Podcasts

This week's edition of Risky Business is brought to you by Kaspersky and hosted by Virtual.Offis.

This week we take a look at patch management and ask why it still sucks. Security professionals have been advising their clients to sort out their patching processes for more than ten years, but it's still at the top of many, many a post-audit report.

We chat to Securosis analyst Rich Mogull about his research on patch management.

In this week's sponsor interview with chat with Kaspersky Labs' Vitaly Kamlyuk about the next generation of ransomware doing the rounds in the Russian Federation. Let's hope it doesn't wind up here!

Adam Boileau, as always, is this week's news guest.

In this instalment of RB2 we'll be hearing from Australian Federal Police Assistant Commissioner Neil Gaughan, who heads up High Tech and Child Protection Operations, for the AFP.

A recent report in the Sydney Morning Herald detailed changes to Australian law that would allow the Australian Federal Police to physically destroy computers if they contain encrypted data the police can't unlock.

The story also talked about further changes to laws that would stiffen penalties for suspects who refuse to hand over encryption keys and passwords.

Anyway, it all sounded pretty extreme and drew a pretty adverse reaction from Adam Boileau, our regular news guest on the Risky Business podcast, so I thought I'd get Neil on the line and ask him about these changes, instead of just assuming the worst.

Neil joined me by phone on Monday for this interview!

On this week's show we're joined by a very special guest -- Brian Snow.

Until his recent retirement, Brian was the technical director of information assurance for the United States National Security Agency. So, in other words he knows a few things about information security and in this week's show we cover a bunch of stuff with him -- everything from Google's recent trouble in China to e-voting, to cyrpto trust models and more.

That's after the news.

In this week's sponsor interview Veracode's Tyler Shields joins us to chat about the Blackberry proof of concept spyware he's created... apparently it's still not too hard to get custom malware installed on to the Blackberry and Tyler will tell us all about it!

On this week's show we'll be checking the news with Adam Boileau, as we always do, then we're going to have a chat with Brett Moore of Insomnia Security.

A bug Brett found featured in the most recent patch Tuesday release, so we thought we'd get him on the line and get the latest scuttlebut from the world of vulnerability research. Where are the new bugs popping up? What are the trends? What can we expect?

That's after the news.

We stick with the vulnerabilities theme in this week's sponsor interview with Fred Borjesson of Check Point Software here in Australia. We're speaking to Fred about software vendors' rather annoying habit of sitting on bugs.

That IE6 bug that popped every man and his dog over the southern summer had been reported to Microsoft a long time before those attacks -- should we be angry that it took that long? Or would the attackers just found another bug Microsoft didn't know about for their attacks?

Risky Business is back for 2010!

On this week's program we chat with information security legend Dan Geer.\t

Dan's the Chief Information Security Officer for In-Q-Tel, which is, in essence, the technology investment arm of the CIA. He's not appearing in Risky Business is his capacity as an In-Q-Tel employee, however, he joins us as a veteran of the information security industry.

Dan helped create Kerberos during his tie with project Athena at MIT and was the chief technology officer at @Stake for a time.

He's joining us to discuss his prediction of a decline in the popularity of general-purpose computers and the rise of tightly controlled devices like Apple's iPad.

Later on we'll be joined by another veteran, Ron Gula, the chief executive of Tenable Network Security, our sponsor. Ron's popping in to have a bit of a chat about the great big hairy attack on Google.

First, as always, we'll cover the news headlines with our regular guest Adam Boileau.

This week's edition of Risky Business is brought to you by Check Point Software.

It's our last episode for the year -- Risky Business will be back in February 2010.

Until then, here's our year in review special. It's a light hearted look back on 2009, the year that was.

Check Point's Steve MacDonald stops by for this week's sponsor interview.

This week's episode of Risky Business is the second last for the year!

In this week's feature interview we're chatting with Neal Wise about his "one finger punch".

Neal's done some really interesting work in hacking Cisco firmware and the exploit he's developed is literally a two word command that gives you unrestricted access to a whole bunch of Cisco kit. It's not a massive story or anything. It's just funny.

Tenable Network Security's CEO Ron Gula pops along for this week's sponsor interview. He recently keynoted the SANS Incident Detection Summit. Incident response is its own field with its own quirks and Ron wound up having some very interesting conversations with the other attendees. So I got him on the line and asked him to recap the event for us.

Adam Boileau, as always, is this week's news guest.

In this sponsored podcast, Symantec's VP of security response joins RB2 to talk about some novel new approaches to the malware problem.

We don't normally talk to sponsors about their own technology, but this is just where the conversation went, and it's pretty interesting stuff!

Symantec's vision for the future is to gauge the level of risk posed to systems by building up a database that ranks executables according to their reputation. It's sort of like eBay's system of ranking buyers and sellers. I'd heard of this approach a while ago, but Vincent drills down into a bit of detail here. It's good stuff.

In this edition of RB2 you'll hear Paul Craig's Kiwicon 3 presentation, Hacking Scientists. As you'll hear, Paul has developed some fuzzing methodologies that he's applied to scientific software.

This sort of software -- chemistry stuff, fluid dynamics stuff etc -- is used by weapons designers, pharmaceutical engineers, car manufacturers and all sorts of very interesting people.

In other words, this software is found on the same systems as the world's most valuable IP. It's good stuff to find bugs in.

You might recognise Paul's voice -- in addition to working for Security-Assessment.com he's a regular contributor to the RB2 podcast. Enjoy!

This week's show is brought to you by the fine folks at Sophos.

This week we're looking at what the mainstream media is calling "climategate".

As world leaders meet in Copenhagen to try to hammer out a coordinated response to global warming, the blogosphere and indeed the mainstream press are all in a tizz over thousands of hacked e-mails from the Climate Research Unit of the University of East Anglia.

In all 13 years of e-mails were stolen from the CRU and leaked online, with some of the e-mails appearing to show scientists manipulating data to exaggerate warming. For their part, scientists say those e-mails have been taken out of context.

Either way, climategate has given climate sceptics a boost leading into Copenhagen, and as you'll hear, the scandal has certainly muddied the climate agenda at a critical time.

So we'll be chatting with scientist and climate change expert Professor Ian Enting from the University of Melbourne about climategate and its impact on the scientific community.

We'll also be having a chinwag with Paul Craig of Security-Assessment.com in New Zealand. Paul has done a whole bunch of research into hacking scientific software -- stuff like fluid dynamics packages, circuit modelling software and even chemistry modelling software. As it turns out, not many people have looked for bugs in this stuff, and they're everywhere. So it's our "hacking scientists" special edition of Risky Business this week.

Paul Ducklin will also be along later in the show for this week's sponsor interview. We'll be talking about that research into English language shellcode.

And Adam Boileau is this week's news guest!