Podcasts

This podcast is an interview I did with Accuvant's Joshua Drake, aka jduck. His Breakpoint presentation was on the topic of Android security.

As regular listeners of the Risky Business podcast would know, we're pretty much convinced Android was rushed to market -- it was insecure, immature, way too open and a big, glaring risk to its users. Combine that with the inherent problems with the Android ecosystem and you had a recipe for disaster.

For those unfamiliar with those ecosystem problems, Android is very difficult to patch. Android users must wait for Google to update the OS, then ship the updates to the manufacturers who customise them for their hardware, then in turn they have to pass them on to the carriers, who may or may not customise those OS builds for compatibility with their apps and then pass the updates out over the air. Long story short, most Android devices wind up remaining unpatched.

Well, things have changed. As Joshua outlined in his presentation, Google has built a lot of exploit mitigations into the mobile OS and they're starting to look pretty effective. Is it possible that Google has dodged what many saw as an inevitable bullet?

This podcast is an interview I did with Barnaby Jack, a security researcher with IOActive. Barnes is probably best known for his work on ATM security. He famously "jackpotted" an ATM live on stage at BlackHat in 2010, but if he were to do a live demo of his latest research he'd probably wind up in prison.

That's because he's been looking at implantable defibrillators and pacemakers. As it turns out they have wireless interfaces that allow you to connect to them. You can bypass their rudimentary authentication and start sending 830 volt zaps into your victim's heart which, obviously, isn't ideal.

Jack says these techniques could be used for targeted assassinations, or perhaps even more worryingly, a maliciously motivated person could actually create an auto-propagating worm designed to kill people!

All our coverage of the Breakpoint security conference was made possible by our sponsor PacketLoop.

PacketLoop is a new Australian business that applies big data analysis techniques to your packet captures... you can visualise your captures, drill down into them, and even spot successful 0day attacks against your organisation after the event -- that's a simple trick, that one, they just loop your packet captures through IPSs after the fact... when they get signature updates, they loop them through again. Hence the name, PacketLoop.

You can sign up to a Beta at PacketLoop.com, and I suggest you do. Think of this stuff as like NetWitness in the cloud.

I caught up with PacketLoop co-founder Michael Baker to discuss his presentation at the Ruxcon conference, which was all about Big Data security analytics. I started off by asking him roughly what he planned to talk about.

This week's show is being produced entirely on the ground at the Ruxcon Breakpoint security conference in my old home town of Melbourne Australia! And it's a shorter show than usual because I'm pretty busy down here producing a bunch of podcasts as a part of some joint coverage I'm doing for both Risky.Biz and The Register. If you want to check out some audio and blog posts from Breakpoint, head to http://risky.biz/breakpoint. They're not up yet, but you'll soon find some interviews with people like Barnaby Jack and Joshua Drake (jduck) there\u2026 or you can subscribe to the RB2 podcast feed at http://risky.biz/feeds if you want that content automagically.

In this week's sponsor interview we're chatting with Insomnia Security founder Brett Moore. Thanks to Insomnia security for all its support of this podcast. If you're a CSO in New Zealand and you've never had a pen test from these guys you're doing it wrong.

It's a company founded by Brett Moore and staffed by the likes of our regular news co-host Adam Boileau and his sometime fill in Mark Piper, as well as a few other guys. Brett joins us to recap Breakpoint and tell us what he thinks of the epic MSDfail in NZ. Why do organisations commission expert advice if they're just going to ignore it?

This morning's first presentation was a talk by Roelof Temmingh, the creator of Maltego. The Maltego software, for those who don't know it, is essentially a data analysis and reconnaissance tool with some pretty powerful features.

It was a fascinating presentation that gave conference delegates some real out-of-the-box ideas on target acquisition. Using Maltego it's possible to geographically target random people, for example. If you're interested in targeting agents at a spy agency, you might look for geotagged tweets that originated from the agency's vicinity.

Once you have a list of users who are sloppy with their geodata you can start narrowing down your selection, seeing where else they go, what other social media accounts they have and so on. Temmingh played a video demonstration of this type of target acquisition, honing in on one poor sap who likes to send geo-tagged tweets from the car park of a well known intelligence agency.

From there he established the target's full name, email address, date of birth, education history, employment history, family member identities, travel history, phone make and model, plus camera make, model and serial number.

Temmingh also demonstrated some of the automated network reconnaissance features in the newest release of Maltego, Radium. He's one of the only people on the planet who can turn up to a conference like this and do a one hour product demonstration and still impress people.

Roelof discussed Radium on episode 253 of Risky Business. Check it out here.

The next talk was by famed ATM hacker and all-round nice guy Barnaby Jack. Barnes turned his attention to medical device security some time ago, with his initial research focussing on insulin pumps. Today, however, he went a step further, unveiling research that would enable him to quite literally kill hundreds of thousands of people by creating a peer-to-peer spreading pacemaker and defibrillator device worm.

It would be hilarious if it wasn't so serious. I filed a piece on this for The Register, so go check it out if you're interested.

Following that was a talk by Azimuth Security's Mark Dowd and Tarjei Mandt on the security of Apple's iOS 6 operating system security. It's a topic that Mark has discussed on the Risky Business podcast before, so if you're interested in a broad-brush description of his talk, check out episode 246 here. His interview runs after the news segment.

Matt Miller, who develops exploit mitigation technology at Microsoft, gave a fascinating talk about his challenge in disrupting the workflow of exploit writers. It's more of a niche topic primarily of interest to people working at the cutting edge of exploit creation and mitigation.

That's right, we're only half way through the fourth talk and this is what we've already seen.

Risky.Biz will be bringing you blog posts and audio from the event over the next few days. It might take us a few days to edit and process the audio, so be patient. In the mean time, big thanks to our Breakpoint coverage sponsor PacketLoop. Without those guys none of this coverage would be possible, so go check out their website and sign up for their pre-launch Beta.

The researcher in question, Barnaby Jack, today told the Ruxcon Breakpoint security conference in Melbourne, Australia that "the most obvious scenario would be a targeted attack against a high profile individual."

Jack also warned of a worst-case scenario "worm with the ability to commit mass murder".

Such devices are accessible through a wireless interface designed to deliver telemetry and allow maintenance. But Jack, who works for US-based security company IOActive, has subverted security in that interface and showed delegates a video demonstration of a wireless attack against an Implantable Cardioverter-Defibrillator (ICD). "There's 830 volts going into the heart there, which is a bummer," he said as an audible zap played over the conference audio system.

The attacks work at a range of up to 50 feet.

Read the rest of this piece at The Register.

On this week's show we're chatting with Kevin Mitnick! Arguably the world's best known hacker, Kevin used to be a very naughty boy, and that saw him sent to prison a few times... but since his most recent release over 12 years ago he's established himself as a security consultant, author and globetrotting public speaker.

We're chatting to him about the fundamentals of identity verification. How can you be sure that person on the phone requesting a password reset really is your customer? Can you rely solely on static identity information in this day and age?

This week's show is brought to you by PacketLoop, an Australian start-up doing really interesting packet capture analysis. It's big data security analytics! It's really interesting stuff and we're thrilled to have the support of a local company doing new things.

We'll be chatting to PacketLoop co-founder and CTO Michael Baker in this week's sponsor interview about roughly what they're doing.

PacketLoop is also sponsoring our coverage of Ruxcon Breakpoint next week. Just head to http://risky.biz/breakpoint for all our breakpoint coverage, with thanks to PacketLoop. I'll be down there dual filing stories and audio for Risky.Biz and The Register.

Now chief architect at CrowdStrke, a security company focused on nation-state adversaries, Ionescu says Windows 8 builds on the usermode exploit mitigations introduced into Windows Vista and 7 with new approaches to security that attempt to mitigate kernel mode attacks.

Ionescu will outline those new defences at the Ruxcon Breakpoint security conference in Melbourne, Australia, next week.

He'll tell the audience that many pathways to exploitation will be sealed off in the latest Windows release. "As usermode's been getting tighter and tighter to attack and as in the Windows case more and more services have been moved to the kernel, it's become quite a target \u2026 and the rewards are quite great," Ionescu says. "It'll be interesting to see how attackers deal with the new landscape [after the release of Windows 8]."

That Windows will be targeted is hard to doubt, given that in the past hackers have treated security in Microsoft's flagship as an unmitigated joke. Writing exploits for Windows XP was extremely easy and the resulting boom in malware affecting Windows users was unprecedented. But companies like Microsoft and Adobe have made significant headway in recent years by introducing exploit mitigations to their products.

That's not to say the vulnerabilities have all gone away, but features like application sandboxing, Data Execution Prevention (DEP) and Address Space Layout Randomisation (ASLR) make them difficult to exploit.

Microsoft's efforts started taking shape around 2004, when Service Pack 2 for Windows XP was released. It introduced a basic firewall to the operating system and pestered users into installing anti-virus software and opting for automatic OS updates.

Next came Vista with its much-loathed UAC feature and some basic memory mitigations like DEP and ASLR, with those features tweaked and carried over into Windows 7. All of a sudden, exploiting bugs on current-generation Windows became suddenly significantly harder and the number of usable exploits dropped off. The deluge, today, looks more like a trickle.

READ THE REST OF THIS PIECE AT THE REGISTER.

On this week's show we're taking a look at Windows 8 with Alex Ionescu. Alex works for Crowdstrike, he's a genuine expert in Windows internals and he says exploit writing and persistence when it comes to owning windows boxes is about to get a whole lot harder. That's after the news.

This week's show is brought to you by Insomnia Security. Insomnia is a New Zealand-based consultancy founded by Brett Moore. But these days Insomnia is much bigger than Brett. It has six full timers and they're all very clever chaps. Adam Boileau works there, as does this week's sponsor guest Mark Piper! We're chatting to Mark about what "typical" APT attackers get up to. What does the run of the mill APT MO actually look like?

On this week's show we're taking a look at public transport ticketing security. Some clever fellows from the US of A have figured out how to reset their RFID tickets with a nifty little app for NFC-enabled smartphones. All this due to some positively boneheaded mistakes made during the initial rollout of some ticketing systems. That interview is with Corey Benninger of Intrepidus Group.

This week's show is brought to you by Tenable Network Security. Tenable's co-founder and CEO Ron Gula will be joining the program to talk about the possibility of US president Obama issuing an executive order designed to replace the doomed Cybersecurity Act of 2012, which was shot down by the US congress.

Insomnia Security's Mark Piper fills in for Adam Boileau in this week's news segment.