Risky Business #126 -- Doing it right and getting owned anyway

Sometimes industry standard controls are not enough...
08 Oct 2009 » Risky Business

This week's show is a bit of a special edition, prepared at the GovCERT.nl Symposium at the World Trade Centre in Rotterdam, Netherlands.

This isn't a regular edition of the show, so sadly we will not be joined by our regular news guest Adam Boileau for our weekly news segment. Instead, we'll be having a chat with Neohapsis CTO Greg Shipley, who's also here to give his own talk at GovCERT.nl.

Greg's firm actually did some of the forensics work on one of the organisations allegedly attacked by Alberto Gonzalez, the Internet super-villain. If you've been in a cave for the last few months, Gonzalez is the guy who's suspected of stealing up to 135 million credit card numbers over several years... and he's now in prison as a result.

Greg's and I discussed how these sorts of breaches could actually happen in organisations that actually pay attention to their security.

In this week's sponsor interview, Check Point's Engineering Services Manager Steve MacDonald will be along to have a talk about a recent report -- one that we mentioned on last week's show -- that claimed up to nine percent of corporate machines are actually infected with custom-designed malware.

Working for Check Point, Steve has a lot of exposure to large corporate clients, and depressingly, says the report is entirely plausible.