Risky Business
Risky Business #271 -- All your funnycats R belong 2 APT1
March 1, 2013 --
On this week's show we're chatting with Mandiant's Managing Director of Threat Intelligence, Dan McWhorter, about that company's report into Chinese cyber espionage activity.
Mandiant dropped the report last week and it's caused quite a stir, even eliciting a response from the Whitehouse and Chinese officials.
That's an interesting conversation and it's after the news.
Mandiant dropped the report last week and it's caused quite a stir, even eliciting a response from the Whitehouse and Chinese officials.
That's an interesting conversation and it's after the news.
Risky Business #270 -- Red teaming your law firm for fun and profit
February 22, 2013 --
On this week's show we're taking a look at the issue of secondary targeting. These days it's borderline likely that attackers who want information on your company's upcoming mergers and acquisition activity won't even bother attacking you to get the intel. They'll go for your law firm instead... or your accountants... or another partner.
CERT Australia Executive Manager Dr. Carolyn Patterson joins the show to talk about that.
CERT Australia Executive Manager Dr. Carolyn Patterson joins the show to talk about that.
Risky Business #269 -- Dave Aitel on the end of clientsides
February 15, 2013 --
On this week's show we have a chat with industry stalwart Dave Aitel of Immunity Inc.
Dave joins us to chat about a few things -- like what it will be like when clientside memory corruption exploits become as rare as server side corruption exploits are now. How will that change the security discipline? We also have a chat about El Jefe and sneaky ways of handling command and control.
Dave joins us to chat about a few things -- like what it will be like when clientside memory corruption exploits become as rare as server side corruption exploits are now. How will that change the security discipline? We also have a chat about El Jefe and sneaky ways of handling command and control.
Risky Business #268 -- Outsource your bug bounty program?
February 8, 2013 --
This week's feature interview is with Casey Ellis of BugCrowd.com -- a new business that runs outsourced bug bounty programs. It's a great idea and it's one that I personally think will really take off over the next couple of years.
This week's show is brought to you by our good friends at Adobe.
This week's show is brought to you by our good friends at Adobe.
Risky Business #267 -- 2012 in review
December 13, 2012 --
This week's show takes a look back at some of the big issues and stories of 2012: The arrest of the Lulzsec crew, the release of Stratfor's email by Wikileaks and the Australian government ban on Huawei participating in the NBN rollout.
With bonus lulz.
This is the final episode of Risky Business for 2012. We'll be back in February 2013!
With bonus lulz.
This is the final episode of Risky Business for 2012. We'll be back in February 2013!
Risky Business #266 -- ToR, BitCoin, crooks and quantum key distribution
December 7, 2012 --
On this week's show we're talking ToR and BitCoin with Alice Hutchings, a Senior Researcher and Analyst with the Australian Institute of Criminology's Global, Economic and Electronic Crime Program.
ToR helps dissidents in foreign countries access information their governments deem unsavoury -- but it also provides a layer of protection to the consumers of child porn. Combine it with technology like BitCoin and bang, you've got Silk Road. Given the illicit uses of such technology, is volunteering to run a ToR server moral?
ToR helps dissidents in foreign countries access information their governments deem unsavoury -- but it also provides a layer of protection to the consumers of child porn. Combine it with technology like BitCoin and bang, you've got Silk Road. Given the illicit uses of such technology, is volunteering to run a ToR server moral?
Risky Business #265 -- Reliably detecting 0day with crash dumps
November 30, 2012 --
On this week's show were chatting with Rex Warren of Leviathan Security in the United States.
Leviathan has been working with DARPA on an interesting new system that can reliably detect failed 0day exploitation attempts against hosts. Basically these guys are just grabbing Dr. Watson crash dumps at the gateway, but where it gets interesting is when we look at what they do with those crash dumps. Emulation FTW.
Leviathan has been working with DARPA on an interesting new system that can reliably detect failed 0day exploitation attempts against hosts. Basically these guys are just grabbing Dr. Watson crash dumps at the gateway, but where it gets interesting is when we look at what they do with those crash dumps. Emulation FTW.
Risky Business #264 -- Three Guys With Ponytails Talk About Security
November 23, 2012 --
On this week's show I'll being playing an excerpt from a panel discussion that took place at Kiwicon -- the session was called Three Guys with Ponytails Talk Security. The three guys are PGP Corporation co-founder Jon Callas, nCipher co-founder Nicko van Someren and the University of Auckland's Peter Gutmann.
Risky Business #263 -- Data retention and the national security review
November 15, 2012 --
In this week's feature interview we're chatting with the Assistant Commissioner of the Australian Federal Police, Neil Gaughan.
He's the national manager of High Tech Crime Operations and he's joining us to discuss the ongoing national security review. As a part of that review the government is introducing laws that will force ISPs and other Carriage Service Providers (CSPs) to store information on Australian citizens for two years. It sounds scary, but as you'll hear the data covered by the proposed new law is actually pretty mundane stuff like DHCP and SIP logs.
He's the national manager of High Tech Crime Operations and he's joining us to discuss the ongoing national security review. As a part of that review the government is introducing laws that will force ISPs and other Carriage Service Providers (CSPs) to store information on Australian citizens for two years. It sounds scary, but as you'll hear the data covered by the proposed new law is actually pretty mundane stuff like DHCP and SIP logs.
Risky Business #262 -- Side channel VM crypto attacks are badass
November 8, 2012 --
On this week's show we're chatting with renowned megabrain Peter Gutmann about a paper on side channel attacks against crypto keys in virtualised environments. It's really complicated stuff, but very, very interesting.
Peter didn't do this research or write the paper, but I always like getting his take on this stuff because... well... he's really smart and he doesn't overhype stuff. That's after the news.
This week's show is brought to you by a new sponsor! NCC Group! Yay!
Peter didn't do this research or write the paper, but I always like getting his take on this stuff because... well... he's really smart and he doesn't overhype stuff. That's after the news.
This week's show is brought to you by a new sponsor! NCC Group! Yay!
Recent comments
10 weeks 5 days ago
12 weeks 16 hours ago
14 weeks 4 days ago
21 weeks 7 hours ago
21 weeks 2 days ago
22 weeks 20 hours ago
24 weeks 6 days ago
27 weeks 4 days ago
29 weeks 5 days ago
29 weeks 5 days ago