Podcasts

News, analysis and commentary

Risky Business Podcast

October 04, 2013

Risky Business #299 -- Christopher Boyce on the CIA's betrayal of Australia

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show will feature part two of my interview with convicted spy Christopher Boyce. He went on a one man mission to damage his country's military and intelligence apparatus in the 70s. He says he did it because the US was undermining the democratically elected government of Australia.

So this week we go back to the 70s with Chris Boyce to chat about the Whitlam years. Australian Prime Minister Gough Whitlam lost government in 1975 when the Australian senate blocked budget supply and caused a shutdown of the federal government. Sound familiar? That's coming up after the news.

This week's show is brought to you Adobe, and man, they've had a rough week. We don't have Brad Arkin in this week's sponsor slot because he's busy dealing with a crisis over there, but we DO have an interview with Karthik Raman, a security researcher at Adobe who'll be talking about how Adobe runs its secure product lifecycle program.

Mark Piper is filling in for Adam Boileau in this week's news segment. Find links to what we discuss here.

Risky Business #299 -- Christopher Boyce on the CIA's betrayal of Australia
0:00 / 51:39

Risky Business Podcast

September 27, 2013

Risky Business #298 -- With feature guest Christopher Boyce

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We've got a great feature interview for you all this week. We're chatting with convicted spy, prison escapee and bank robber Christopher Boyce, aka The Falcon. We speak to him about the changing face of espionage; Wikileaks, Manning, Snowden and the radically changed world that awaited him when he walked out of prison.

This week's show is brought to you by Context Information Security, and in this week's sponsor interview we're chatting with Context consultant Paul Stone about the research he presented at the most recent BlackHat USA conference in Vegas. It picked up a lot of buzz -- his was the talk about doing pixel-by-pixel screen scraping with html5-based timing attacks.

It's ingenious stuff, that's a cracker interview, so big thanks again to Context IS for sponsoring this week's show.

Show notes

British Spy Agency GCHQ Hacked Belgian Telecoms Firm - SPIEGEL ONLINE
http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacke...

SPIEGEL Exclusive: NSA Spies on International Bank Transactions - SPIEGEL ONLINE
http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on...

RSA Tells Its Developer Customers: Stop Using NSA-Linked Algorithm | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/

How a Crypto 'Backdoor' Pitted the Tech World Against the NSA | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-backdoor/

NSA Bought Exploit Service From VUPEN, Contract Shows | Threatpost
http://threatpost.com/nsa-bought-exploit-service-from-vupen-contract-sho...

Congress unveils bill to limit NSA's powers | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57604756-83/congress-unveils-bill-to-li...

Kim Dotcom sues New Zealand over electronic snooping | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57602815-83/kim-dotcom-sues-new-zealand...

Dropbox Requests National Security Letter Transparency | Threatpost
http://threatpost.com/dropbox-argues-to-publish-number-of-national-secur...

Google's Gmail Keyword Scanning Might Violate Wiretap Law, Judge Finds | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/gmail-wiretap-ruling/

Data Broker Giants Hacked by ID Theft Service - Krebs on Security
http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft...

Researchers Build Undetectable Dopant Hardware Trojans | Threatpost
http://threatpost.com/researchers-develop-undetectable-hardware-trojans/...

Research detects dangerous malware hiding in peripherals - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/358265,research-detects-dangerous-malw...

BEAST Cryptographic Attack Mitigations Overturned | Threatpost
http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308

Pirate Bay Co-Founder's Sentence Is Reduced - WSJ.com
http://online.wsj.com/article/SB1000142405270230379640457909709168768263...

German Hackers Say They Cracked iPhone's New Fingerprint Scanner | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/iphone-fingerprint-cracked/

Google to Block Many Plug-Ins Starting in 2014 | Threatpost
http://threatpost.com/google-to-block-many-plug-ins-starting-in-2014/102393

iMessage Chat app for Android Worries Security Experts | Threatpost
http://threatpost.com/steer-clear-of-android-imessage-app-experts-say/10...

Yahoo recycled ID users warn of security risk | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57604441-83/yahoo-recycled-id-users-war...

Sefnit Click-Fraud Malware Related to Mevade Tor Botnet | Threatpost
http://threatpost.com/stealthy-new-click-fraud-malware-related-to-tor-bo...

Microsoft Warns of New IE Zero Day | Threatpost
http://threatpost.com/microsoft-warns-of-new-ie-zero-day/102327

IE Zero Day Used in Targeted Attacks Against Japanese Firms | Threatpost
http://threatpost.com/compromised-japanese-media-sites-serving-exploits-...

ICS Vendor Fixes Hard-Coded Credential Bugs Nearly Two Years After Advisory | Threatpost
http://threatpost.com/ics-vendor-fixes-hard-coded-credential-bugs-nearly...

Apple's iOS 7 Update Fixes 80 Security Bugs | Threatpost
http://threatpost.com/apples-ios-7-update-fixes-80-security-bugs/102356

Apple Releases Apple TV 6.0, Fixes 50+ Bugs | Threatpost
http://threatpost.com/after-botched-update-apple-releases-apple-tv-6-0-f...

Some Versions of Ruby on Rails Could Expose Cookies | Threatpost
http://threatpost.com/security-issue-in-ruby-on-rails-could-expose-cooki...

Apache Upgrade Repairs Struts, Fixes Two Vulnerabilities | Threatpost
http://threatpost.com/apache-upgrade-repairs-struts-fixes-two-vulnerabil...

Cisco IOS Update Patches Eight Vulnerabilities | Threatpost
http://threatpost.com/cisco-ios-update-patches-eight-vulnerabilities/102436

Facebook Android Bug Sent Users' Photos in the Clear | Threatpost
http://threatpost.com/facebook-android-bug-sent-users-photos-in-the-clea...

\u25b6 (2000) David Bowie / This is not America ~ Absolute Beginners (2/5) - YouTube
http://www.youtube.com/watch?v=n_bzqyu_4N0

www.contextis.com/files/Browser_Timing_Attacks.pdf
http://www.contextis.com/files/Browser_Timing_Attacks.pdf

,

The Belgians were surprised that they were hacked. They never thought that this could be possible until now. - Kris Krohn

Risky Business #298 -- With feature guest Christopher Boyce
0:00 / 67:23

Risky Business Podcast

September 20, 2013

Risky Business #297 -- Matthew Green tells his story

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show, like last week's, is a bit different. I am still moving house, which includes moving the Risky Business office and studio, but everything should be back to normal next week.

So there's no news segment in this week's show, but we have two great feature interviews with academic cryptographers. The first is with Johns Hopkins University's Matthew Green who was actually asked to remove a blog post critical of the NSA from the university's servers last week, leading to a massive controversy. We're going to get his side of the story, that's a great chat.

Peter Gutmann of the University of Auckland also joins us in this week's podcast. He's another well-known crypto academic and I'll be getting his thoughts on the NSA's covert program to subvert public crypto.

I cover some of the same ground with Peter as I do with Matthew, but as you'll hear they have slightly different perspectives on these things.

This week's show is brought to you by Tenable Network Security, makers of fine, fine vulnerability scanning software.

And you know what? The vuln scanning world has changed pretty substantially in the last 5-10 years. You used to use vuln scanners to prioritise which of your awfully out of date windows boxes you'd patch.

But these days you're more likely to use that stuff to find boxes that simply aren't managed. Ron joins us to talk about that.

Risky Business #297 -- Matthew Green tells his story
0:00 / 43:40

Risky Business Podcast

September 13, 2013

Risky Business #296 -- Chilling effect in full swing

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is a shorter one -- there's no feature interview for two reasons. The first is that I'm in the process of moving house, which includes moving my office and studio, so I'm dealing with house painters, bond cleaners and a million other things. But the second reason is because the person I had wanted to interview has been silenced.

I had reached out to Matthew Green, a cryptography researcher at Johns Hopkins University, to do an interview about last week's stunning revelations about the NSA undermining public cryptography standards. Matthew has done some great blog posts on that topic. I tweeted. No response. I emailed. No response. I called. No response.

Then I realised the likely reason why. The university had actually demanded he remove one of the blog posts -- possibly at the behest of the NSA -- in an utterly disgraceful violation of academic freedom. We'll find out more about that in the news segment.

This week's show is brought to you by HackLabs, the Australian security consultancy. And HackLabs head honcho Chris Gatford joins the show to have a chat about the Syrian Electronic Army. Will the SEA stimulate the same type of security spend that LulzSec triggered in 2011? Chris says they probably won't, mostly because the SEA just isn't mysterious and enigmatic enough to intrigue the media.

Adam Boileau joins us for an epic news segment that is mostly concerned with giving the NSA a big can of FU. You can find links to the stories discussed here.

Risky Business #296 -- Chilling effect in full swing
0:00 / 50:31

Risky Business Podcast

September 06, 2013

Risky Business #295 -- Behind Arbor's Packetloop acquisition

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we're taking a look at Arbor Networks' acquisition of Packetloop, a two-year-old Australian start up that makes big data security analytics software. You'd think that Arbor would want to move the company to the USA, but that's not what's happened in this case. Packetloop co-founder Michael Baker joins the show to fill us in.

This week's show is brought to you by the fine folks at Adobe Systems. And in this week's sponsor interview Adobe CSO Brad Arkin joins the podcast to talk about how he manages the security aspect of all the different cloud technologies various arms of the company use. It's a situation made infinitely more complicated by Adobe's habit of buying software companies at a rate of something like one a month. Not surprisingly, some of these acquired companies can leave a little to be desired in the security department. How does the Adobe security team bring these new services into the fold?

Show notes

The NSA's Secret Campaign to Crack, Undermine Internet Encryption - ProPublica
http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-unde...

Patriot Act Author Says NSA Is Abusing Spy Law | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-abusing-patriot-act/

NRA joins ACLU in suit against NSA's surveillance program | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601445-83/nra-joins-aclu-in-suit-agai...

Government to Release Hundreds of Documents Related to NSA Surveillance | Threatpost
http://threatpost.com/government-to-release-hundreds-of-documents-relate...

NSA Laughs at PCs, Prefers Hacking Routers and Switches | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/

What Exactly Are the NSA's 'Groundbreaking Cryptanalytic Capabilities'? | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-n...

Developers Scramble to Build NSA-Proof Email | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/the-scramble-to-build-encryption/

Facebook flaw allowed hackers to delete posted photos | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600991-83/facebook-flaw-allowed-hacke...

Russia Issues International Travel Advisory to Its Hackers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/dont-leave-home/

Aussie linked to US Govt supercomputer hack - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355480,aussie-linked-to-us-govt-superc...

Symantec source code hack lawsuit dismissed - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355201,symantec-source-code-hack-lawsu...

California Abruptly Drops Plan to Implant RFID Chips in Driver's Licenses | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/drivers-license-rfid-chips/

Huge Botnet Found Using Tor Network for Communications | Threatpost
http://threatpost.com/huge-botnet-found-using-tor-network-for-communicat...

Obad Trojan First to Spread Via Mobile Botnet | Threatpost
http://threatpost.com/obad-trojan-first-to-spread-via-mobile-botnet/102184

Hand of Thief Linux Banking Trojan Not Ready For Primetime | Threatpost
http://threatpost.com/hand-of-thief-trojan-not-ready-for-primetime/102159

NetTraveler Now Using Java Exploits, Watering Hole Attacks | Threatpost
http://threatpost.com/nettraveler-variant-adds-java-exploits-watering-ho...

FTC and TrendNet settle claim over hacked security cameras | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601430-83/ftc-and-trendnet-settle-cla...

Syrian Electronic Army Denies New Data Leaks - Krebs on Security
http://krebsonsecurity.com/2013/08/syrian-electronic-army-denies-new-dat...

Updated: Coalition backflips on proof of age net filter - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355904,updated-coalition-backflips-on-...

Update to Bitcoin Client Fixes DoS Bug, Password Strength | Threatpost
http://threatpost.com/update-to-bitcoin-client-fixes-dos-bug-password-st...

Windows 8 Picture Gesture Authentication Research | Threatpost
http://threatpost.com/picture-based-password-schemes-have-their-weakness...

Apple Safari Vulnerable to Buffer Overflow Exploit | Threatpost
http://threatpost.com/public-exploit-available-for-patched-safari-bug/10...

Watchwatch-like Heartbeat Monitor to Replace Passwords | Threatpost
http://threatpost.com/watch-like-heartbeat-monitor-seeks-to-replace-pass...

Researchers: Oracle's Java Security Fails - Krebs on Security
http://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/

Cisco Issues Four Security Advisories | Threatpost
http://threatpost.com/cisco-warns-users-of-four-vulnerabilities/102158

Samsung to build Lookout into KNOX protection | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601382-83/samsung-to-build-lookout-in...

Office, SharePoint Patches Await September Patch Tuesday | Threatpost
http://threatpost.com/critical-office-sharepoint-patches-await-september...

Sydney's Bugcrowd raises $1.6 million - Risk - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355761,sydneys-bugcrowd-raises-16-mill...

Arbor Networks buys Sydney startup PacketLoop - Cloud - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355620,arbor-networks-buys-sydney-star...

Packetloop
https://www.packetloop.com//

SoundCloud - Hear the world's sounds
https://soundcloud.com/lawrence-kennedy/sonny/s-AM7Jg

,

That is one risky business right there. If you have that one, then it will be great. - Roger Stanton

Risky Business #295 -- Behind Arbor's Packetloop acquisition
0:00 / 62:04

Risky Business Podcast

August 30, 2013

Risky Business #294 -- Five Eyes fights terrorists! (And MegaUpload.)

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We've got a pretty heavily spook-themed show for you this week. The feature interview is with New Zealand-based blogger and writer Keith Ng. He was trawling the Kim Dotcom affidavits in New Zealand and noticed that documents pertaining to the illegal GCSB surveillance on Mr. Dotcom had Five Eyes stamped all over them.

So, err, it looks like the surveillance apparatus established by five eyes to combat national security threats and terrorism was used indirectly by the NZ police force to spy on a guy over a copyright case. Interesting stuff.

And Senetas co-founder and CTO Julian Fay joins in this week's sponsor interview to a chat about the types of demands customers are making in the wake of Edward Snowden's leaks. Traffic analysis is king!

Adam Boileau, as usual, stops in to discuss the week's news headlines.

Show notes

These are the show notes for episode 294 of Risky Business

Tech Companies and Government May Soon Go to War Over Surveillance | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/08/stop-clumping-tech-companies-in-wit...

NSA seeks 'groundbreaking' spying powers, new leak reveals | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600647-83/nsa-seeks-groundbreaking-sp...

Internet Giants Got Millions From Taxpayers to Cover PRISM Spying Costs | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/millions-paid-prism-compliance/

Facebook Gave 38K Users' Data to Governments in 6 Months | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/facebook-divulged-user-data/

US intercepted UN comms: report - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354652,us-intercepted-un-comms-report....

School district hires company to follow kids' Facebook, Twitter | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600251-83/school-district-hires-compa...

German government denies Windows 'back door' claims | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599735-83/german-government-denies-wi...

Open Secret About Google's Surveillance Case No Longer Secret - Digits - WSJ
http://blogs.wsj.com/digits/2013/08/26/open-secret-about-googles-surveil...

My Dinner With NSA Director Keith Alexander - Forbes
http://www.forbes.com/sites/jennifergranick/2013/08/22/my-dinner-with-ge...

Melbourne IT compromise redirects NY Times, HuffPo readers - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354935,melbourne-it-compromise-redirec...

Who Built the Syrian Electronic Army? - Krebs on Security
http://krebsonsecurity.com/2013/08/who-built-the-syrian-electronic-army/

China's Internet hit by DDoS attack; sites down for hours | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600083-83/chinas-internet-hit-by-ddos...

Google Palestine domain hacked - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354811,google-palestine-domain-hacked....

LulzSec hacker Sabu's sentencing delayed - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354643,lulzsec-hacker-sabus-sentencing...

Hacker Pleads Guilty to Selling FBI Access to U.S. Supercomputers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/hacker-super-computer-access/

Firefox Extension HTTP Nowhere Allows Users to Surf in Encrypted-Only Mode | Threatpost
http://threatpost.com/firefox-extension-http-nowhere-allows-users-to-bro...

Arabic Text String Crashes iOS, Mac OS X | Threatpost
http://threatpost.com/arabic-text-string-taking-down-apps-clients-browse...

Metasploit Module Adds Sudo Vulnerability for OS X | Threatpost
http://threatpost.com/metasploit-module-adds-sudo-vulnerability-for-os-x...

Phone Hack Could Block Messages, Calls on GSM Networks | Threatpost
http://threatpost.com/phone-hack-could-block-messages-calls-on-some-mobi...

New Mozilla Plug-N-Hack Tool Integrates Browsers and Security Tools | Threatpost
http://threatpost.com/mozilla-plug-n-hack-integrates-browsers-and-securi...

Ransomware snares victims with NSA PRISM ruse - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354787,ransomware-snares-victims-with-...

VMware Patches Root Privilege-Escalation Flaw | Threatpost
http://threatpost.com/vmware-patches-root-privilege-escalation-flaw/102067

Remote Unauthenticated Bug Haunts Cisco ACS Server | Threatpost
http://threatpost.com/remote-unauthenticated-bug-haunts-cisco-acs-server...

Opera 16 Fixes Bugs, Improves HTML5 Performance | Threatpost
http://threatpost.com/opera-16-fixes-bugs-improves-html5-performance/102129

Another Java 6 Vulnerability Found in the Wild | Threatpost
http://threatpost.com/java-6-zero-day-a-reminder-to-upgrade-browser-plug...

OnPoint \u2022 Public Address
http://publicaddress.net/onpoint/

Midnight Oil - Dreamworld - YouTube
http://www.youtube.com/watch?v=OcKcjpSWmm0

,

That is one serious stuff right there. I guess that would be the thing we all are concerned of. - Adam LaFavre

Risky Business #294 -- Five Eyes fights terrorists! (And MegaUpload.)
0:00 / 52:28

Risky Business Podcast

August 23, 2013

Risky Business #293 -- Phishing for (whitehat) fun and profit

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature guest is Haroon Meer of Thinkst Applied Research. He's launched an awesome new site called Phish5.com that allows sysadmins and security consultants to automate phishing campaigns against their own networks and clients.

It's a brilliant idea and well executed.

This week's show is brought to you by the fine folks at Microsoft, and we chat with Microsoft's Jerry Bryant later on about the expansion of the company's MAPP program. If you're an incident responder you really want to hear about this -- you can now submit suspect samples to Microsoft and they'll inspect them for 0day. World-class triage at your fingertips.

Show notes

The following stories were discussed in episode 293 of the Risky Business podcast.

Bradley Manning Sentenced to 35 Years in Prison | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/bradley-manning-sentenced/

BBC News - Bradley Manning: 'I am a woman named Chelsea'
http://www.bbc.co.uk/news/world-us-canada-23798253

Julian Assange's WikiLeaks Party running mate Leslie Cannold quits
http://www.theage.com.au/federal-politics/federal-election-2013/julian-a...

Statement of Resignation from Wikileaks Party National Council at Dan's blog
http://danielmathews.info/blog/2013/08/statement-of-resignation-from-wik...

Security Community Raises Money for Researcher Snubbed by Facebook Bounty Program | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/researcher-denied-facebook-bounty/

Twitter OAuth Data Leaked From Third-Party App | Threatpost
http://threatpost.com/twitter-oauth-data-leaked-from-third-party-app/102035

NSA Broke Privacy Rules Thousands of Times, Contrary to Official Claims | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nsa-violated-privacy-rules/

Declassified 2011 FISC Opinion Shows Court Found Some NSA Surveillance Unconstitutional | Threatpost
http://threatpost.com/declassified-2011-fisc-opinion-shows-court-found-s...

China eyes IBM, Oracle, EMC over possible security issues | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57598827-83/china-eyes-ibm-oracle-emc-o...

U.K. Ordered Guardian to Destroy Snowden Files Because Its Servers Weren't Secure | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/guardian-snowden-files-destroyed/

FDA Issues Recommendations on the Security of Wireless Medical Devices | Threatpost
http://threatpost.com/fda-issues-recommendations-on-the-security-of-wire...

NSA and Intelligence Community turn to Tumblr -- weird but true | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599622-83/nsa-and-intelligence-commun...

Scanning the Internet in 45 Minutes | Threatpost
http://threatpost.com/scanning-the-internet-in-45-minutes/102025

Nasdaq Stock Exchange Goes Dark After Tech Glitch | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nasdaq-outage/

IP Cloaking Violates Computer Fraud and Abuse Act, Judge Rules | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/ip-cloaking-cfaa/

Prison Computer 'Glitch' Blamed for Opening Cell Doors in Maximum-Security Wing | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/computer-prison-door-mishap/

Cybercrooks use DDoS attacks to mask theft of banks' millions | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599646-83/cybercrooks-use-ddos-attack...

How Not to DDoS Your Former Employer - Krebs on Security
http://krebsonsecurity.com/2013/08/how-not-to-ddos-your-former-employer/

Joburg billing leak not a hack: whistle blower
http://businesstech.co.za/news/government/44593/joburg-billing-leak-not-...

Google, Mozilla Considering Limiting Certificate Validity to 60 Months | Threatpost
http://threatpost.com/google-mozilla-considering-limiting-certificate-va...

League of Legends is hacked, with crucial user info accessed | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599450-83/league-of-legends-is-hacked...

Google Chrome 29 Fixes 25 Vulnerabilities | Threatpost
http://threatpost.com/google-chrome-29-fixes-25-vulnerabilities/102038

Microsoft Reissues MS13-066 Windows Server Patch | Threatpost
http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/1...

Jumping Out of IE's Sandbox With One Click | Threatpost
http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054

Cisco Patches DoS, Buffer Overflow Vulnerabilities in UCM | Threatpost
http://threatpost.com/cisco-patches-dos-buffer-overflow-vulnerabilities-...

IT Security News, Security Product Reviews and Opinion - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/

Phish5 - Phish your company in five easy steps
https://phish5.com/

Microsoft Extends MAPP To Incident Responders And Offers Free Online
http://www.darkreading.com/vulnerability/microsoft-extends-mapp-to-incid...

The Bombay Royale
http://thebombayroyale.com/index.html

,

The notes are really good. If you can read it, then that would be better. - Roger Stanton

Risky Business #293 -- Phishing for (whitehat) fun and profit
0:00 / 61:04

Risky Business Podcast

August 16, 2013

Special Las Vegas edition -- Keith Alexander, Moxie and more!

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

This is a special edition of the Risky Business podcast, produced with material recorded at BlackHat and Defcon in Las Vegas.

Features:

\t* Excerpts of Keith Alexander's keynote
\t* An interview with Moxie Marlinspike
\t* A sponsor interview with SensePost trainer Glenn Wilkinson

Special Las Vegas edition -- Keith Alexander, Moxie and more!
0:00 / 50:33

Risky Business Podcast

August 16, 2013

Risky Business #292 -- Jon Callas: Why Silent Mail got the bullet

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we chat with Silent Circle founder Jon Callas about the decision to shutter the Silent Mail service, as well as what Silent Circle is doing to bolster product security in the wake of some pretty nasty bug disclosures by our pal Mark Dowd.

In this week's sponsor interview we chat with Tenable CEO Ron Gula about innovation trends in infosec -- he was working the trade floor like a boss at BlackHat, so I asked him what tickled his fancy.

A shaken but not stirred Adam Boileau joins us from the earthquake-ravaged, lawless badlands of Wellington to discuss the week's news headlines.

Show notes, including links to the stories we discussed in the news segment, can be found here.

Risky Business #292 -- Jon Callas: Why Silent Mail got the bullet
0:00 / 56:28

Risky Business Podcast

August 09, 2013

Risky Business #291 – All your SIMs are belong to Karsten Nohl

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature slot we chat with Karsten Nohl about his research into pillaging SIM cards. It turns out Karsten's research into SIM security was much, much cooler than we initially thought.

In this week's sponsor interview we chat with Jonathan Ness about the all new singing and dancing EMET 4.0.

Adam Boileau pops by for the week's news.

Show notes

BREACH Compression Attack Steals HTTPS Response Secrets | Threatpost
https://threatpost.com/breach-compression-attack-steals-https-secrets-in...

Experts Urge ECC crytpo over RSA algorithm | Threatpost
http://threatpost.com/crypto-gains-ramp-up-calls-to-get-ahead-of-inevita...

JavaScript and Timing Attacks Used to Steal Browser Data | Threatpost
https://threatpost.com/javascript-and-timing-attacks-used-to-steal-brows...

Car hacking code released at Defcon | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57596847-83/car-hacking-code-released-a...

Feds Are Suspects in New Malware That Attacks Tor Anonymity | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/freedom-hosting/

Firefox Zero-Day Used in Child Porn Hunt? - Krebs on Security
http://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-h...

Tor Users Should Leave Insecure Windows Operating System | Threatpost
http://threatpost.com/tor-urges-users-to-leave-windows/101825

Software Obfuscation Mechanism Hampers Reverse Engineering | Threatpost
http://threatpost.com/new-software-obfuscation-throws-wrench-into-revers...

Edward Snowden Granted Asylum, Leaves Moscow Airport | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/edward-snowden-granted-asylum-l...

Newly leaked NSA program sees 'nearly everything' you do | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57596313-83/newly-leaked-nsa-program-se...

House Rejects Amendment to Sever NSA Data Collection Funding | Threatpost
http://threatpost.com/house-rejects-amendment-to-sever-nsa-data-collecti...

Lawmakers Who Upheld NSA Phone Spying Received Double the Defense Industry Cash | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/money-nsa-vote/

Declassified Memos Confirm Dragnet Phone Surveillance Program Was No Secret From Congress | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/phone-dragnet-no-secret/

Edward Snowden's Email Provider Shuts Down After Secret Court Battle | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/lavabit-snowden/

Bradley Manning Acquitted of Aiding the Enemy, Guilty of Espionage Act Violations | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/bradley-manning-not-guilty-aidi...

Twitter's Killer New Two-Factor Solution Kicks SMS to the Curb | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/twitter-new-two-facto/

Mozilla, Blackberry To Test Website Security Via Fuzzing | Threatpost
http://threatpost.com/mozilla-blackberry-join-forces-to-advance-peach-fu...

Fort Disco Botnet Uses Brute-Force Attacks Against CMS Sites | Threatpost
http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms...

Google WebLogin Tokens Expose Google Apps, User Data | Threatpost
http://threatpost.com/convenient-google-weblogin-tokens-can-expose-user-...

Chrome Security Shocker Creates Password Anxiety - Security -
http://www.informationweek.com/security/application-security/chrome-secu...

Apple to Fix Malicious Fake USB Charger Flaw | Threatpost
http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554

Windows 8 Phone Authentication Protocol Weakness | Threatpost
http://threatpost.com/microsoft-warns-of-weakness-in-authentication-prot...

Remotely Exploitable Bug Affects Wide Range of Cisco TelePresence Systems | Threatpost
http://threatpost.com/remotely-exploitable-bug-affects-wide-range-of-cis...

Russian man doctors credit card contract, sues bank after non-repayments - Risk - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/352756,russian-man-doctors-credit-card...

August 2013 Microsoft Patch Tuesday Security Updates | Threatpost
http://threatpost.com/critical-ie-exchange-updates-on-tap-in-august-patc...

Karsten Nohl Demonstrates SIM Card Root Attack At Black Hat | Threatpost
http://threatpost.com/weak-encryption-enables-sim-card-root-attack/101557

Download Enhanced Mitigation Experience Toolkit 4.0 from Official Microsoft Download Centre
http://www.microsoft.com/en-au/download/details.aspx?id=39273

,

The response threats are really good. If you have that one in your record, then that would be great. - Adam LaFavre

Risky Business #291 – All your SIMs are belong to Karsten Nohl
0:00 / 61:36