush with the law following his unleashing of the Samy worm on MySpace a decade ago, some of his recent research and his plans for the future.

Risky Business #380 -- AshMad fallout: Attackers doxed, suicides and mayhem

August 27, 2015 -- On this week's show we look at the fallout from the Ashley Madison attack. Did Brian Krebs just dox the Impact Team ringleader? Is he Australian?

Adam Boileau and I talk about all the AshMad fallout and other infosec news.

Risky Business #379 -- Ashley Madison dump, Troy Hunt and The Grugq

August 20, 2015 -- In this week's podcast we check in with Troy Hunt from HaveIBeenPwned.com. Troy has done the responsible thing in adding the Ashley Madison dataset to his service -- you can only search for email addresses in the dump after you've verified that you control them. We'll talk to him about why he did that.

Risky Business #378 -- Mary Ann Davidson vs Krebs and Dowd

August 13, 2015 -- On this week's show we're chatting with Mark Dowd and Brian Krebs about Oracle CSO Mary Ann Davidson's somewhat odd blog post from earlier this week. In the post she laid into security researchers for violating Oracle's EULA when reverse engineering their products. The post got pulled, much drama, we sift through the ashes of that. Plus we chat to Brian about the daring $46.7m online heist against Ubiquiti Networks.

Risky Business #377 -- Wassenaar back to drawing board, latest from BlackHat

August 6, 2015 -- On this week's show we discuss the BIS decision to ditch its car-a-zay plans for Wassenaar regulation, the latest car hacking news and more.

We also check in with Trey Ford in this week's feature slot. Trey was the General Manager of the BlackHat conference, these days he works at Rapid7, and he joins us to talk about the vibe in Vegas at this year's conference.