Podcasts

On this week's show we're chatting with renowned megabrain Peter Gutmann about a paper on side channel attacks against crypto keys in virtualised environments. It's really complicated stuff, but very, very interesting.

Peter didn't do this research or write the paper, but I always like getting his take on this stuff because... well... he's really smart and he doesn't overhype stuff. That's after the news.

This week's show is brought to you by a new sponsor! NCC Group! Yay!

These guys have been the acquisition monster over the last couple of years, picking up NGS Security, iSec Partners and Matasano, among others. They're a large infosec company these days with a lot of extremely clever people working for them.

Joining us in this week's sponsor interview is Wade Alcorn, the Australia country manager for NCC Group... he's also the founder of the BeEF project and a very smart guy. He's joining us to have a chat about some interesting developments in Japan where a bunch of people have been arrested and charged with criminal offences for writing grey-market and downright illegal mobile apps.

We've got a great feature interview in this week's show with a computer science undergrad in the US who worked on a paper dealing with GPS security. You'll find out how you can melt down power lines with GPS haxx! Fun for the whole family!

This week's show is sponsored by Tenable Network Security. We'll be having Tenable product manager Jack Daniel on the line to talk about the death of periodical vulnerbility scanning. Apparently continuous scanning is all the rage these days!

I've spent the entire week down with the manflu, as you will probably hear, so apologies if the energy levels are down a bit this week.

This podcast is an interview with Eric "Musclenerd" McDonald. Eric is a renowned iPhone jailbreaker and as such has a very detailed understanding of smartphone platforms.

His talk at Ruxcon Breakpoint was all about the security of baseband chipsets. If you follow this stuff you might know that the baseband chipsets in these smartphones -- which handle all the basic communications functions of the phones -- are actually quite sophisticated. And where there's sophistication, there are potential problems.

As you'll hear, there's research going into attacking baseband chipsets through two vectors -- directly through the cell network, if you control it, or if you can trick your targets handset into associating with your fake networks... or indeed through the OS. It's interesting stuff.

This podcast is an interview I did at the Breakpoint security conference with security researcher Travis Goodspeed. He's come up with a hardware device called FaceDancer that allows him to capture USB device firmware by emulating the devices. What can you do with that? Well, you can start messing with those devices, loading up custom firmware, and even use modified USB devices to attack hosts.

This week's show is brought to you by our benevolent overlords at Adobe! And this week's sponsor interview is a must listen. Adobe's director of product security and privacy Brad Arkin joins us to discuss the breach at Adobe HQ that lead to malicious binaries being signed as valid by their code signing boxes.

Yes, it's a sponsor interview but Brad does a great job at answering some tough questions about the known extent of the compromise. I found that conversation extremely interesting and I suspect you will too.

We also chat to him about some new security features in Flash Player and Reader.

Also this week we're chatting with Paul Ducklin of Sophos Australia. Duck is well known to most Risky Business listeners, he's a regular guest, and this week he's joining us to talk about a few items of interest -- Oracle's awful patching schedule, a Sony lawsuit getting tossed and some weak DKIM issues that affected Google.

Insomnia Security's Mark Piper joins us to discuss the week's news headlines. You can find links to all our news in this week's show notes.

This podcast is an interview I did with Accuvant's Joshua Drake, aka jduck. His Breakpoint presentation was on the topic of Android security.

As regular listeners of the Risky Business podcast would know, we're pretty much convinced Android was rushed to market -- it was insecure, immature, way too open and a big, glaring risk to its users. Combine that with the inherent problems with the Android ecosystem and you had a recipe for disaster.

For those unfamiliar with those ecosystem problems, Android is very difficult to patch. Android users must wait for Google to update the OS, then ship the updates to the manufacturers who customise them for their hardware, then in turn they have to pass them on to the carriers, who may or may not customise those OS builds for compatibility with their apps and then pass the updates out over the air. Long story short, most Android devices wind up remaining unpatched.

Well, things have changed. As Joshua outlined in his presentation, Google has built a lot of exploit mitigations into the mobile OS and they're starting to look pretty effective. Is it possible that Google has dodged what many saw as an inevitable bullet?

This podcast is an interview I did with Barnaby Jack, a security researcher with IOActive. Barnes is probably best known for his work on ATM security. He famously "jackpotted" an ATM live on stage at BlackHat in 2010, but if he were to do a live demo of his latest research he'd probably wind up in prison.

That's because he's been looking at implantable defibrillators and pacemakers. As it turns out they have wireless interfaces that allow you to connect to them. You can bypass their rudimentary authentication and start sending 830 volt zaps into your victim's heart which, obviously, isn't ideal.

Jack says these techniques could be used for targeted assassinations, or perhaps even more worryingly, a maliciously motivated person could actually create an auto-propagating worm designed to kill people!

All our coverage of the Breakpoint security conference was made possible by our sponsor PacketLoop.

PacketLoop is a new Australian business that applies big data analysis techniques to your packet captures... you can visualise your captures, drill down into them, and even spot successful 0day attacks against your organisation after the event -- that's a simple trick, that one, they just loop your packet captures through IPSs after the fact... when they get signature updates, they loop them through again. Hence the name, PacketLoop.

You can sign up to a Beta at PacketLoop.com, and I suggest you do. Think of this stuff as like NetWitness in the cloud.

I caught up with PacketLoop co-founder Michael Baker to discuss his presentation at the Ruxcon conference, which was all about Big Data security analytics. I started off by asking him roughly what he planned to talk about.

This week's show is being produced entirely on the ground at the Ruxcon Breakpoint security conference in my old home town of Melbourne Australia! And it's a shorter show than usual because I'm pretty busy down here producing a bunch of podcasts as a part of some joint coverage I'm doing for both Risky.Biz and The Register. If you want to check out some audio and blog posts from Breakpoint, head to http://risky.biz/breakpoint. They're not up yet, but you'll soon find some interviews with people like Barnaby Jack and Joshua Drake (jduck) there\u2026 or you can subscribe to the RB2 podcast feed at http://risky.biz/feeds if you want that content automagically.

In this week's sponsor interview we're chatting with Insomnia Security founder Brett Moore. Thanks to Insomnia security for all its support of this podcast. If you're a CSO in New Zealand and you've never had a pen test from these guys you're doing it wrong.

It's a company founded by Brett Moore and staffed by the likes of our regular news co-host Adam Boileau and his sometime fill in Mark Piper, as well as a few other guys. Brett joins us to recap Breakpoint and tell us what he thinks of the epic MSDfail in NZ. Why do organisations commission expert advice if they're just going to ignore it?

This morning's first presentation was a talk by Roelof Temmingh, the creator of Maltego. The Maltego software, for those who don't know it, is essentially a data analysis and reconnaissance tool with some pretty powerful features.

It was a fascinating presentation that gave conference delegates some real out-of-the-box ideas on target acquisition. Using Maltego it's possible to geographically target random people, for example. If you're interested in targeting agents at a spy agency, you might look for geotagged tweets that originated from the agency's vicinity.

Once you have a list of users who are sloppy with their geodata you can start narrowing down your selection, seeing where else they go, what other social media accounts they have and so on. Temmingh played a video demonstration of this type of target acquisition, honing in on one poor sap who likes to send geo-tagged tweets from the car park of a well known intelligence agency.

From there he established the target's full name, email address, date of birth, education history, employment history, family member identities, travel history, phone make and model, plus camera make, model and serial number.

Temmingh also demonstrated some of the automated network reconnaissance features in the newest release of Maltego, Radium. He's one of the only people on the planet who can turn up to a conference like this and do a one hour product demonstration and still impress people.

Roelof discussed Radium on episode 253 of Risky Business. Check it out here.

The next talk was by famed ATM hacker and all-round nice guy Barnaby Jack. Barnes turned his attention to medical device security some time ago, with his initial research focussing on insulin pumps. Today, however, he went a step further, unveiling research that would enable him to quite literally kill hundreds of thousands of people by creating a peer-to-peer spreading pacemaker and defibrillator device worm.

It would be hilarious if it wasn't so serious. I filed a piece on this for The Register, so go check it out if you're interested.

Following that was a talk by Azimuth Security's Mark Dowd and Tarjei Mandt on the security of Apple's iOS 6 operating system security. It's a topic that Mark has discussed on the Risky Business podcast before, so if you're interested in a broad-brush description of his talk, check out episode 246 here. His interview runs after the news segment.

Matt Miller, who develops exploit mitigation technology at Microsoft, gave a fascinating talk about his challenge in disrupting the workflow of exploit writers. It's more of a niche topic primarily of interest to people working at the cutting edge of exploit creation and mitigation.

That's right, we're only half way through the fourth talk and this is what we've already seen.

Risky.Biz will be bringing you blog posts and audio from the event over the next few days. It might take us a few days to edit and process the audio, so be patient. In the mean time, big thanks to our Breakpoint coverage sponsor PacketLoop. Without those guys none of this coverage would be possible, so go check out their website and sign up for their pre-launch Beta.