Podcasts

On this week’s show we’re chatting with Alec Muffett about an absolutely awful bit of journalism run by The Guardian. Unless you’ve been hiding under a rock the last few days you would have seen a story circulating about a supposed government-friendly backdoor in the popular messaging app WhatsApp. Alec joins us this week to explain why that story is, put simply, bullshit.

This week’s show is brought to you by Senetas, makers of layer 2 encryption gear. Senetas co-founder and CTO Julian Fay is along for the sponsor interview and we’re talking to him about what the charge to the cloud means for things like network encryption. Julian listened to last week’s interview with Rich Mogull, and he has some thoughts he’d like to share.

Also this week, a new segment that I hope will become regular – story corner, with Jake Davis. Do stick around for that at the closing of this week’s show.

Adam Boileau, as usual, joins us for this week’s news segment.

Links to everything are in this week’s show notes.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

On this week’s show we’ll be speaking with industry analyst Rich Mogull about what he sees as tidal forces that are going to rip the information security industry as we know it apart – he has some compelling ideas on that, that’s this week’s feature.

We also check in with Mara Tam who spent today attending the Senate Select Committee on Intelligence in DC. It was a public hearing, but a few things shook out of it were pretty interesting.

This week’s show is brought to you by Canary.tools, makers of honeypot tech, or, if you’re a wanker, Deception Technology. I’m guessing I’ll capitulate eventually and start using that terminology, but not yet, dammit! Haroon joins us to look at how Geopolitics now looks like an IRC war from 1999! We also look at some industry trends, in particular, very smart people building very good tech.

Adam Boileau is back in the news hotseat to talk about all the stuff we missed over the last six weeks. From Trumpleaks (lol) to Wassenaar, hax and more.

Links to everything are in this week’s show notes.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

This is the last episode for the year – the last episode of the 10th season! On this week’s show Adam and I will discuss the week’s news and then we’re going to reflect on the major events in 2016; the stuff that stuck out for us. I don’t think it’ll come as a surprise that the cyber intrigue surrounding the 2016 US presidential election is what peaked our interest this year.

This week’s show is brought to you by Canary.Tools. Canaries are of course those awesome little honeypots you can deploy on your network for excellent signalling. They will tell you if you have an attacker on your network, they’re cost effective and really nicely designed.

Canary’s very own Marco Slaviero will be along a bit later to talk through a recent Tweetstorm that centred on honeypots, as well as to preview Canary’s next release. In a few weeks you will be able to buy a purpose-built ICS honeypot, as well as one that mimics a code repository, so if you work with ICS gear or for a dev shop, you’ll really want to tune in to that one.

**RISKY BUSINESS WILL BE BACK ON JANUARY 12, 2017**

Links to everything are in this week’s show notes.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

On this week’s show we’re chatting with Fitbit security director Sasha Biskup and his colleague Marc Bown about how to build secure embedded devices from insecure components. During the development phase of some Fitbit products, the Fitbit security team has discovered some hideous vulnerabilities that could have compromised security downstream. They’ve been able to mitigate these issues, but they worry other embedded device manufacturers aren’t even looking at the security implications of their suppliers’ mistakes.

This week’s show is brought to you by CyberArk! CyberArk’s Jeffrey Kok is this week’s sponsor guest. He joins the show to talk about what CyberArk knows best – privileged account management. It’s such a basic thing, but it’s hard to do right.

This week’s news segment was recorded at Kiwicon in Wellington, NZ, and features Assurance.com.au’s Neal Wise, plus Rob Fuller and David Jorm.

In this week’s show we’re going to have a chat with former NSA general counsel and cyberlaw podcast host Stewart A Baker. We’ll get his thoughts on what a Trump presidency could mean when it comes to cyber security.

This week’s show is sponsored by Senetas, and you know what? They’re branching out. Senetas has some new goodies that can replace all the crappy tools like dropbox that are in your organisation despite you not approving of them. The Senetas solution is actually good enough that it’s being used to handle classified data, because hey, Senetas does a lot of business with SafeNet, which is owned by Gemalto – so if the idea of a HSM-authenticated and locked down dropbox-style platform appeals, hang about for this week’s sponsor interview!

Adam Boileau is this week’s news guest. Links to everything are in this week’s show notes.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

On this week’s show we chat with Errata Security’s Robert Graham about a ridiculous non-story that had readers in the USA convinced that Slate magazine had uncovered a covert communication channel between Donald Trump and a state-linked Russian bank. The basis of this jaw-dropping conclusion? Cherry-picked DNS query logs. We’ll find out why that story was total, utter bullshit in this week’s feature.

In this week’s sponsor interview we’re chatting with the former CEO and CTOs of Flawcheck, a company that made vulnerability scanning tools for Docker containers. Flawcheck has been acquired by this week’s sponsor, Tenable Network Security, and it’s a really handy thing to use if your company makes use of Docker. You can actually register for a free trial of Flawcheck here. We’ll find out why you need specialist kit to do container scanning.

Adam Boileau is this week’s news guest. Links to everything are in this week’s show notes.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

On this week’s show we’re taking a look at the Great DDoSSening of 2016! Yep, we’ll be having a look at the attacks against Dyn, but perhaps more importantly we’ll be asking the question: With a zillion perma-owned things out there able to launch some pretty serious DDoS attacks: What now?

IoT device security specialist Stephen Ridley will join us in this week’s feature slot to discuss that.

This week’s sponsor interview is a cracker. We’ll be chatting with Cyalnce chief research officer Jon Miller about how the hell you’re supposed to benchmark AV these days. It’s actually trickier than you’d think, for reasons we’ll get into later. We also talk about managing false positives and hit on a few other topics in that one. Jon’s ex ISS X-Force, he’s been around the traps for a long time and really knows what he’s talking about. That’s a good interview… big thanks to Cylance for sponsoring this week’s show.

Adam Boileau is this week’s news guest. Links to everything are in this week’s show notes.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

On this week’s show we’re taking a look at the business dealings of John McAfee. Earlier today the NYSE announced the company that arranged to hire McAfee, MGT Capital, would be de-listed from the NYSE: MKT small cap exchange. This follows a class action investor lawsuit and the unearthing of a remuneration agreement between the company and McAfee that have lead some to suggest the whole company could be a pump and dump scam.

This comes hot on the heels of a release of a Showtime documentary that alleges McAfee’s involvement in two murders and the rape of a scientist working for him. We’ll hear from respected industry analyst Rich Mogull about MGT’s proposed product line while Georgetown Law’s Visiting Professor Russell Stevenson takes a look at MGT’s somewhat strange remuneration agreement with McAfee.

This week’s show is brought to you by Canary.Tools.. If you’re a regular listener you’ve heard me sing the praises of Canary in the past. It’s basically a little honeypot that you can configure to look like anything, you put it on your LAN somewhere and wait for an attacker to mess with it. It’s a great product that’s experiencing amazing growth. Canary.Tools head honcho Haroon Meer will be along in this week’s sponsor interview to talk about how little hacks can help defenders as well as attackers.

Adam is away on his company retreat this week so I’ve actually asked Haroon to fill in for him in the news segment, too. It’s your double dose of Haroon Meer!

Oh, and do add Patrick and Haroon on Twitter if that’s your thing.

On this week’s show we’re taking a look at what the hell the USA should do in response to Russia’s hacks against the DNC. A few days ago the Director of National Intelligence and DHS issued a joint statement that officially puts blame for the DNC hacks squarely on Russia. Since then the Internets have been in meltdown over what exactly should be done in response.

Cyber policy lady Mara Tam is this week’s feature guest. She’ll tell us what sort of reaction we can expect to see, as well as give us some context around why all this is happening in the first place. That’s this week’s feature interview.

This week’s show is brought to you by the fine folks at Bugcrowd. This week’s sponsor interview is with Bugcrowd founder and CEO Casey Ellis. Recently a company that makes static analysis software took a bit of a poke at bug bounties in its marketing. If anything it was kind of an acknowledgement that Bugcrowd and its competitors have had a pretty substantial impact on how testing actually gets done.

But are people actually thinking of services like managed bug bounties as a substitute for static analysis? And why is every single company that makes developer tools scrambling to become agile or devops ready when hardly anyone is actually doing it yet?

Adam Boileau is this week’s news guest.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

On this week’s show we are catching up with Mustafa Al-Bassam. He’s a lovely young chap from England who was once upon a time one of the LulzSec crew. Like all the other guys in that crew he got busted, but he didn’t spend any time in prison and these days he is doing really well. He has finished his undergrad, works with some blockchain technology and is about to start a PhD. He joins us this week to talk about his in depth analysis of the Shadowbrokers dump, as well as to reflect on his crimes. As you’ll hear, he has some regrets.

This week’s show is brought to you by Bromium! And last week you might have caught an announcement that Microsoft has moved virtualisation based security up into the app stack. The Edge browser is getting thrown into a micro VM in certain circumstances. Of course Microsoft worked with Bromium on all this stuff, so Bromium CTO, Simon Crosby will be along to talk about what Microsoft has actually done here. Bromium, of course, makes fully featured micro VM security software in addition to helping Microsoft improve windows, so that chat is interesting stuff and it’s coming up after this week’s feature.

Adam Boileau is this week’s news guest.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.