Risky Business

Risky Business #334 -- Brian Snow reflects on 34 years at NSA, Snowden

August 14, 2014 -- On this week's show we're having an extended chat with 34-year NSA veteran Brian Snow. During his career he rose to director level -- he acted as technical director of three divisions within the agency -- before he retired in 2006.

Brian joins us to talk about the Snowden disclosures and how the NSA's culture changed post 9/11.

Risky Business #333 -- Yahoo CISO Alex Stamos joins the show

August 8, 2014 -- We've got an absolute cracker of a show for you this week. I've let it run longer than usual because we've just got some great news and interviews this week.

Our feature interview is with Alex Stamos, Yahoo's CISO. We hear from him on what his job looks like -- Yahoo has a billion users and its business and technology is incredibly diverse. So what has Alex been up to since he took the helm earlier this year? Tune in to find out!

Risky Business #332 -- Evading IDS with Multipath TCP

August 1, 2014 -- In this week's feature interview we're chat with Catherine Pearce of Neohapsis about some research she'll be presenting at BlackHat next week with her colleague Patrick Thomas. They're doing a talk all about Multipath TCP, and yes, it's exactly what it sounds like and yes, it's great for doing stuff like IDS evasion and confusing firewalls.

Risky Business #331 -- The Tails bug that wasn't, the Tor talk that isn't

July 25, 2014 -- Earlier this week Twitter was abuzz with talk of a serious bug in the Tails live OS, a bootable on-a-DVD or USB device OS used by pro-democracy activists. And by pro democracy activists I mean, you know, potheads buying a few ounces on Silk Road, but whatever...

Well according to the Twitters there was a Tails bug that was going to be a big deal... right? Riiight? Well, maybe not.

The Grugq joins the show to discuss that, and the pulling of a scheduled BlackHat talk on Tor.

Risky Business #330 -- Setting the infosec agenda

July 18, 2014 -- On this week's show we're chatting with infosec journalist turned PR strategist Elinor Mills. For eight years Elinor wrote about security for CNet News.com, before joining Bateman group as a content and media strategist in 2012.

We're chatting with Elinor about how the infosec media agenda is set. Do massive advertising, marketing and PR budgets give disproportionate media influence to companies that don't deserve it? Drum roll please... yup. Yes. Yes they do. But we'll chat to Elinor about that after the news.

Risky Business #329 -- BitCoins ARE money, Snowden seeks Russia stay

July 11, 2014 -- There is no feature interview in this week's show. If you tuned in last week you would have heard HD Moore and I talking about a project called Invisible.im. Well, we launched a FAQ and the Internet liked it... the Internet *really* liked it... so I've spent much of the week working on invisible.im. There's some really cool stuff happening there that I can't really talk about yet, but I can say the project has picked up a lot of interest.

There's some very cool stuff happening and I'll be able to talk more about it soon.

Risky Business #328 -- HD Moore talks massive scanning and invisible.im

July 4, 2014 -- This week's show is brought to you by Rapid7, big, big thanks to them.

This week's sponsor interview is with Rapid7's Chief Research Officer HD Moore. But you know what? One interview with HD just isn't enough, is it? So he's also joining us in the feature segment to discuss a project I'm putting together called Invisible.im.

Risky Business #327 -- PayPal grounded by Flight Mode

June 27, 2014 -- On this week's show we're chatting with Zach Lanier of Duo Security about some work he did on bypassing PayPal's two-factor authentication. In short, PayPal's implementation had an absolute clanger of a logic bug in it that these guys were able to find. The secret sauce to the attack? Flight mode! No joke.

Risky Business #326 -- Code Spaces, Nokia blackmailed in hacks

June 20, 2014 -- On this week's show we have a quick chat with The Register's Darren Pauli about XP still being bloody everywhere. You'd think organisations out there would realise how absolutely crackheaded it is to keep running XP since support ended, but nope... Even the police are happily chugging away on perennially vulnerable boxes. Great.

This week's show is brought to you by BugCrowd: outsourced bug bounty programs.

Risky Business #325 -- China's old stuff more popular than its new stuff

June 13, 2014 -- In this week's show we chat to The Grugq about the Chinese cyber espionage campaign unmasking that has no one talking. Unlike the unit 61398 report from Mandiant last February, CrowdStrike's unit 61486 report has really fallen flat.