Risky Business

Risky Business #433 -- Mirai ain't going anywhere

October 27, 2016 -- On this week's show we're taking a look at the Great DDoSSening of 2016! Yep, we'll be having a look at the attacks against Dyn, but perhaps more importantly we'll be asking the question: With a zillion perma-owned things out there able to launch some pretty serious DDoS attacks: What now?

IoT device security specialist Stephen Ridley will join us in this week's feature slot to discuss that.

This week's sponsor interview is a cracker. We'll be chatting with Cyalnce chief research officer Jon Miller about how the hell you're supposed to benchmark AV these days. It's actually trickier than you'd think, for reasons we'll get into later. We also talk about managing false positives and hit on a few other topics in that one. Jon's ex ISS X-Force, he's been around the traps for a long time and really knows what he's talking about. That's a good interview... big thanks to Cylance for sponsoring this week's show.

Risky Business #432 -- We need to talk about John

October 20, 2016 -- On this week's show we're taking a look at the business dealings of John McAfee. Earlier today the NYSE announced the company that arranged to hire McAfee, MGT Capital, would be de-listed from the NYSE: MKT small cap exchange. This follows a class action investor lawsuit and the unearthing of a remuneration agreement between the company and McAfee that have lead some to suggest the whole company could be a pump and dump scam.

Risky Business #431 -- What should the USA do about Russian hacks?

October 13, 2016 -- On this week's show we're taking a look at what the hell the USA should do in response to Russia's hacks against the DNC. A few days ago the Director of National Intelligence and DHS issued a joint statement that officially puts blame for the DNC hacks squarely on Russia. Since then the Internets have been in meltdown over what exactly should be done in response.

Risky Business #430 -- LulzSec's Tflow talks NSA exploits, justice and remorse

October 6, 2016 -- On this week's show we're catching up with Mustafa Al-Bassam. He's a lovely young chap from England who was one upon a time one of the LulzSec crew. Like all the other guys in that crew he got busted, but he didn't spend any time in prison and these days he's doing really well. He's finished his undergrad, works with some blockchain technology and is about to start a PhD. He joins us this week to talk about his in depth analysis of the Shadowbrokers dump, as well as to reflect on his crimes. As you'll hear, he has some regrets.

Risky Business #429 -- Krebs dumped, satellite hacking, election insecurity and more

September 29, 2016 -- This week we'll be having a chat to Paul Marsh about a recent report from UK think tank Chatham House that says there's a looming cyber security crisis about to wreak havoc on the satellite ecosystem. But as you'll hear, Paul thinks the concerns are somewhat overhyped.

Risky Business #428 -- Cross-platform Tor Browser pwnership with Ryan Duff

September 22, 2016 -- On this week's show we'll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That's a really, really interesting chat with Ryan Duff, coming up after the news.

Risky Business #427 -- Cahill law partner Brad Bondi on MedSec suit

September 15, 2016 -- We have a great feature interview this week. Risky Business contributor Brian Donohue spoke with Cahill law firm partner Brad Bondi about the suit St Jude Medical has brought against MedSec and Muddy Waters over the short-sell of the medical device manufacturer's shares. That is an illuminating chat that certainly gave me an understanding of where this all could be heading, both in terms of the upcoming trial and how likely it is we'll see similar stuff in the future.

Risky Business #426 -- House Oversight Committee drops OPM breach report PLUS St Jude sues MedSec

September 8, 2016 -- In this week's feature interview we chat with Stephen Ridley about all things IoT. Stephen is a researcher turned entrepreneur and he'll be along to talk about the platform consolidation we're going to see when it comes to "things". Once that settles, he argues, we'll get a better idea of the security risks we should really, actually be worried about.

In this week's sponsor interview we're chatting with Simon Galbally at Senetas.

Risky Business #425 -- MedSec CEO Justine Bone on the Muddy Waters short

September 1, 2016 -- On this week's show we've landed what looks to be a fairly exclusive interview -- at least as far as the tech press is concerned. Justine Bone will be joining us to explain why the company she works with, MedSec, decided to use vulnerability information on implantable medical devices to drive a short-selling scheme in partnership with Muddy Waters.

This week's show is sponsored by Tenable Network Security. We're doing something a bit different in this week's sponsor interview -- we're chatting with one of Tenable's customers, City of San Diego CISO Gary Hayslip.

Risky Business #424 -- Jess Frazelle on Docker. So hot right now.

August 25, 2016 -- On this week's show we chat with Jessie Frazelle. Jessie is a former Docker maintainer who now works at Google on all things "containery". So we talk to her about what's up with containers, basically, and where the security pitfalls are. Like it or not, containers are likely going to be used in your environment, so getting to know them is a must. That's this week's feature.