Podcasts

News, analysis and commentary

Risky Business Podcast

March 07, 2013

Risky Business #272 -- Jon Callas talks Silent Circle

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we chat to PGP Corporation co-founder Jon Callas. Jon's been in the security business for a long time and he's bringing us up to speed on his latest venture, Silent Circle.

This week's show is brought to you by the Australian security consulting and penetration testing firm HackLabs. And we've got a really interesting sponsor interview with HackLabs head honcho Chris Gatford about how many, many organisations simply don't do any foot-printing... and it means they miss so much! Come on people, it's a two-day job!

Adam Boileau, as usual, joins us for this week's news segment.

Show notes

Episode 272 can be found here.

The Java Zero-Day Procession Continues | threatpost
http://threatpost.com/en_us/blogs/java-zero-day-procession-continues-030113

New Java 0-Day Attack Echoes Bit9 Breach - Krebs on Security
http://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-bre...

Oracle issues emergency Java update to patch vulnerabilities | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572496-83/oracle-issues-emergency-jav...

Prompted by Oracle Rejection, Researcher Finds Five New Java Sandbox Vulnerabilities | threatpost
http://threatpost.com/en_us/blogs/prompted-oracle-rejection-researcher-f...

More Java-based malware plagues the cross-platform runtime | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572168-83/more-java-based-malware-pla...

Jailed hacker allowed into IT class, hacks prison computers | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572282-83/jailed-hacker-allowed-into-...

Groundbreaking Cyber Fast Track Research Program Ending | threatpost
http://threatpost.com/en_us/blogs/groundbreaking-cyber-fast-track-resear...

Google Says the FBI Is Secretly Spying on Some of Its Customers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/google-nsl-range/

Attorney General: Aaron Swartz Case Was a 'Good Use of Prosecutorial Discretion' | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/holder-swartz-case/

White House, FCC Chairman Support Legalizing Unlocking of Mobile Phones | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/mobile-phone-unlock/

Mobile Malcoders Pay to (Google) Play - Krebs on Security
http://krebsonsecurity.com/2013/03/mobile-malcoders-pay-to-google-play/

APT1-Themed Spear Phishing Campaign Linked to China | threatpost
http://threatpost.com/en_us/blogs/apt1-themed-spear-phishing-campaign-li...

Google Patches 10 Chrome Flaws Ahead of Pwn2Own, Pwnium | threatpost
http://threatpost.com/en_us/blogs/google-patches-10-chrome-flaws-ahead-p...

Time Stamp Bug in Sudo Could Have Allowed Code Entry | threatpost
http://threatpost.com/en_us/blogs/time-stamp-bug-sudo-could-have-allowed...

MiniDuke Espionage Campaign Began About a Year Earlier Than First Thought | threatpost
http://threatpost.com/en_us/blogs/miniduke-espionage-campaign-began-abou...

Apple Begins to Blacklist Old Versions of Flash for Safari | threatpost
http://threatpost.com/en_us/blogs/apple-begins-blacklist-old-versions-fl...

Evernote Compromised, But Says No User Data Affected | threatpost
http://threatpost.com/en_us/blogs/evernote-compromised-says-no-user-data...

Locked-down BlackBerry offers classified, personal use | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572337-83/locked-down-blackberry-offe...

CloudFlare security service goes down after router failure | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572259-83/cloudflare-security-service...

The most secure Android phone in the world (maybe) | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57571961-83/the-most-secure-android-pho...

Sudden death of U.S. engineer in Singapore linked to cyber espionage? | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572070-83/sudden-death-of-u.s-enginee...

Dropbox users getting spammed, might be from earlier hack | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57571968-83/dropbox-users-getting-spamm...

Anonymous leaks alleged data on BofA execs, surveillance | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57571955-83/anonymous-leaks-alleged-dat...

Dell builds sinkhole data-sharing platform - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/335362,dell-builds-sinkhole-data-shari...

CommBank builds security fault tree after RSA breach - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/335102,commbank-builds-security-fault-...

Use decoy and deception to mess with hackers - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/335049,use-decoy-and-deception-to-mess...

Hackers focus energy on solar sector - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/335003,hackers-focus-energy-on-solar-s...

silent circle - Google Search
https://www.google.com/search?q=silent+circle&aq=f&oq=silent+circle&aqs=...

Here's this week's sponsor: Buy their stuff!!!

Penetration Testing & Web Application Security - HackLabs
http://www.hacklabs.com/

,

The zero day attack is really good. I guess they are aware of what they have. - Kris Krohn

Risky Business #272 -- Jon Callas talks Silent Circle
0:00 / 0:00

Risky Business Podcast

March 01, 2013

Risky Business #271 -- All your funnycats R belong 2 APT1

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Mandiant's Managing Director of Threat Intelligence, Dan McWhorter, about that company's report into Chinese cyber espionage activity.

Mandiant dropped the report last week and it's caused quite a stir, even eliciting a response from the Whitehouse and Chinese officials.

That's an interesting conversation and it's after the news.

This week's show is brought to you by Tenable Network Security, makers of fine vulnerability scanning and SIEM software. Tenable's product manager and all-round nice guy Jack Daniel will be along in this week's sponsor interview to discuss some other aspects of this APT1 issue.

Like, for example, how the attackers were using executable trojans embedded in zip files and still managed to own half the Western world's intellectual property. That's this week's sponsor interview -- an interesting blend of hilarious and depressing.

Show notes

Bradley Manning Takes "Full Responsibility" for Giving WikiLeaks Huge Government Data Trove | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/bradley-manning/

The Incredible Rise and Fall of a Hacker Who Found the Secrets of the Next Xbox and PlayStation-And Maybe More
http://kotaku.com/5986239/the-rise-and-fall-of-superdae-a-most-unusual-v...

Sentencing of LulzSec double agent postponed | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57570764-83/sentencing-of-lulzsec-doubl...

Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/new-stuxnet-variant-found/

EXCLUSIVE: Hacked ABC website likely breached by crooks in 2011 | Risky Business
http://risky.biz/opwilders

MiniDuke Espionage Malware Hits Governments in Europe Using Adobe Exploits | threatpost
http://threatpost.com/en_us/blogs/miniduke-espionage-malware-hits-govern...

Adobe Patches Two Critical Flash Player Vulnerabilities | threatpost
http://threatpost.com/en_us/blogs/adobe-patches-two-critical-flash-playe...

Chrome 25 Fixes Nine High-Risk Vulnerabilities | threatpost
http://threatpost.com/en_us/blogs/chrome-25-fixes-nine-high-risk-vulnera...

Latest Kelihos Botnet Shut Down Live at RSA Conference 2013 | threatpost
http://threatpost.com/en_us/blogs/latest-kelihos-botnet-shut-down-live-r...

RSA Conference 2013: Experts Say It's Time to Prepare for a 'Post-Crypto' World | threatpost
http://threatpost.com/en_us/blogs/rsa-conference-2013-experts-say-its-ti...

Two More Java Zero Days Found by Polish Research Team | threatpost
http://threatpost.com/en_us/blogs/two-more-java-zero-days-found-polish-r...

Microsoft Azure Cloud Storage Suffers Major Outage Over Expired SSL Certificate | threatpost
http://threatpost.com/en_us/blogs/microsoft-azure-cloud-storage-suffers-...

Feds Used Aaron Swartz's Political Manifesto Against Him | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/aaron-swartz-manifesto/

Facebook Patches OAuth Authentication Vulnerability | threatpost
http://threatpost.com/en_us/blogs/facebook-patches-oauth-authentication-...

China blames U.S. for most cyberattacks against military Web sites | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57571811-83/china-blames-u.s-for-most-c...

Add Microsoft to list of hacked companies | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57570861-83/add-microsoft-to-list-of-ha...

ATO passwords stored in clear text - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/334921,ato-passwords-stored-in-clear-t...

Mandiant Intelligence Center Report | Mandiant\xae
http://intelreport.mandiant.com/

Tenable Network Security
http://www.tenable.com/

Das EFX - Straight Out The Sewer - YouTube
http://www.youtube.com/watch?v=xXSsLa3PlDc

Patrick Gray on ABC television, discussing ABC breach
http://www.abc.net.au/7.30/content/2013/s3699924.htm

,

Xbox and Playstation has its secret? Wow, this is a conspiracy theory in one way or another. - Mission Maids

Risky Business #271 -- All your funnycats R belong 2 APT1
0:00 / 0:00

Other Category

February 27, 2013

EXCLUSIVE: Hacked ABC website likely breached by crooks in 2011

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

The ABC Website compromised by anonymous attackers overnight was likely already breached by cyber-criminals active on Russian forums as far back as 2011.

The user database of the Making Australia Happy television program was published overnight with the emails and hashed passwords of its 50,000 users dumped on paste websites.

The pastes were released under the tag "#OpWilders"; the breach ostensibly a revenge attack over the ABC's decision to air an interview with controversial anti-Muslim Dutch politician Geert Wilders, who visited Australia last week.

But strong circumstantial evidence has emerged that suggests the site had already been compromised by criminals. The first two password hashes in the compromised database appeared on a Russian cybercrime website, in sequence, in 2011.

Forum user "prevedma1" posted a thread in October 2011 titled "Need crack hashes" before pasting in two SHA1 hashes. The hashes are identical to the first two contained in the leaked user database. One of them corresponds to an ABC user account with moderator privileges.

You can see a screen capture here.

If this database was indeed obtained by cybercrooks back then it's likely it was used in phishing and malware campaigns. It is unclear why the supposed attacker was seeking to crack those hashes, but the ABC moderator account would have presumably afforded simple and privileged access to the site's content management system.

It's also possible the attacker was hoping the ABC admin account password was re-used elsewhere. Cracking it would be an excellent way to further propagate an attack deeper into the ABC network.

Opinion seems divided as to whether the latest hack, or "operation" in Anonspeak, was met with approval from the Anonymous community. An attack against a media organisation by a protest "brand" that supports free speech seems to run contrary to the anti-censorship ideals of the Anonymous movement.

Follow Patrick Gray on Twitter here.

Check out the Risky Business podcast here.

Risky Business Podcast

February 22, 2013

Risky Business #270 -- Red teaming your law firm for fun and profit

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're taking a look at the issue of secondary targeting. These days it's borderline likely that attackers who want information on your company's upcoming mergers and acquisition activity won't even bother attacking you to get the intel. They'll go for your law firm instead... or your accountants... or another partner.

CERT Australia Executive Manager Dr. Carolyn Patterson joins the show to talk about that.

This week's show is brought to you by Senetas, makers of fine, layer 2 encryption hardware boxens! If you're planning a greenfields development, please, please, please go visit the Senetas website. They're a publicly listed company and they make really good gear. This week's sponsor interview is with Senetas co-founder and CTO Julian Fay, who as you'll discover, really knows what he's talking about.

This week we chat to Julian about the various certification schemes out there -- FIPS, Common Criteria and CAPS. We talk about some of the problems with these schemes, and also about some of the changes that are being made to them. Certification is changing, big time, so make sure you listen to that one.

Risky Business #270 -- Red teaming your law firm for fun and profit
0:00 / 0:00

Risky Business Podcast

February 15, 2013

Risky Business #269 -- Dave Aitel on the end of clientsides

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we have a chat with industry stalwart Dave Aitel of Immunity Inc.

Dave joins us to chat about a few things -- like what it will be like when clientside memory corruption exploits become as rare as server side corruption exploits are now. How will that change the security discipline? We also have a chat about El Jefe and sneaky ways of handling command and control.

This week's show is brought to you by NCC Group, the global information security firm. NCC Group's Asia Pacific General Manager and BeEF project creator Wade Alcorn joins us in this week's sponsor slot to chat about recent Ruby on Rails bugs. It's been patched three times in the last month! But how much of a problem is that for you?

Is Ruby on Rails being used for serious business? Should it be?

You can find Patrick on Twitter here and Adam here.

Show notes

Security Firm Bit9 Hacked, Used to Spread Malware - Krebs on Security
http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spr...

Microsoft Report Examines Socio-Economic Relationships to Malware Infections | threatpost
http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-econom...

Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives | threatpost
http://threatpost.com/en_us/blogs/cybersecurity-executive-order-short-ac...

White House Must Respond to Petition Seeking Swartz Prosecutor's Firing | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/swartz-prosecutor-petition/

DHS Watchdog OKs 'Suspicionless' Seizure of Electronic Devices Along Border | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/

Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats:In Turn, It's PDF Time
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html

Emergency Adobe Flash Player Patches Fix Pair of Zero Days | threatpost
http://threatpost.com/en_us/blogs/emergency-adobe-flash-player-patched-f...

Microsoft's next Patch Tuesday to fix 57 security bugs | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57568412-83/microsofts-next-patch-tuesd...

Hackers can easily breach Emergency Alert Systems | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569322-83/hackers-can-easily-breach-e...

Ransomware cybercrime ring dismantled in Europe | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569321-83/ransomware-cybercrime-ring-...

Old OS X malware used in increased attacks against Uyghur groups | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569252-83/old-os-x-malware-used-in-in...

Anonymous fails to shut down live streams of Obama address | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569098-83/anonymous-fails-to-shut-dow...

Gmail of journalists in Myanmar said to be hacked | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57568840-83/gmail-of-journalists-in-mya...

Audacious Hack Exposes Bush Family Pix, E-Mail | The Smoking Gun
http://www.thesmokinggun.com/documents/bush-family-hacked-589132

Telecom NZ says 22,500 Xtra email accounts hacked - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/333169,telecom-nz-says-22500-xtra-emai...

Yahoo! Pushing Java Version Released in 2008 - Krebs on Security
http://krebsonsecurity.com/2013/02/yahoo-pushing-java-version-released-i...

Mega security bugs detailed - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331952,mega-security-bugs-detailed.aspx

Australian Tax System Breached By Criminals
http://www.smh.com.au/it-pro/security-it/criminals-breach-australian-tax...

CERT Australia rebuffs ex-staff criticism - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331618,cert-australia-rebuffs-ex-staff...

Theoretical Lucky Thirteen TLS Attacks Could Turn Practical | threatpost
http://threatpost.com/en_us/blogs/theoretical-lucky-thirteen-tls-attacks...

VMware Fixes Privilege Escalation Vulnerability | threatpost
http://threatpost.com/en_us/blogs/vmware-fixes-privilege-escalation-vuln...

Ballot-stuffing bot hits News Ltd polls - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331994,ballot-stuffing-bot-hits-news-l...

The Ubermotive Guide to Media Influence |
http://www.ubermotive.com/?p=68

Media Watch: News gets gamed (11/02/2013)
http://www.abc.net.au/mediawatch/transcripts/s3688053.htm?site=westernvic

Anonymous intends to block Webcasts of State of the Union | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569044-83/anonymous-intends-to-block-...

IMMUNITY : Knowing You're Secure
http://www.immunityinc.com/products-eljefe.shtml

IMMUNITY : Knowing You're Secure
http://www.immunityinc.com/products-swarm.shtml

JaFFer Music, Lyrics, Songs, and Videos
http://www.reverbnation.com/jafferband

BeEF - The Browser Exploitation Framework Project
http://beefproject.com/

Information Security, Escrow & Other Solutions - NCC Group
http://www.nccgroup.com/

,

This week's show should not be missed. i am definite for the real thing that we will learn on this show. looking forward to it. - Flemings Ultimate Garage

Risky Business #269 -- Dave Aitel on the end of clientsides
0:00 / 0:00

Risky Business Podcast

February 08, 2013

Risky Business #268 -- Outsource your bug bounty program?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is with Casey Ellis of BugCrowd.com -- a new business that runs outsourced bug bounty programs. It's a great idea and it's one that I personally think will really take off over the next couple of years.

This week's show is brought to you by our good friends at Adobe.

Adobe's director of product security and privacy Brad Arkin will be along a bit later on with an update on the phantom 0day issue the company experienced last year, as well as filling us in on some efforts designed to combat spearphishing attacks that use dodgy Flash objects embedded in Office files. It's more interesting than it sounds!

Adam Boileau is back in the news seat for a chat about recent headlines. You can find links to all the articles we discussed here.

Risky Business #268 -- Outsource your bug bounty program?
0:00 / 0:00

Risky Business Podcast

December 13, 2012

Risky Business #267 -- 2012 in review

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show takes a look back at some of the big issues and stories of 2012: The arrest of the Lulzsec crew, the release of Stratfor's email by Wikileaks and the Australian government ban on Huawei participating in the NBN rollout.

With bonus lulz.

This is the final episode of Risky Business for 2012. We'll be back in February 2013!

Risky Business #267 -- 2012 in review
0:00 / 0:00

Risky Business Podcast

December 07, 2012

Risky Business #266 -- ToR, BitCoin, crooks and quantum key distribution

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're talking ToR and BitCoin with Alice Hutchings, a Senior Researcher and Analyst with the Australian Institute of Criminology's Global, Economic and Electronic Crime Program.

ToR helps dissidents in foreign countries access information their governments deem unsavoury -- but it also provides a layer of protection to the consumers of child porn. Combine it with technology like BitCoin and bang, you've got Silk Road. Given the illicit uses of such technology, is volunteering to run a ToR server moral?

It's a fun, completely pointless academic conversation and it's coming up after the news!

This week's show is brought to you by Senetas, makers of fine layer 2 encryption technology. Senetas CTO Julian Fay joins us in this week's sponsor interview and we're talking all about Quantum Key Distribution.

It's a technology that is available commercially and after listening to that interview you'll actually know what it does and how it works! I learned a lot doing that interview. It's good stuff.

Show notes

John McAfee Hospitalized in Guatemala | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/12/threatlevel_1206_mcafeehospital/

Sophisticated botnet steals more than $47M by infecting PCs and phones | Ars Technica
http://arstechnica.com/security/2012/12/sophisticated-botnet-steals-more...

Bank Agrees to Reimburse Hacking Victim $300K in Precedent-Setting Case | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/bank-to-pay-hacking-victim/

Massive worm hits Tumblr, spams big blogs like USA Today | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57556784-83/massive-worm-hits-tumblr-sp...

Pentagon Deploying DARPA to Wage War on Backdoors | threatpost
http://threatpost.com/en_us/blogs/pentagon-deploying-darpa-wage-war-back...

Google Launches Private Android App Stores | threatpost
http://threatpost.com/en_us/blogs/google-launches-private-android-app-st...

Hackers steal customer info from insurance provider Nationwide | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57557408-83/hackers-steal-customer-info...

U.S., U.K. caught in middle of huge Swiss spy data leak -- report | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57557004-83/u.s-u.k-caught-in-middle-of...

ATM Thieves Swap Security Camera for Keyboard - Krebs on Security
http://krebsonsecurity.com/2012/12/atm-thieves-swap-security-camera-for-...

Twitter SMS bug lets hackers tweet via other users' accounts | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57557050-83/twitter-sms-bug-lets-hacker...

Security Essentials fails latest AV-Test | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57556340-83/security-essentials-fails-l...

Judge Gives Bradley Manning Permission to Plead Guilty for WikiLeaks Dumps | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/manning-plea-terms-accepted/

Congress Demands United Nations Keep Hands Off the Internet | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/12/united-nations-internet-regs/

Mac malware follows Flashback - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/325137,mac-malware-follows-flashback.aspx

Six Security Flaws Fixed in BIND 9.9.2 | threatpost
http://threatpost.com/en_us/blogs/six-security-flaws-fixed-bind-992-120512

Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday | threatpost
http://threatpost.com/en_us/blogs/microsoft-fixing-11-vulnerabilities-de...

Experts Downplay MySQL Database Zero-Days | threatpost
http://threatpost.com/en_us/blogs/experts-downplay-mysql-database-zero-d...

Austrian Police Raid ToR Exit Node Admin
http://www.scmagazine.com.au/News/324804,tor-exit-node-operator-raided-b...

Senetas - Hybrid Quantum Encryption
http://www.senetas.com/products/products/hybrid-quantum-encryption.htm

,

Being hospitalized in Guatemala is really interesting. I would want to know what the hospital looks like in there. - Feed the Children Reviews

Risky Business #266 -- ToR, BitCoin, crooks and quantum key distribution
0:00 / 0:00

Risky Business Podcast

November 30, 2012

Risky Business #265 -- Reliably detecting 0day with crash dumps

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show were chatting with Rex Warren of Leviathan Security in the United States.

Leviathan has been working with DARPA on an interesting new system that can reliably detect failed 0day exploitation attempts against hosts. Basically these guys are just grabbing Dr. Watson crash dumps at the gateway, but where it gets interesting is when we look at what they do with those crash dumps. Emulation FTW.

This week's show is brought to you by the fine folk at Tenable Network Security. If you need vulnerability scanning or SIEM software you really need to go visit their website. On this week's show we're revisiting the topic of phantom 0day with Ron Gula, the chief executive and co-founder of Tenable. We'll also be chatting to him about whether or not the biggest threat to users in the future could be social engineering.

Show notes

Zero-day hotel keycard hack goes unfixed, now being used by Texas thieves | ExtremeTech
http://www.extremetech.com/electronics/141557-zero-day-hotel-keycard-hac...

UN nuclear watchdog confirms data leak | ZDNet
http://www.zdnet.com/un-nuclear-watchdog-confirms-data-leak-7000008001/

Chrome Zero-Day Presentation Gives Way to Mandatory Military Service | threatpost
http://threatpost.com/en_us/blogs/chrome-zero-day-presentation-gives-way...

Google Repairs High-Risk Flaw in Chrome | threatpost
http://threatpost.com/en_us/blogs/google-repairs-high-risk-flaw-chrome-1...

Cisco and "8 Diamonds" threaten Chinese security
http://tech.sina.com.cn/t/2012-11-27/09207834698.shtml

Update: Attack on Romanian TLD Register led to Google, Yahoo Defacements and DNS Redirects | threatpost
http://threatpost.com/en_us/blogs/update-attack-romanian-tld-register-le...

DSD issues advice for executives tackling BYOD | ZDNet
http://www.zdnet.com/au/dsd-issues-advice-for-executives-tackling-byod-7...

Credit card companies' WikiLeaks block just fine, EU says | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57554855-83/credit-card-companies-wikil...

Romanian hackers behind $30m Australian credit card theft - ABC News (Australian Broadcasting Corporation)
http://www.abc.net.au/news/2012-11-29/afp-uncovers-romanian-card-hacking...

Second person guilty in AT&T iPad prank hack - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/324412,second-person-guilty-in-att-ipa...

Researcher reveals backdoor access in Samsung printers | ZDNet
http://www.zdnet.com/researcher-reveals-backdoor-access-in-samsung-print...

Java Zero-Day Exploit on Sale for 'Five Digits' - Krebs on Security
https://krebsonsecurity.com/2012/11/java-zero-day-exploit-on-sale-for-fi...

Kaseya patches platform vulnerability - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/323797,kaseya-patches-platform-vulnera...

Piwik Update Infected with Backdoor Malware | threatpost
http://threatpost.com/en_us/blogs/piwik-update-infected-backdoor-malware...

Researcher Finds Nearly Two Dozen SCADA Bugs in a Few Hours' Time | threatpost
http://threatpost.com/en_us/blogs/researcher-finds-nearly-two-dozen-scad...

Symantec Warns of New Malware Targeting SQL Databases | threatpost
http://threatpost.com/en_us/blogs/symantec-warns-new-malware-targeting-s...

,

Good blog post!! Thank you a lot for providing individuals with an exceptionally terrific opportunity to read from this site. It's usually very ideal and also full of amusement for me and my office peers to search the blog the equivalent of three times in a week to read through the fresh secrets you have got.
villa rental koh samui

,

The hack has been pretty good so far. We all need to get the whole thing involved. - Feed the Children Reviews

Risky Business #265 -- Reliably detecting 0day with crash dumps
0:00 / 0:00

Risky Business Podcast

November 23, 2012

Risky Business #264 -- Three Guys With Ponytails Talk About Security

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show I'll being playing an excerpt from a panel discussion that took place at Kiwicon -- the session was called Three Guys with Ponytails Talk Security. The three guys are PGP Corporation co-founder Jon Callas, nCipher co-founder Nicko van Someren and the University of Auckland's Peter Gutmann.

The topics include quantum computing and Peter's oddly overkill print server.

This week's show is brought to you by Adobe! Adobe's head of product security and privacy Brad Arkin joins the show in this week's sponsor segment to talk about what he's calling "phantom 0day".

Show notes

U.S. accused of cyberattack on French government | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57553153-83/u.s-accused-of-cyberattack-...

FreeBSD Servers Compromised; Third-Party Software Packages Could be Impacted | threatpost
http://threatpost.com/en_us/blogs/freebsd-servers-compromised-third-part...

Hacker found guilty of massive AT&T-iPad site breach | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57552852-83/hacker-found-guilty-of-mass...

Attackers Had Access for Months in South Carolina Data Breach | threatpost
http://threatpost.com/en_us/blogs/attackers-had-access-months-south-caro...

Researchers Remotely Control Smart Cards with Malware PoC | threatpost
http://threatpost.com/en_us/blogs/researchers-remotely-control-smart-car...

John McAfee, Unhinged: His Bizarre Breaks From Reality | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/mcafee-unhinged/

Megaupload Assisted U.S. Prosecution of Smaller File-Sharing Service | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/megaupload-investigation-roots/

Microsoft hands Windows 8 Pro to pirates by mistake | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57552960-83/microsoft-hands-windows-8-p...

Anonymous escalates its 'cyberwar' against Israel | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57552168-83/anonymous-escalates-its-cyb...

Obama reportedly signs secretive cybersecurity policy directive | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57550092-83/obama-reportedly-signs-secr...

Facebook Enabling HTTPS by Default for North American Users | threatpost
http://threatpost.com/en_us/blogs/facebook-enabling-https-default-north-...

Aussie researchers paid to make US drones unhackable - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/323047,aussie-researchers-paid-to-make...

Operation High Roller Now Targets Europe's SEPA Network and Large US Bank | threatpost
http://threatpost.com/en_us/blogs/operation-high-roller-now-targets-euro...

Pwning Androids, iPhones with Exchange - Messaging - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/323360,pwning-androids-iphones-with-ex...

Researcher owns blue chip managed service platforms - Cloud - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/323288,researcher-owns-blue-chip-manag...

Judge throws out Steam breach lawsuit over lack of "harm" - SC Magazine
http://www.scmagazine.com/judge-throws-out-steam-breach-lawsuit-over-lac...

Who is McAfee? | The official Blog of John McAfee. -[ www.whoismcafee.com ]-
http://www.whoismcafee.com/

This week's feature track: Can't Get Enough by Supergroove
http://www.youtube.com/watch?v=9gEy2FJ_AiA

,

Does the French government know how to back up what they are saying? If so, they might have to get themselves a good evidence. - Feed the Children Reviews

Risky Business #264 -- Three Guys With Ponytails Talk About Security
0:00 / 0:00