Podcasts

News, analysis and commentary

Risky Business Podcast

May 14, 2015

Risky Business #366 -- Software defined networking security

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Dave Jorm of IIX -- International Internet Exchange. We're previewing his upcoming AusCERT talk all about software defined networking security. It's fancy tech, but there are some interesting little quirks CSOs should definitely be across.

This week's show is sponsored by Senetas, big thanks to them. Senetas CTO Julian Fay is this week's sponsor guest. We talk about those horrible Open Smart Grid bugs and a few other things, that's coming up later.

Adam Boileau, as usual, joins the show to discuss the week's news headlines.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Venom VM bug called "perfect" for NSA, or for stealing bitcoins and passwords | Ars Technica
http://arstechnica.com/security/2015/05/venom-vm-bug-called-perfect-for-...

Extremely serious virtual machine bug threatens cloud providers everywhere | Ars Technica
http://arstechnica.com/security/2015/05/extremely-serious-virtual-machin...

Cybersecurity firm accused of staging data breaches to extort clients
http://www.engadget.com/2015/05/09/tiversa-whistleblower/

US Government Labeled Al Jazeera Journalist as Al Qaeda
https://firstlook.org/theintercept/2015/05/08/u-s-government-designated-...

Court Rules NSA Bulk Data Collection Was Never Authorized By Congress | WIRED
http://www.wired.com/2015/05/breaking-news-federal-court-rules-nsa-bulk-...

GPU-based rootkit and keylogger offer superior stealth and computing power | Ars Technica
http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-...

$7500 DDoS extortion hitting Aussie, Kiwi enterprises \u2022 The Register
http://www.theregister.co.uk/2015/05/08/ddos_hitting_oz_nz/

Microsoft Brings Perfect Forward Secrecy to Windows | Threatpost | The first stop for security news
https://threatpost.com/new-crypto-suites-bring-perfect-forward-secrecy-t...

Tor Cloud Shut Down Amid Lack of Support | Threatpost | The first stop for security news
https://threatpost.com/tor-cloud-shut-down-amid-lack-of-support/112725

MacKeeper Zero Day Patched | Threatpost | The first stop for security news
https://threatpost.com/mackeeper-patches-remote-code-execution-zero-day/...

Remotely Exploitable Vulnerabilities in SAP Compression Algorithms | Threatpost | The first stop for security news
https://threatpost.com/remotely-exploitable-vulnerabilities-in-sap-compr...

Adobe, Microsoft Push Critical Security Fixes - Krebs on Security
http://krebsonsecurity.com/2015/05/adobe-microsoft-push-critical-securit...

Home Automation Protocol Z-Way Vulnerable to Remote Attacks | Threatpost | The first stop for security news
https://threatpost.com/home-automation-protocol-z-way-vulnerable-to-remo...

SDN and Security - David Jorm | ONOS
http://onosproject.org/2015/04/03/sdn-and-security-david-jorm/

CloudRouter\xae | Router Distribution for the Cloud
https://cloudrouter.org/

Meeting Snowden in Princeton | Light Blue Touchpaper
https://www.lightbluetouchpaper.org/2015/05/02/meeting-snowden-in-prince...

Open Smart Grid Protocol Homegrown Crypto Weaknesses | Threatpost | The first stop for security news
https://threatpost.com/weak-homegrown-crypto-dooms-open-smart-grid-proto...

Zuluboy - Mbombela (A Twist of Bayethe) - YouTube
https://www.youtube.com/watch?v=KFS4cSmzjYY

Risky Business #366 -- Software defined networking security
0:00 / 58:25

Other Category

May 13, 2015

Serious Business #3 -- Sy Hersh can't melt steel beams

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

As usual for Serious Business I'm joined by AJ+ satirist, Australian comedian Dan Ilic, to discuss a few topical items of the last week, and boy, we've got some good stuff for you.. we're talking about journalist Seymour Hersh's latest investigative work -- is it pure fiction? We're talking about DeflateGate, we're talking Elon Musk being a douche and we're talking MAD MAX, Fury Road...

Serious Business #3 -- Sy Hersh can't melt steel beams
0:00 / 32:14

Risky Business Podcast

May 07, 2015

Risky Business #365 -- Defence in derpth

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is brought to you by BugCrowd -- crowdsourced security testing. Bugcrowd founder and CEO Casey Ellis will join us in this week's sponsor interview to tell us about the latest trends in bounties and crowdsourced security.

He's got some useful info. It turns out bounty participants are getting better at doing OSINT collection to win when testing. So yeah, creds and stuff in Github and repos that shouldn't be there are giving these guys easy wins... we'll also talk about the latest trends in terms of who's running bounty programs -- it's not just companies testing web and mobile apps these days, they're doing a bunch more work on IoT and installable software. It's a solid trend.

There's no feature interview in this week's show because, well, it was a pretty slow week. I was expecting last week's US House hearing into possible US responses to encryption technology to give me heaps of feature material for this week's show, but it was actually a bit of a fizzer, which is pretty awesome, actually.

Adam Boileau, as usual, joins the show to discuss the week's news headlines.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Windows Update for Business Uproots Patch Tuesday | Threatpost | The first stop for security news
https://threatpost.com/patch-tuesday-facelift-end-of-an-era/112640

A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent\u2026
https://blogs.windows.com/msedgedev/2015/05/06/a-break-from-the-past-par...

Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday \u2022 The Register
http://www.theregister.co.uk/2015/05/04/microsoft_windows_10_updates/

With Lock Research, Another Battle Brews in the War Over Security Holes | WIRED
http://www.wired.com/2015/05/lock-research-another-battle-brews-war-secu...

Vulnerability-Riddled Drug Pumps Open to Takeover | Threatpost | The first stop for security news
https://threatpost.com/vulnerability-riddled-drug-pumps-open-to-takeover...

Interpol alerted as teenage hacker from Perth flees to Europe | The Australian
http://www.theaustralian.com.au/news/nation/interpol-alerted-as-teenage-...

Programmer Convicted in Bizarre Goldman Sachs Case-Again | WIRED
http://www.wired.com/2015/05/programmer-convicted-bizarre-goldman-sachs-...

WikiLeaks Finally Brings Back Its Submission System for Your Secrets | WIRED
http://www.wired.com/2015/05/wikileaks-finally-brings-back-submission-sy...

How Selerity reported Twitter's earnings-before Twitter did | Ars Technica
http://arstechnica.com/business/2015/05/how-selerity-reported-twitters-2...

'Just follow the damn Constitution!' FBI, DoJ skewered over demands for crypto backdoors \u2022 The Register
http://www.theregister.co.uk/2015/05/01/congress_gives_bipartisan_bolloc...

Congress, Crypto and Craziness | Threatpost | The first stop for security news
https://threatpost.com/congress-crypto-and-craziness/112508

Zuck'ed up: Facebook opens up free internet in India - but bans HTTPS \u2022 The Register
http://www.theregister.co.uk/2015/05/04/internet_org_facebook/

Foiling Pump Skimmers With GPS - Krebs on Security
http://krebsonsecurity.com/2015/05/foiling-pump-skimmers-with-gps/

PayIvy Sells Your Online Accounts Via PayPal - Krebs on Security
http://krebsonsecurity.com/2015/05/payivy-sells-your-online-accounts-via...

Google Research Reveals Profitable, Pervasive Ad Injector Ecosystem | Threatpost | The first stop for security news
https://threatpost.com/google-research-reveals-profitable-pervasive-ad-i...

Microsoft LAPS Tool Addresss Local Admin Password Problem | Threatpost | The first stop for security news
https://threatpost.com/microsoft-laps-tool-tackles-common-local-admin-pa...

Netflix Releases FIDO Incident Response Tool | Threatpost | The first stop for security news
https://threatpost.com/netflix-releases-fido-incident-response-tool/112618

Google Updates Password Alert Extension, But Some Bypasses Still Work | Threatpost | The first stop for security news
https://threatpost.com/google-updates-password-alert-extension-but-some-...

Super secretive malware wipes hard drive to prevent analysis | Ars Technica
http://arstechnica.com/security/2015/05/super-secretive-malware-wipes-ha...

Dyre Banking Trojan Avoids Sandbox Detection | Threatpost | The first stop for security news
https://threatpost.com/dyre-banking-trojan-jumps-out-of-sandbox/112533

The BACKRONYM MySQL Vulnerability - Blog - Duo Security
https://www.duosecurity.com/blog/backronym-mysql-vulnerability

Behold: the drop-dead simple exploit that nukes Google's Password Alert | Ars Technica
http://arstechnica.com/security/2015/04/behold-the-drop-dead-simply-expl...

Actively exploited WordPress bug puts millions of sites at risk | Ars Technica
http://arstechnica.com/security/2015/05/actively-exploited-wordpress-bug...

Spam-blasting malware infects thousands of Linux and FreeBSD servers | Ars Technica
http://arstechnica.com/security/2015/04/spam-blasting-malware-infects-th...

Lenovo System Update Vulnerabilities Patched | Threatpost | The first stop for security news
https://threatpost.com/lenovo-patches-vulnerabilities-in-system-update-s...

Sally Beauty Card Breach, Part Deux? - Krebs on Security
http://krebsonsecurity.com/2015/05/sally-beauty-card-breach-part-deux/

02 - Mammal - Think - YouTube
https://www.youtube.com/watch?v=mCQXqHr9CwE

Risky Business #365 -- Defence in derpth
0:00 / 52:16

Other Category

May 05, 2015

Serious Business #2 -- Can we stop it with the Muhammad cartoons already?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this edition of Serious Business, Australia's Most Hated Man (tm) Dan Ilic and I speak about the (failed) shooting attack against a group of very silly Americans who got together to denigrate Islam.

We also speak about Apple's stupid watch. I should warn you, too, I don't edit this podcast for bad language and there are f-bombs aplenty. So if you have your kids in your car and you don't want them hearing my awful, awful language, please turn off this podcast now.

Serious Business #2 -- Can we stop it with the Muhammad cartoons already?
0:00 / 24:06

Risky Business Podcast

April 30, 2015

Risky Business #364 -- The cuckoo's carton

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature interview we chat with John Strand, a SANS instructor and co-host of Security Weekly's Webcasts. He runs Black Hills information security and he's a maintainer of the ADHD Linux distro -- it's essentially a curation of active defence tools that you can use to do some funky stuff. But in this case active defence doesn't mean popping shells on boxes in China, it's more about annoying the absolute shit out of your adversaries.

In this week's sponsor interview we're chatting with Chris Gatford, HackLabs' founder and head honcho, all about something that came up last week -- software defined radio security testing. Is there a market for that sort of thing like last week's guest Balint Seeber suggested?

Well, yes and no. That interview is coming up at the end of the show.

Adam Boileau, as usual, stops in to discuss the week's news headlines.

Links to everything are in this week's show notes.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Risky Business #364 -- The cuckoo's carton
0:00 / 53:24

Other Category

April 29, 2015

Serious Business #1 -- Dan Ilic and Pat talk about stuff [EXPLICIT]

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Risky Business host Patrick Gray and Australian comedian Dan Ilic talk about topics that have nothing to do with information security.

Like:

* Australia's obsession with the Gallipoli campaign and the sacking of Scott McIntyre from the SBS.
* Australia's new vaccination requirements for parents who still want all those tasty, tasty tax benefits.
* The "ISIS doctor", Tareq Kamleh. Is he doing anything wrong?

PLEASE NOTE: I didn't bother editing out naughty words in this one, so if you have kids in the car you may not wish to expose them to our awful language.

Serious Business #1 -- Dan Ilic and Pat talk about stuff [EXPLICIT]
0:00 / 27:15

Risky Business Podcast

April 24, 2015

Risky Business #363 -- Software defined radio gets interesting

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show was cut together from our nation's capital, Canberra!

I've been down here to attend the Australian Cyber Security Centre conference, which was actually pretty good. There were some great technical talks. One of them was by Balint Seeber on Software defined radio haxing, he's our feature guest in this week's show.

We'll talk to him about messing around with aircraft radar, ACARS, keyless entry and all sorts of stuff. He even managed to take control of a satellite 15 million kilometres from Earth from his laptop while he was in a DEFCON talk! (Don't try this at home. Or do. I don't know what advice to give on that one.)

This week's show is brought to you by Tenable Network Security, makes of fine, fine information security software like Nessus. If you aren't familiar with Tenable's stuff you really should be, they make some excellent kit. Head to Tenable.comto check that out.

In this week's sponsor interview we're chatting with Tenable's strategist Jack Daniel. He's over at the RSA conference and he'll be giving us a rundown on what it's like there. Over 500 exhibitors this year. Crazy.

Adam Boileau, as usual, is in the news chair this week.

Links to everything are in this week's show notes.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Risky Business #363 -- Software defined radio gets interesting
0:00 / 67:49

Risky Business Podcast

April 16, 2015

Risky Business #362 -- Bob Rudis on the Verizon Data Breach Investigation report

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we're chatting with Bob Rudis of Verizon about that company's annual data breach investigation report. After what I thought was a bit of a lapse in relevance last year, the 2015 report has come back stronger than ever. There are some genuinely interesting findings.

This week's show is brought to you by Intralinks! In this week's sponsor interview Intralinks North America field CTO Darren Glenister will pop in to talk about data sovereignty in the age of cloud computing. Specifically, how do customer-managed key setups affect things? Is the location of the data important? Or is the location the data is controlled from a bigger deal?

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

April 2015 Microsoft Patch Tuesday Security Bulletins | Threatpost | The first stop for security news
https://threatpost.com/microsoft-patches-critical-http-sys-vulnerability...

Hackers Could Commandeer New Planes Through Passenger Wi-Fi | WIRED
http://www.wired.com/2015/04/hackers-commandeer-new-planes-passenger-wi-fi/

An App That Hides Secret Messages in Starcraft-Style Games | WIRED
http://www.wired.com/2015/04/app-hides-secret-messages-starcraft-style-g...

Hacker Lexicon: What Are Chip and PIN Cards? | WIRED
http://www.wired.com/2015/04/hacker-lexicon-chip-pin-cards/

How Popcorn Time's Piracy App Is Sneaking Onto iPhones | WIRED
http://www.wired.com/2015/04/popcorn-times-piracy-app-sneaking-onto-ipho...

Chrome starts pushing Java off the Web by disabling plugins | Ars Technica
http://arstechnica.com/information-technology/2015/04/chrome-starts-push...

Researchers try to hack the economics of zero-day bugs | Ars Technica
http://arstechnica.com/security/2015/04/researchers-try-to-hack-the-econ...

Prosecutors suspect man hacked lottery computers to score winning ticket | Ars Technica
http://arstechnica.com/tech-policy/2015/04/prosecutors-suspect-man-hacke...

Botnet that enslaved 770,000 PCs worldwide comes crashing down | Ars Technica
http://arstechnica.com/security/2015/04/botnet-that-enslaved-770000-pcs-...

Russia pulls alleged 'Svpeng' kingpin \u2022 The Register
http://www.theregister.co.uk/2015/04/14/russia_pulls_alleged_svpeng_king...

Verizon, NetFlix, KFC ad-men pay traffic cons $500k a month \u2022 The Register
http://www.theregister.co.uk/2015/04/15/verizon_netflix_kfc_admen_pay_tr...

POS Providers Feel Brunt of PoSeidon Malware - Krebs on Security
http://krebsonsecurity.com/2015/04/pos-providers-feel-brunt-of-poseidon-...

Hacked French TV network admits "blunder" that exposed YouTube password | Ars Technica
http://arstechnica.com/security/2015/04/hacked-french-tv-network-admits-...

NSA dreams of smartphones with "split" crypto keys protecting user data | Ars Technica
http://arstechnica.com/tech-policy/2015/04/nsa-dreams-of-smartphones-wit...

Middle school student charged with cybercrime in Holiday | Tampa Bay Times
http://www.tampabay.com/news/publicsafety/crime/middle-school-student-ch...

Meet the e-voting machine so easy to hack, it will take your breath away | Ars Technica
http://arstechnica.com/tech-policy/2015/04/meet-the-e-voting-machine-so-...

Don't Be Fodder for China's 'Great Cannon' - Krebs on Security
http://krebsonsecurity.com/2015/04/dont-be-fodder-for-chinas-great-cannon/

What the Ridiculous Fuck, D-Link?! - /dev/ttyS0
http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/

Apple splats Safari flaw affecting a BEELLION iThings \u2022 The Register
http://www.theregister.co.uk/2015/04/15/apple_splats_safari_flaw_affecti...

Critical Updates for Windows, Flash, Java - Krebs on Security
http://krebsonsecurity.com/2015/04/critical-updates-for-windows-flash-java/

Latest version of OS X closes backdoor-like bug that gives attackers root | Ars Technica
http://arstechnica.com/security/2015/04/latest-version-of-os-x-closes-ba...

acars security - Google Search
https://www.google.com/search?q=acars&oq=acars&aqs=chrome..69i57j0l5.109...

Multi-faceted enterprise security | Intralinks
https://www.intralinks.com/platform-solutions/platform/security

Screaming Headless Torsos (Smile in a Wave) - YouTube
https://www.youtube.com/watch?v=fYgPU-WnmnA

Support Patrick Gray creating The Risky Business Podcast
https://www.patreon.com/riskybusiness

Risky Business #362 -- Bob Rudis on the Verizon Data Breach Investigation report
0:00 / 70:54

Risky Business Podcast

April 09, 2015

Risky Business #361 -- ISIS pwns French TV, Russians pwn White House

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We've got a shorter than usual show for you this week. It's actually been a three day week here in Australia because we get Easter Friday and Easter Monday off. So there's no feature interview this week, sorry about that.

But nonetheless we've got a great podcast for you this week. We'll be checking the week's news headlines with Adam Boileau then moving right on into this week's sponsor interview.

This week's show is brought to you by Rapid7, makers of fine, fine information security software. And we're chatting with Rapid7's Wade Woolwine in this week's sponsor interview about how to get the most out of what you have. It can be as simple as rotating some of your smartest people through different areas of your businesses. Make your best pentester deal with the SIEM setup for a month and guess what? You're going to have a much better SIEM setup at the end of it!

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

French TV5Monde channel hit by pro-Islamic State hackers - Yahoo News
http://news.yahoo.com/french-tv5monde-hit-pro-islamic-state-hackers-2221...

French broadcaster TV5Monde hacked: Yahoo News | Reuters
http://www.reuters.com/article/2015/04/08/us-tv5monde-cybercrime-idUSKBN...

'ISIS hackers' overtake French TV station - RT News
http://rt.com/news/248073-islamic-state-hackers-french-tv/

How Russians hacked the White House - CNN.com
http://edition.cnn.com/2015/04/07/politics/how-russians-hacked-the-wh/in...

White House denies CNN report that Russian hackers penetrated sensitive computer systems - ABC News (Australian Broadcasting Corporation)
http://www.abc.net.au/news/2015-04-08/white-house-denies-russian-hacker-...

New lawsuit says DEA phone surveillance was illegal
http://www.usatoday.com/story/news/2015/04/08/eff-lawsuit-dea-telephone-...

On John Oliver, Edward Snowden Says Keep Taking Dick Pics | WIRED
http://www.wired.com/2015/04/john-oliver-edward-snowden-dick-pics/

Popular crypto app uses single-byte XOR and nowt else, hacker says \u2022 The Register
http://www.theregister.co.uk/2015/04/07/uberpopular_crypto_app_uses_xor_...

Anonabox Recalls 350 'Privacy' Routers for Security Flaws | WIRED
http://www.wired.com/2015/04/anonabox-recall/

Review: Anonabox or InvizBox, which Tor router better anonymizes online life? | Ars Technica
http://arstechnica.com/information-technology/2015/04/review-anonabox-or...

Vulnerability Forces Mozilla to Disable Opportunistic Encryption in Firefox | Threatpost | The first stop for security news
https://threatpost.com/vulnerability-forces-mozilla-to-disable-opportuni...

TrueCrypt alternatives VeraCrypt CipherShed Step Up | Threatpost | The first stop for security news
https://threatpost.com/post-cryptanalysis-truecrypt-alternatives-step-fo...

FBI Warns of Fake Govt Sites, ISIS Defacements - Krebs on Security
http://krebsonsecurity.com/2015/04/fbi-warns-of-fake-govt-sites-isis-def...

As many as 1 million sites imperiled by dangerous bug in WordPress plugin | Ars Technica
http://arstechnica.com/security/2015/04/as-many-as-1-million-sites-imper...

Change.org springs a leak, exposes private e-mail addresses [updated] | Ars Technica
http://arstechnica.com/security/2015/04/change-org-springs-a-leak-expose...

Linux Australia Breached by Hackers | Threatpost | The first stop for security news
https://threatpost.com/linux-australia-hit-with-server-breach/112025

In the time it takes you to watch The Hangover, AT&T will pay a $25m fine for privacy scandal \u2022 The Register
http://www.theregister.co.uk/2015/04/08/fcc_at_t_25_million_dollar_fine/

Schneier on Security: Australia Outlaws Warrant Canaries
https://www.schneier.com/blog/archives/2015/03/australia_outla.html

Most top corporates still Heartbleeding over the internet \u2022 The Register
http://www.theregister.co.uk/2015/04/08/still_bleeding_one_year_laterhea...

Police chief: "Paying the Bitcoin ransom was the last resort" | Ars Technica
http://arstechnica.com/tech-policy/2015/04/police-chief-paying-the-bitco...

Chrome extension collects browsing data, uses it for marketing | Ars Technica
http://arstechnica.com/security/2015/04/chrome-extension-collects-browsi...

Bugs in Tor network used in attacks against underground markets | Ars Technica
http://arstechnica.com/security/2015/04/bugs-in-tor-network-used-in-atta...

NTP Symmetric Key Authentication Security Vulnerabilities Patched | Threatpost | The first stop for security news
https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patche...

Aw, snap! How huge HTML links can crash Chrome tabs in one click \u2022 The Register
http://www.theregister.co.uk/2015/04/07/chrome_awsnap_vuln/

Apple Releases Security Updates for OS X, iOS, Safari, and Apple TV | US-CERT
https://www.us-cert.gov/ncas/current-activity/2015/04/08/Apple-Releases-...

Strontium 90 (band) - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Strontium_90_%28band%29

Risky Business #361 -- ISIS pwns French TV, Russians pwn White House
0:00 / 50:59

Risky Business Podcast

April 02, 2015

Risky Business #360 -- The Great GitHub DDoS of 2015

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we chat with Arbor Networks' Roland Dobbins about the Great GitHub DDoS of 2015, Paul Asadoorian of Tenable Network Security about vulnerability management and, of course, Adam Boileau about the week's security news.

Don't forget you can now support the Risky Business page via our Patreon campaign. Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

DEA Agent Charged With Acting as a Paid Mole for Silk Road | WIRED
http://www.wired.com/2015/03/dea-agent-charged-acting-paid-mole-silk-road/

Silk Road Boss' First Murder-for-Hire Was His Mentor's Idea | WIRED
http://www.wired.com/2015/04/silk-road-boss-first-murder-attempt-mentors...

Feds Demand Reddit Identify Users of a Dark-Web Drug Forum | WIRED
http://www.wired.com/2015/03/dhs-reddit-dark-web-drug-forum/

Massive denial-of-service attack on GitHub tied to Chinese government | Ars Technica
http://arstechnica.com/security/2015/03/massive-denial-of-service-attack...

DDoS Attack on GitHub Linked to Earlier One Against GreatFire.org | Threatpost | The first stop for security news
https://threatpost.com/ddos-attack-on-github-linked-to-earlier-one-again...

Google Online Security Blog: Maintaining digital certificate security
http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-c...

New Obama Order Allows Sanctions Against Foreign Hackers | WIRED
http://www.wired.com/2015/04/new-obama-order-allows-sanctions-foreign-ha...

E-mail autofill blunder leaks personal details of G20 world leaders | Ars Technica
http://arstechnica.com/tech-policy/2015/03/e-mail-autofill-blunder-leaks...

Volatile Cedar APT Group First Operating Out of Lebanon | Threatpost | The first stop for security news
https://threatpost.com/volatile-cedar-apt-group-first-operating-out-of-l...

Bitcoin's Blockchain Offers Safe Haven For Malware And Child Abuse, Warns Interpol - Forbes
http://www.forbes.com/sites/thomasbrewster/2015/03/27/bitcoin-blockchain...

Energy companies around the world infected by newly discovered malware | Ars Technica
http://arstechnica.com/security/2015/03/energy-companies-around-the-worl...

Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1 | Motherboard
http://motherboard.vice.com/read/stolen-uber-customer-accounts-are-for-s...

Noose around Internet's TLS system tightens with 2 new decryption attacks | Ars Technica
http://arstechnica.com/security/2015/03/noose-around-internets-tls-syste...

Google joins Apple, others in calling for spying controls, as Patriot Act vote nears - CNET
http://www.cnet.com/news/google-joins-apple-others-in-calling-for-spying...

NSA considered ending phone surveillance program -- report - CNET
http://www.cnet.com/news/nsa-considered-ending-phone-surveillance-progra...

Little Change in Online Behavior Following Snowden Revelations | Threatpost | The first stop for security news
https://threatpost.com/little-change-in-online-behavior-following-snowde...

Cross-dressing blokes storm NSA HQ: One shot dead, one hurt \u2022 The Register
http://www.theregister.co.uk/2015/03/30/nsa_hq_rammed/

New Firefox version says "might as well" to encrypting all Web traffic | Ars Technica
http://arstechnica.com/security/2015/04/new-firefox-version-says-might-a...

Verizon Allows Opt Out of UIDH Mobile Supercookie | Threatpost | The first stop for security news
https://threatpost.com/verizon-allows-opt-out-of-uidh-mobile-supercookie...

Multicast DNS Vulnerability Could Lead to DDOS Amplification | Threatpost | The first stop for security news
https://threatpost.com/multicast-dns-vulnerability-could-lead-to-ddos-am...

Google kills 200 ad-injecting Chrome extensions, says many are malware | Ars Technica
http://arstechnica.com/security/2015/04/google-kills-200-ad-injecting-ch...

'Revolution' Crimeware & EMV Replay Attacks - Krebs on Security
http://krebsonsecurity.com/2015/04/revolution-crimeware-emv-replay-attacks/

Sign Up at irs.gov Before Crooks Do It For You - Krebs on Security
http://krebsonsecurity.com/2015/03/sign-up-at-irs-gov-before-crooks-do-i...

Who Is the Antidetect Author? - Krebs on Security
http://krebsonsecurity.com/2015/03/who-is-the-antidetect-author/

Critical Vulnerabilities Affecting JSON Web Token Libraries | Threatpost | The first stop for security news
https://threatpost.com/critical-vulnerabilities-affect-json-web-token-li...

This one weird trick deletes any YouTube flick in just a few clicks \u2022 The Register
http://www.theregister.co.uk/2015/04/01/simple_trick_to_delete_any_youtu...

Trailer: Shades of Black - The Valhalla Lights story
https://www.youtube.com/watch?v=ZQdLyNNgYcA

Risky Business #360 -- The Great GitHub DDoS of 2015
0:00 / 61:49