Podcasts

It's a solid week for BitCoin news. The (maybe) outing of the elusive Satoshi Nakamoto, the MtGox mystery, dead exchanges and even, unfortunately, a suicide of a former BitCoin exchange CEO in Singapore.

But there's been plenty of other news! Apple's gotofail bug, GnuTLS issues, more NTP amplification attacks, and of course YahooWebcamGate. You can find links to the news items discussed in this week's show here.

There's also a stack of interviews in this week's podcast, including a bunch recorded in San Francisco last week. The run sheet looks like this:

\t- The Grugq discussing the news headlines of the last two weeks
\t- Marcus Ranum on the RSA trade floor discourse
\t- RSA CEO Art Coviello on the NSA controversy
\t- ACLU principal technologist Chris Soghoian
\t- RSA Chief Architect Robert Griffin
\t- Jack Daniel of Tenable Network Security (sponsor interview) on the "Threat Intelligence" buzzword craze

This week we chat with a local consultant, Mark Brand of Datacom TSS, about the general topic of authentication. We've seen some interesting cases of things going wrong with auth on consumer sources lately. The @n Twitter username hijacking, the Matt Honan disaster of 2012.

Now Google's run off and bought SlickLogin, a novel approach to mobile app auth. Will that get us anywhere? And what about NameCoin -- a BitCoin protocol-derived peer-to-peer authentication scheme? I'd never heard of it, but the concept is fascinating. Mark pops by to fill us in.

This week's show is brought to you by Senetas. In this week's sponsor interview we're chatting with Senetas CTO Julian Fay about some work they've been doing on their Ethernet products. As it turns out, variable frame sizes can give up too much info to an attacker, so they've worked on some neat new tech that basically forces their stuff to send fixed length frames and make sure everything stays random.

Adam Boileau pops by as usual to chat about the week's security news. Show notes, including links, are here.

On this week's show we're chatting with COSEINC's Thomas Lim about the Wassenaar Arrangement. It's basically a worldwide framework that restricts the sale of munitions and dual use technologies, and it has exploits in its sites.

COSEINC is a security research company that engages in exploit development, and Lim thinks extending regulations to exploit sales is pointless.

This week's show is brought to you by BugCrowd, a company that was founded in Australia but is now based in San Francisco thanks to VC investment.

Bugcrowd runs outsourced bug bounties, and its founder and CEO Casey Ellis joins the show in this week's sponsor interview to talk about the latest goings on in the burgeoning bug bounty industry!

We're back after a nice long rest, and boy oh boy did a lot of stuff happen during the break. Adam Boileau joins the show to discuss the choicest selection of news items to emerge over the last six weeks.

In this week's feature slot we chat to OJ Reeves about his work in upgrading Meterpreter, the Metasploit payload. There are some cool new features on the way, he'll clue us in on those.

This week's show is brought to you by Tenable Network Security.

Tenable's very own Marcus Ranum will be joining us to have a chat about security metrics in this week's sponsor interview, stick around for that.

Show notes for this week's episode are here.

Patrick Gray on Twitter.
Adam Boileau on Twitter.

This is the final Risky Business podcast for 2013. The show will resume its weekly schedule in February 2014.

Oh, and there are still three sponsor slots left between now and July. If you're interested, drop us a line with the contact form...

This week's show looks back over the key events and trends of 2013; how media focus shifted from focussing on China's cyber-espionage to the scandalous revelations of the Snowden leaks.

We also take a quick look at the Silk Road bust, say goodbye to some friends and check in with Insomnia Security's Brett Moore in this week's sponsor interview.

On this week's show we speak to Bromium co-founder and CTO Simon Crosby all about its tech. We don't normally interview vendors about their technology in the feature slots, but Bromium is very interesting stuff. It's all about hardware-enabled task isolation with Xen-based micro VMs. The way they've implemented this makes it quite difficult for an attacker to gain persistence on a target machine. Simon is a very technical guy, it's a great interview and it's after the news.

This week's show is brought to you by Tenable Network Security, makers of fine, fine, vulnerability scanning tools like Nessus. And in this week's sponsor interview we chat with Tenable's chief architect for the Asia Pacific region Dick Bussiere. Dick is based in Singapore, and surprisingly enough the infosec agenda there isn't being set by the Snowden leaks. So what's driving the infosec narrative in .sg? Dick joins the show with his view.

In this week's show we speak with TrustedSec CEO Dave Kennedy about his testimony to the US congress about the Obama administration's healthcare.gov website. It cost over $600m and it's riddled with infosec 101 bugs. We find out just how bad it is and what can be done about it.

This week's show is brought to you by Senetas, makers of fine, fine layer 2 encryption software. In this week's sponsor interview we speak with Senetas CTO and co-founder Julian Fay about the sudden popularity of the layer 2 crypto gear they've been selling for something like 15 years. Have the Snowden revelations actually changed things for encryption companies? Julian says yes, big time, in a tangible way.

Adam Boileau, as always, joins us for a discussion of the week's security news headlines. Links to the news items discussed, plus some other stuff, can be found here.

On this week's show, can you have your cake and eat it too? Is it possible to build a usable instant messenger platform that is secure and immune to traffic and metadata analysis?

We speak with international man of mystery The Grugq all about creating a platform that ticks these boxes. As it turns out, it can be done. So goodbye Yahoo, MSN, AOL and Skype... hello to something completely new!

This week's show is brought to you by Tenable Network Security! In this week's sponsor interview we chat with Jeffrey Man of Tenable about why using point to point encryption to dodge PCI scope is an awful idea.

Adam Boileau, as always, stops by to chat about the week's news. Show notes, including links to the week's news items, can be found here.

In this week's show Adam Boileau and I take a look at the technology industry's latest response to the Snowden revelations. The pushback is definitely gaining momentum.

This week's show is brought to you by Tenable Network Security, big thanks to them. And this week's sponsor interview is with Tenable's very own Jack Daniel

We're chatting to him about the bad patches that have been dispatched from Redmond lately. It's been a long time since we've seen dud patches out of Microsoft, but lately, boy, there have been a few. Will you need to change your operating procedures over this? Stay tuned to find out.

In this week's show we chat to McAfee antivirus founder John McAfee about his D-Central project and touch on the events of the last 12 months.

Is he funny "ha ha" or funny "look out"? Have a listen, judge for yourself.

This week's show is brought to you by Context Information Security, and we've got a great sponsor chat with Context's Alex Chapman this week about an evaluation they did on mobile platforms and MDM solutions for the Communications-Electronics Security Group, the part of GCHQ that handles the defensive side of things. Does Android suck as badly as everyone thinks it does? Is Good for Enterprise... umm... good for the enterprise?

Adam Boileau, as always, stops in for the week's news headlines. Show notes, including links to the items discussed, can be found here.