Risky Business #60 -- Mark Dowd talks NULL pointers, Simon Howard defends DEFCON's Race To Zero

Previously on Risky Business...
29 Apr 2008 » Risky Business

This week's Risky Business is an absolute cracker. Big thanks to sponsor RSA for paying our bills this week, and to Vigabyte for hosting our site.

We have two great guests on this week's show. Mark Dowd popped along to discuss his paper on NULL pointer dereferences. His research -- which included uncovering a very, very nasty bug in Flash -- has created quite a stir in the security community. In this interview Mark tells us there could be more exploitable NULL pointer bugs around the corner... and he also hints that he's about to make the Microsoft security team quite unhappy.

The second feature spot on this week's show is an exclusive interview with Simon Howard. Last Friday he announced a new competition at DEFCON -- The Race To Zero. Entrants have to modify virus code to sneak it past scanners. The whole thing's designed as a gigantic piss-take on AV. Not surprisingly, some AV companies have made Howard out as some sort of devil-worshipping cyber-terrorist. You know you're in trouble when the most informed commentary on your initiative is taking place on Slashdot, so Simon popped in to defend the competition.

On this week's security podcast:

  • Patrick Gray and ZDNet Australia editor Munir Kotadia discuss the week's news
  • Race To Zero organiser Simon Howard defends the competition
  • Security superstar, mega-genius and lovely bloke Mark Dowd takes time out from pwning everything on the planet to discuss his most recent research
  • RSA's Greg Singh stops by in this week's sponsor interview. The topic is DLP