Podcasts

In this sponsor podcast you'll hear an excerpt from Crispin Cowan's talk. Crispin works for Microsoft, but he used to be a vocal Microsoft critic and Linux fundamentalist.

These days he spends his time trying to retrofit Windows with decent security. He works for the Windows core team.

I'll drop you into the talk here where he's explaining how certain bad things happened to Windows and the Microsoft ecosystem, namely, how interoperability concerns hampered the software company's ability to secure Windows.

In this podcast you'll hear me speaking with Assurance.com.au's Neal Wise about the seven deadly sins of mobility. Neal's a penetration tester and a complete and utter wireless nerd. He's a regular on the show and as it turns out he's a standby speaker for this year's AusCERT conference. If anyone winds up too hungover on Wednesday to speak, Neal will step in.

You'll have most likely heard that Google has been busted collecting payload data from wireless networks as its vans drove around doing Google Street view videos... so I asked Neal for his take on that also. Enjoy.

This week's show is sponsored by Check Point Software.

In it we check in with Belgium-based security guy, spare-time researcher and noodler Didier Stevens.

We're talking to Didier about a weird little project he unveiled a couple of months ago. He's taken the source code from the command interpreter from ReactOS and compiled it into a DLL that he can shove into memory.

That way he gets shell without launching a new process. I got him on the show to ask him what the hell's wrong with Meterpreter for that sort of thing.

We'll also be joined by Check Point's Dan Baucaut in this week's sponsor interview. It used to be that outsourcing your firewall management was all the rage, but is it still popular and does it still make sense? Did it ever make sense?

As always, Adam Boileau is the week's news guest.

This week's feature interview is with Matt Olney of Sourcefire's vulnerability research team. These guys have put a bunch of work into a new open source tool that can grab files, like PDFs, off the wire, scan them for dodgy stuff and trigger Snort alerts.

It's called Near Real Time detection and it might just have legs.

This week's edition of the show is brought to you by Tenable Network Security, and as is our custom here at Risky.Biz HQ we chat with Tenable's CEO and industry stalwart Ron Gula in this week's sponsor interview. In it we discuss McAfee's borked update of a couple of weeks ago, logic bugs in the cloud and more.

Adam Boileau, as usual, drops in to discuss the week's news headlines.

You can find more info on NRT here.

In this RB2 podcast, sponsored by Symantec, Lateral Security's Adam Boileau and Mark Piper talk Web application hacking tools. What's hot? What's not? Web Scarab, Burp or CAT? Which for what? Play to find out!

H D Moore is this week's feature guest. The company he works for, Rapid7, will soon release a commercial version of Metasploit.

Risky Business asks HD about the new product and discusses the controversy that may arise from the commercialisation of the open source project.

Vitaly Kamlyuk from Kaspersky Lab is this week's sponsor guest. In the interview Vitaly expresses concerns that some legitimate research -- his, at times, included -- is playing into the hands of the bad guys.

And Adam Boileau is this week's news guest.

BTW Risky Business rules.

On this week's show we have a chat to Paul Ducklin about what he sees as questionable ethics behind some mobile malware research.

Researchers from Rutgers University and Veracode have written mobile phone malware or trojans; the latter even released the source code to their BlackBerry trojan. But what purpose does this serve, asks Duck. Is there any benefit at all to be had from writing and releasing trojans, even if they are written for academic purposes?

This week's sponsor interview is with Check Point's Fredrik Borjesson, and Adam Boileau is the week's feature guest.

In this edition of the RB2 podcast we're chatting with Declan Ingram from Securus Global about an interesting report that was recently released by analysis house Forrester.

It was commissioned by Microsoft and was intended to assess the data security practices of North American, European, and Australian enterprises by surveying CISOs.

Forrester sought to understand the value of sensitive information contained in enterprise portfolios; the security controls used to protect this information; the drivers of information security programs; and the cost and impact of enterprise data security incidents.

There were some interesting findings. Among them, that security managers use compliance regimes to justify security spending, not security for security's sake.

You can download the report here.

Risky Business 2 is sponsored exclusively by Symantec.

This week we're chatting with the company's vice president of security response, Vincent Weafer.

In this interview, Vincent and I discuss the relative complexity of modern malware. Gone are the days of 214-byte malware that could spread via a single UDP packet. They were good days, but now they're gone and we're dealing with some really diabolically complicated stuff.

But we're still seeing malware that's relatively simple considering its 2010. Gumblar is a good example of that -- it's simple and not particularly sophisticated, but it's been very effective.

So which poses a bigger threat? Simple stuff or complicated stuff?

This week we speak to iDefense analyst Kim Zenz, who's currently based in Moscow. We'll be getting an update on what the bad guys are up to in the former USSR, after all it's usually a good indicator of what they'll get up to in Western countries in the not too distant future.

After that we'll check in with Chris Wysopal, aka Weld Pond. He's the CTO of Veraocde and joins us to talk about the company's first ever state of software security report which is a surprisingly engaging read. That's this week's sponsor interview.

Adam Boileau, as usual, sheds his beardy McUNIXguy perspective on the week's news.

Here is a link to the APNIC stuff Adam and I talk about in the show.