Podcasts

News, analysis and commentary

Other Category

May 23, 2013

SPONSOR INTERVIEW: Are bug bounties more effective than pentesting?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this sponsor interview with chat with Casey Ellis, the founder of BugCrowd.

When Casey co-founded the business the idea was simple -- the company would host outsourced bug bounty programs for clients that didn't have the expertise to run their own. As some of you may know, the idea really took off, but what no one expected was for BugCrowd's registered testers to do a better job than many penetration testing teams.

It's cheaper than a pentest, and in the case of Web application or mobile application security testing, these bug bounty programs are turning up more actionable issues than penetration testing teams.

Could these types of programs be disruptive to the penetration testing services industry? Casey joined me to discuss.

SPONSOR INTERVIEW: Are bug bounties more effective than pentesting?
0:00 / 0:00

Risky Business Podcast

May 17, 2013

Risky Business #281 -- Eyes on DPRK

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is with Dave Jorm, a Brisbane-based security geek and environmental science aficionado who's done some really interesting OSINT analysis of agricultural efficiency in North Korea with publicly available satellite data.

He's presenting his findings at AusCERT's annual conference on the Gold Coast next week; he joins the podcast to talk about his work and the online community of North Korea watchers.

Ok, so it's not exactly about infosec, but it's really interesting stuff and I hope you all enjoy it!

This week's show is brought to you by the fine folks at HackLabs, the Australian pentesting firm. If you need your pens tested, get in touch with the team at HackLabs.com.

This week's sponsor interview is with HackLabs head honcho Chris Gatford. We chat to him about a tale of two banks -- one big Middle Eastern bank and one small Australian bank. They're two organisations with very different approaches to security and very different security postures, but both eventually failed penetration tests by making the same simple mistakes.

Show notes

LulzSec Hackers Sentenced to Prison by London Court | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/lulzsec-sony-hackers-sentenced/

Hacker Aush0k fronts Sydney court - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/343301,hacker-aush0k-fronts-sydney-cou...

$45M Bank Hack Suspect Was Shot Dead While Playing Dominoes | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/bank-cashing-suspect-killed/

Judge Allows Evidence Gathered From FBI's Spoofed Cell Tower | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/rigmaiden-cell-tower-evidence/

Saudi Telecom Sought U.S. Researcher's Help in Spying on Mobile Users | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/saudi-telecom-sought-spy-help/

Bloomberg Leaks Private Messages from Data-Mining Project | Threatpost
http://threatpost.com/bloomberg-posts-10000-private-messages-over-the-in...

Obama Administration Secretly Obtains Phone Records of AP Journalists | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/doj-got-reporter-phone-records/

Lawmakers Introduce Bill Requiring Court Order to Seize Phone Records | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/court-order-for-phone-records/

FBI's Latest Proposal for a Wiretap-Ready Internet Should Be Trashed | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/05/the-fbis-plan-for-a-wiretap-ready-i...

Biometric Database of All Adult Americans Hidden in Immigration Reform | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/immigration-reform-dossiers/

Syrian Internet Connection Cut Off Again | Threatpost
http://threatpost.com/syria-severed-from-internet-again/

Trade Sanctions Cited in Hundreds of Syrian Domain Seizures - Krebs on Security
http://krebsonsecurity.com/2013/05/trade-sanctions-cited-in-hundreds-of-...

DDoS Services Advertise Openly, Take PayPal - Krebs on Security
http://krebsonsecurity.com/2013/05/ddos-services-advertise-openly-take-p...

Honeynet Project Researchers Build ICS Honeypot | Threatpost
http://threatpost.com/honeynet-project-researchers-build-publicly-availa...

Attackers Target Older Java Bugs | Threatpost
http://threatpost.com/attackers-target-older-java-bugs/

Malicious Firefox, Chrome Extensions Target Facebook Users | Threatpost
http://threatpost.com/malicious-browser-extensions-target-facebook-profi...

Spyware Campaign Originating in India Targeting Pakistanis | Threatpost
http://threatpost.com/new-india-based-spy-malware-campaign-targeting-pak...

Firefox 21 Update Patches 8 Vulnerabilities, 3 Critical | Threatpost
http://threatpost.com/firefox-21-fixes-three-critical-flaws-introduces-n...

Microsoft Patches IE Zero Day Used In Watering Hole Attack | Threatpost
http://threatpost.com/microsoft-patches-department-of-labor-pwn2own-ie-v...

Adobe Patches ColdFusion Flaws Exploited in Wild | Threatpost
http://threatpost.com/adobe-patches-coldfusion-flash-reader-vulnerabilit...

How a Career Con Man Led a Federal Sting That Cost Google $500 Million | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/google-pharma-whitaker-sting/all/

Zuluboy - Mbombela (A Twist of Bayethe) - YouTube
http://www.youtube.com/watch?v=KFS4cSmzjYY

,

With that sentencing, they will know be very vigilant of what they are all about. I guess they are all ears on that one. - Mission Maids

,

Hi Patrick!!

Thanks for your show. I am an avid listener, still a computer security student. :)

So, thanks again.

Risky Business #281 -- Eyes on DPRK
0:00 / 0:00

Risky Business Podcast

May 09, 2013

Risky Business #280 -- South Africa edition

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show was being produced on the road so it's a bit of a different format -- I did a longer than usual news panel session from the conference floor!

Our news discussion panel consists of:

The Grugq
Dominic White, SensePost
Charl van der Walt, SensePost
Andrew MacPherson, Paterva (Maltego)

After that we've got this week's sponsor interview with Peleus Uhley of Adobe.

Adobe is this week's sponsor, big thanks to them, and Peleus joins the show to talk about throwing a spanner in the works of mass malware customisation. We look at some of the approaches large vendors are using these days to disrupt the development lifecycle of the bad guys. It's interesting stuff and it's after the news.

Show notes

You can find episode 280 here.

LivingSocial Ups its Password Encryption After Breach | Threatpost
http://threatpost.com/livingsocial-ups-its-password-encryption-following...

Hacker Jailbreaks Google Glass for Root Access Unlock | Threatpost
http://threatpost.com/google-glass-cracked/

Dutchman Arrested in Spamhaus DDoS - Krebs on Security
http://krebsonsecurity.com/2013/04/dutchman-arrested-in-spamhaus-ddos/

Alleged SpyEye Seller 'Bx1\u2032 Extradited to U.S. - Krebs on Security
http://krebsonsecurity.com/2013/05/alleged-spyeye-seller-bx1-extradited-...

Two-Factor Authentication Won't Stop Twitter Compromises | Threatpost
http://threatpost.com/two-factor-authentication-no-cure-all-for-twitter-...

More Malware Showing Up as Fake SourceForge Web Sites | Threatpost
http://threatpost.com/more-malware-showing-up-on-fake-sourceforge-web-si...

Ramnit Man-in-the-Browser Attack Targets UK Banks | Threatpost
http://threatpost.com/ramnit-variant-targets-uk-banks-with-otp-attack/

Google Play Android Apps Must Update in Google Store | Threatpost
http://threatpost.com/google-mandates-app-updates-come-from-google-play/

Obama Expands Surveillance to Critical Infrastructure | Threatpost
http://threatpost.com/executive-order-expands-warrantless-network-monito...

CISPA Is Dead. Now Let's Do a Cybersecurity Bill Right | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/04/cispas-dead-now-lets-resurrect-it/

Law Requiring Warrants for E-Mail Wins Senate Committee Approval | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/04/email-warrants-bill/

Man Convicted of Hacking Despite Not Hacking | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/04/man-convicted-of-hacking-despit...

Oracle Delays Java 8 Features for Security Overhaul | Threatpost
http://threatpost.com/does-java-8-delay-mean-oracle-finally-serious-abou...

Security Explorations Finds Seven New Flaws in IBM SDK | Threatpost
http://threatpost.com/java-bugs-new-and-old-affecting-ibm-sdk/

IE 8 Zero Day Widens Scope of DoL Watering Hole Attack | Threatpost
http://threatpost.com/ie-8-zero-day-found-as-dol-watering-hole-attack-sp...

Pentagon Approves Samsung KNOX Android Platform for DoD | Threatpost
http://threatpost.com/samsungs-secure-version-of-android-gets-dod-blessing/

Australian police arrest alleged leader of LulzSec hacking group | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57581074-83/australian-police-arrest-al...

Researchers Hack Building Control System at Google Australia Office | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/googles-control-system-hacked/

Hacker Breached U.S. Army Database Containing Sensitive Information on Dams | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/05/hacker-breached-dam-database/

Bank Sues Cyberheist Victim to Recover Funds - Krebs on Security
http://krebsonsecurity.com/2013/04/bank-sues-cyberheist-victim-to-recove...

Senators propose law to go after foreign cybercriminals | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57583379-83/senators-propose-law-to-go-...

Brad Arkin Named Adobe CSO | Threatpost
http://threatpost.com/brad-arkin-named-adobe-seo/

Freddie Hubbard - Red Clay (Complete) - YouTube
http://www.youtube.com/watch?v=wA1ZelIbUfI

,

I can't figure out how cats and dogs live together. This is cool. - Kris Krohn Strongbrook

Risky Business #280 -- South Africa edition
0:00 / 0:00

Risky Business Podcast

April 25, 2013

Risky Business #279 -- Retarded Persistent Threat

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's edition of the show is pre-recorded because I'm off surfing in Jeffreys Bay, South Africa. There will be no show next week, but the week after that I'll be bringing you an episode from the ITWeb Security Summit in Johannesburg where I'm speaking.

In this week's show we've got a great interview with Wade Baker, the managing principal of Verizon's RISK team, and the topic, of course, is this year's Verizon Data Breach Investigations Report.

We've also got a sponsor interview with Marcus Ranum of Tenable Network Security. Tenable is this week's sponsor, so you can thank them for making this week's show possible. Do check out Tenable.com for all your vulnerability scanning and SIEM needs!

We chat with Marcus about what he calls economic spoiler attacks -- these are the disruptive, state-sponsored attacks we've seen against Saudi Aramco and South Korea.

If you'd like to download this week's track, you can grab it for free from the TripleJ Unearthed website here.

Risky Business #279 -- Retarded Persistent Threat
0:00 / 0:00

Risky Business Podcast

April 19, 2013

Risky Business #278 -- Pentest revenue figures puzzling

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is jam packed. We'll be hearing from our favourite firmware hacker, sneaky Snare, all about the leak of AMI's UEFI implementation source code and firmware signing key. What will it mean for firmware research?

We'll also be chatting with Nick Ellsmore. Nick founded a company here in Australia called SIFT, which eventually merged with Stratsec, which was then bought by BAE. These days, apart from being ridiculously wealthy, Nick has put together Delling Advisory, a consultancy focussing on mergers and acquisitions in information security.

And he's been writing some very interesting blog posts about the Australian information security market. He might be focussing on things downunder, but I'm pretty sure what we're talking about today applies everywhere -- penetration testing revenue estimates just don't add up. Nick believes a lot of mandated pentesting work in Australia is actually being done by IT systems integrators that don't actually have appropriate skills, or isn't being done at all.

This week's show is brought to you by Senetas, an absolutely awesome company that makes layer two crypto gear. You should go to Senetas.com and buy all their things. In this week's sponsor interview we're chatting with Senetas CTO Julian Fay about a proposed extension to BitCoin called Zerocoin. The extension is designed to make Bitcoin anonymous.

As always, Adam Boileau joins us for the week's news headlines. Show notes are here.

Risky Business #278 -- Pentest revenue figures puzzling
0:00 / 0:00

Risky Business Podcast

April 11, 2013

Risky Business #277 -- Vuln research trends with Mark Dowd

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is with Mark Dowd of Azimuth Security. Mark joins the show to fill us in on the latest trends in vulnerability research and exploit development. We recap CanSecWest's Pwn2Own competition and look at what 2013 has in store research-wise.

Risky.Biz is pleased to welcome a new sponsor to the lineup -- Solera Networks, makers of fine, big data security software.

These guys make packet capture-based security kit that I'm told is pretty impressive. And we've got an interesting chat in this week's sponsor interview with Solera's chief technology officer Joe Levy. We chat to him about some of the basics of big data security, as well as looking at how point solution providers are increasingly integrating their kit with established SIEM gear and log management consoles.

Insomnia Security's Adam Boileau joins us for a discussion of the week's news.

Show notes here.

Risky Business #277 -- Vuln research trends with Mark Dowd
0:00 / 0:00

Risky Business Podcast

April 06, 2013

Risky Business #276 -- Cold and flu edition

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is another shorter one! I've been sick so I just couldn't pull together a feature interview.

We've also got a chat with this week's sponsor guest Chris Gatford of the Australian security consulting firm HackLabs.

We chat to Chris about the whole Spamhaus DDoS disaster. How damaging is it when the world's media distracts business and government leaders with stuff like this? What *should* these leaders really be concerned with?

Show notes

You can find this week's show here.

DDoS Attack, Database Breach Take Down Two Bitcoin Services | threatpost
http://threatpost.com/en_us/blogs/ddos-attack-database-breach-take-down-...

Adaptive Glass - Mobile Trends | Open Letter to Instawallet
http://www.adaptiveglass.com/?p=656

Daily chart: A Bit expensive | The Economist
http://www.economist.com/blogs/graphicdetail/2013/03/daily-chart-12

Justin Schuh - Google+ - What Blink means for Chrome Security The Chromium project\u2026
https://plus.google.com/116560594978217291380/posts/AeCnq76cAXb

Vulnerability Patched in PostgreSQL Database Server | threatpost
http://threatpost.com/en_us/blogs/vulnerability-patched-postgresql-datab...

PostgreSQL: 2013-04-04 Security Release FAQ
http://www.postgresql.org/support/security/faq/2013-04-04/

SEC Consult Vulnerability Alert: Critical Vulnerabilities In Sophos Web Protection Appliance - Dark Reading
http://www.darkreading.com/vulnerability-management/167901026/security/n...

iMessage denial of service 'prank' spams users rapidly with messages, crashes iOS Messages app - The Next Web
http://thenextweb.com/apple/2013/03/29/imessage-denial-of-service-prank-...

Anonymous hacks North Korea's Twitter and Flickr accounts | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57577904-83/anonymous-hacks-north-korea...

Who Wrote the Flashback OS X Worm? - Krebs on Security
https://krebsonsecurity.com/2013/04/who-wrote-the-flashback-os-x-worm/

Huawei exec sees no growth in U.S. this year | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57577715-83/huawei-exec-sees-no-growth-...

How the Spamhaus DDoS attack could have been prevented | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57576947-83/how-the-spamhaus-ddos-attac...

FTC Announces Winners of Death-to-Robocalls Challenge | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/04/death-to-robocalls/

DHS Warns of 'TDos' Extortion Attacks on Public Emergency Networks - Krebs on Security
http://krebsonsecurity.com/2013/04/dhs-warns-of-tdos-extortion-attacks-o...

Skype, Dropbox Patch Critical Facebook Authentication Bugs | threatpost
http://threatpost.com/en_us/blogs/skype-dropbox-patch-critical-facebook-...

Using Customer Premise Equipment to Take Over the Internet | threatpost
http://threatpost.com/en_us/blogs/using-customer-premise-equipment-take-...

Phishing Campaign Using Military, Illicit Attachments | threatpost
http://threatpost.com/en_us/blogs/phishing-campaign-using-military-illic...

Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware | threatpost
http://threatpost.com/en_us/blogs/has-anyone-seen-missing-scroll-bar-pho...

Spammers Finding Favor with Google Translate | threatpost
http://threatpost.com/en_us/blogs/spammers-finding-favor-google-translat...

Android malware again targets Tibetans - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/338469,android-malware-again-targets-t...

Backdoor Uses Evernote as Command and Control Server | Security Intelligence Blog | Trend Micro
http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses...

Government Fights for Use of Spy Tool That Spoofs Cell Towers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/gov-fights-stingray-case/

Secret Files Expose Offshore's Global Impact | International Consortium of Investigative Journalists
http://www.icij.org/offshore/secret-files-expose-offshores-global-impact

Aussie software ferrets out hidden money - Strategy - Business - News - iTnews.com.au
http://www.itnews.com.au/News/338723,aussie-software-ferrets-out-hidden-...

Hackers in Uganda: A Documentary by Jeremy Zerechak - Kickstarter
http://www.kickstarter.com/projects/1456247168/hackers-in-uganda-a-docum...

Penetration Testing & Web Application Security - HackLabs
http://www.hacklabs.com/

,

The dream they have is really good. I guess they need to get the whole thing going. - Roger Stanton

Risky Business #276 -- Cold and flu edition
0:00 / 0:00

Risky Business Podcast

March 28, 2013

Risky Business #275 -- Patch Tuesday, Indicator Wednesday?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is brought to you by our longest term sponsor, Tenable Network Security, thanks guys. In this week's sponsor interview we chat with the CEO and co-founder of Tenable, industry stalwart Ron Gula. We're chatting to him about a funny idea -- that the release of indicators of compromise might become so regular that they'll have to be handled in regular info sec team workflow. So we'll have Patch Tuesday and "which IPs owned us" Wednesday.

It's a really interesting chat and it's after the news. It's a short week this week because of Easter, plus I'm in Melbourne taking care of a few things, so there's no feature interview this week.

Show notes

Spamhaus DDoS Attacks Triple Size of Attacks on US Banks | threatpost
http://threatpost.com/en_us/blogs/spamhaus-ddos-attacks-triple-size-atta...

That Internet War Apocalypse Is a Lie
http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie

South Korean cyberattack may not have come from China | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575767-83/south-korean-cyberattack-ma...

Spear Phishing Cause of South Korean Cyber Attack | threatpost
http://threatpost.com/en_us/blogs/spear-phishing-cause-south-korean-cybe...

Legal Experts: Stuxnet Attack on Iran Was Illegal 'Act of Force' | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/stuxnet-act-of-force/

Top Chinese university linked to alleged military cybercrime unit | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57576051-83/top-chinese-university-link...

Don't Just Hate CISPA - Fix It | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/03/dont-hate-cispa-fix-it/

Draft US cyber bill seeks 10 years jail for passwords 'traffickers' - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/337906,draft-us-cyber-bill-seeks-10-ye...

Outdated Java weak spots are widespread, Websense says | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57576504-83/outdated-java-weak-spots-ar...

Apple ID security issue fixed, password page back online | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575955-83/apple-id-security-issue-fix...

Apple Sets May 1 End Date for Apps that Want UDIDs | threatpost
http://threatpost.com/en_us/blogs/apple-sets-may-1-end-date-apps-want-ud...

Missouri Court Rules Against $440,000 Cyberheist Victim - Krebs on Security
http://krebsonsecurity.com/2013/03/missouri-court-rules-against-440000-c...

Attackers Shifting to Delivering Unknown Malware Via FTP and Web Pages | threatpost
http://threatpost.com/en_us/blogs/new-report-confronts-unknown-malware-p...

Privacy 101: Skype Leaks Your Location - Krebs on Security
http://krebsonsecurity.com/2013/03/privacy-101-skype-leaks-your-location/

Researchers Uncover Targeted Attack Campaign Using Android Malware | threatpost
http://threatpost.com/en_us/blogs/researchers-uncover-targeted-attack-ca...

Anonymized Phone Location Data Not So Anonymous, Researchers Find | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/anonymous-phone-location-data/

ICS Vulnerabilities Surface as Monitoring Systems Integrate with Digital Backends | threatpost
http://threatpost.com/en_us/blogs/ics-vulnerabilities-surface-monitoring...

Sensitive Enterprise Data Exposed in Amazon S3 Public Buckets | threatpost
http://threatpost.com/en_us/blogs/sensitive-enterprise-data-exposed-amaz...

83,000 Kiwis exposed in email blunder - Messaging - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/337920,83000-kiwis-exposed-in-email-bl...

Google Fixes 11 Flaws in Chrome | threatpost
http://threatpost.com/en_us/blogs/google-fixes-11-flaws-chrome-032613

Egyptian navy captures divers trying to cut undersea internet cables \u2022 The Register
http://www.theregister.co.uk/2013/03/27/egypt_cables_cut_arrest/

We have Microsoft Tuesday, so how long until we have Indicator Wednesday? | Tenable Network Security
http://www.tenable.com/blog/we-have-microsoft-tuesday-so-how-long-until-...

SW&theE | The Simon Wright Band
http://simonwright.com.au/album/sw-thee

,

Of course, the internet apocalypse is a lie. I guess we can be so sure about that one. - James Cullem

Risky Business #275 -- Patch Tuesday, Indicator Wednesday?
0:00 / 0:00

Risky Business Podcast

March 22, 2013

Risky Business #274 -- Is "active defence" legal?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature interview we chat with Jennifer Granick, the Head of Civil Liberties at Stanford University's Centre for Internet and Society. Jennifer has extensive experience with cyberlaw -- she has acted for clients as diverse as Aaron Swartz and HBGary! She's done it all! And she joins the show to talk about a few things -- is active defence ever legal? And what the hell is going on with the Computer Abuse and Fraud Act over there in the USA?

This week's show is brought to you by Senetas, makers of fine, fine crypto hardware. If you need some crypto in your second layer, I'd suggest you get in touch with these guys. Awesome gear and as you'll hear in this week's sponsor interview with Senetas co-founder and CTO Julian Fay, these guys really know their stuff.

Julian joins the show a bit later on to talk about what happens when his customers ask them to roll with custom algos because some of them don't trust those published crypto techniques.

Show notes

You can find this week's episode here.

South Korea: Chinese address source of attack
http://bigstory.ap.org/article/south-korean-banks-media-report-network-c...

South Korea traces cyberattack to IP address in China | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575494-83/south-korea-traces-cyberatt...

Theories Abound on Wiper Malware Attack Against South Korea | threatpost
http://threatpost.com/en_us/blogs/theories-abound-wiper-malware-attack-a...

Twitter / LukeCleary: @W7VOA http://t.co/EGMq34ssk6
https://twitter.com/LukeCleary/status/314268284029661186

CCD COE - The Tallinn Manual
http://www.ccdcoe.org/249.html

NATO cyberwar directive declares hackers military targets - RT USA
http://rt.com/usa/nato-publishes-cyberwar-guidelines-502/

What 420,000 insecure devices reveal about Web security | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57574919-83/what-420000-insecure-device...

Internet Census 2012
http://internetcensus2012.bitbucket.org/paper.html

Decade-old espionage malware found targeting government computers | Ars Technica
http://arstechnica.com/security/2013/03/decade-old-espionage-malware-fou...

CIA $600 Million Deal For Amazon's Cloud - Business Insider
http://www.businessinsider.com/cia-600-million-deal-for-amazons-cloud-20...

Firm faces scrutiny over hacked ABC website
http://www.smh.com.au/it-pro/security-it/firm-faces-scrutiny-over-hacked...

Experts Tell Congress Serious Deterrence Needed to Impede Foreign Cyber Attacks | threatpost
http://threatpost.com/en_us/blogs/experts-tell-congress-serious-deterren...

AT&T Hacker 'Weev' Sentenced to 3.5 Years in Prison | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/att-hacker-gets-3-years/

Keys denies giving Tribune log-in credentials to Anonymous | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575499-83/keys-denies-giving-tribune-...

Cautious Optimism over Google DNSSEC Deployment | threatpost
http://threatpost.com/en_us/blogs/cautious-optimism-over-google-dnssec-d...

Java Code, Details Released for Potential Sandbox Bypass Issue | threatpost
http://threatpost.com/en_us/blogs/java-bug-code-details-released-allowed...

Vulnerabilities Continue to Weigh Down Samsung Android Phones | threatpost
http://threatpost.com/en_us/blogs/vulnerabilities-continue-weigh-down-sa...

www.revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf
http://www.revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf

Cisco switches to weaker hashing scheme, passwords cracked wide open | Ars Technica
http://arstechnica.com/security/2013/03/cisco-switches-to-weaker-hashing...

Apple adds two-step verification option for Apple IDs | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575655-83/apple-adds-two-step-verific...

Crown casino made no formal complaint to police after $32 million scam | News.com.au
http://www.news.com.au/national-news/victoria/crown-casino-made-no-forma...

Crown casino hi-tech scam nets $32 million | News.com.au
http://www.news.com.au/breaking-news/crown-casino-hi-tech-scam-nets-32-m...

'Chameleon Botnet' takes $6-million-a-month in ad money | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575320-83/chameleon-botnet-takes-$6-million-a-month-in-ad-money/

Security reporter hit by 'swatting' attack | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57574677-83/security-reporter-hit-by-sw...

Jennifer Granick | Center for Internet and Society
http://cyberlaw.stanford.edu/about/people/jennifer-granick

Senetas grants master distribution status to SafeNet - SafeNet, Senetas, distribution deals - ARN
http://www.arnnet.com.au/article/455608/senetas_grants_master_distributi...

Ash Grunwald - Longtime - YouTube
https://www.youtube.com/watch?v=n2jI1xlzjCo&playnext=1&list=PL64A7F7A1AC...

,

The source of attack will be very good. They need to get the whole thing very good. - James Cullem

Risky Business #274 -- Is "active defence" legal?
0:00 / 0:00

Risky Business Podcast

March 15, 2013

Risky Business #273 -- The birth of the online Pinkertons?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature interview we're chatting to industry legend and In-Q-Tel CSO Dan Geer about the idea of offence as defence. If someone's attacking you do you have the moral right to attack them back? Dan actually thinks you do.

This week's show is brought to you by Adobe.

Adobe's head of product security and privacy Brad Arkin pops along to have a bit of a chat about the busy few months they've been having at Adobe dealing with some interesting bugs.

Show notes

Intelligence chief offers dire warning on cyberattacks | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573902-83/intelligence-chief-offers-d...

Spy Chief Says Little Danger of Cyber 'Pearl Harbor' in Next Two Years | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/no-cyber-pearl-harbor/

RBA Chinese hack attack not an online security threat | Crikey
http://www.crikey.com.au/2013/03/12/reserve-bank-hacking-raises-question...

Twitter OAuth API Keys Leaked | threatpost
http://threatpost.com/en_us/blogs/twitter-oauth-api-keys-leaked-030713

Spy Agencies to Get Access to U.S. Bank Transactions Database | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/spy-agencies-to-get-access-to-u...

Secret Courtroom Audio Gives WikiLeaker Bradley Manning a Voice | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/manning_audio/

Retailer Sues Visa Over $13 Million 'Fine' for Being Hacked | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/genesco-sues-visa/

LinkedIn Data Breach Lawsuit Dismissed | threatpost
http://threatpost.com/en_us/blogs/linkedin-data-breach-lawsuit-dismissed...

Doctors 'used fake fingers' to clock in for colleagues at ER | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57574079-83/doctors-used-fake-fingers-t...

Google rolls out initiative to help hacked sites | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573986-83/google-rolls-out-initiative...

FBI investigating how sensitive celebrity data landed on Web | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573983-83/fbi-investigating-how-sensi...

White House demands China cease alleged hacking activity | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573715-83/white-house-demands-china-c...

China claims it's willing to talk to U.S. about cybersecurity | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573805-83/china-claims-its-willing-to...

How Skype monitors and censors its Chinese users | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573243-83/how-skype-monitors-and-cens...

Many Watering Holes, Targets In Hacks That Netted Facebook, Twitter and Apple | The Security Ledger
http://securityledger.com/many-watering-holes-targets-in-hacks-that-nett...

Colin Powell's Facebook page defaced | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573607-83/colin-powells-facebook-page...

Researchers highlight potential security risk to iOS users | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573765-83/researchers-highlight-poten...

Apple marketing chief jabs Android security on Twitter | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573152-83/apple-marketing-chief-jabs-...

Apple Finally Fixes App Store Vulnerabilities | threatpost
http://threatpost.com/en_us/blogs/apple-finally-fixes-app-store-vulnerab...

Researchers win $100,000 for Chrome hack that leaves Windows vulnerable | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573064-83/researchers-win-$100000-for-chrome-hack-that-leaves-windows-vulnerable/

Microsoft patches against evil maid attack - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/336293,microsoft-patches-against-evil-...

Adobe Fixes Four Critical Flaws in Flash | threatpost
http://threatpost.com/en_us/blogs/adobe-fixes-four-critical-flaws-flash-...

'Herp Derp EFTPOS' update goes public - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/336046,herp-derp-eftpos-update-goes-public...

Hijacked webcam footage paraded online - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/336184,hijacked-webcam-footage-paraded...

Indian Govt pays bounty for botnet probe - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/336271,indian-govt-pays-bounty-for-bot...

DOWNLOAD: Kenneth Bager - Fragment Seven (Les Fleurs) (Jesse Rose remix) - RCRD LBL
http://rcrdlbl.com/2009/01/21/download_kenneth_bager_fragment_seven_les_...

,

Those cyber attacks are imminent. I guess we all should be aware of that one. - Kris Krohn

Risky Business #273 -- The birth of the online Pinkertons?
0:00 / 0:00