Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business Podcast

June 27, 2014

Risky Business #327 -- PayPal grounded by Flight Mode

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Zach Lanier of Duo Security about some work he did on bypassing PayPal's two-factor authentication. In short, PayPal's implementation had an absolute clanger of a logic bug in it that these guys were able to find. The secret sauce to the attack? Flight mode! No joke.

This week's show is sponsored by Tenable Network Security, thanks to them! In this week's sponsor interview we'll hear from Tenable's Marcus Ranum about whether or not law enforcement agencies actually have their priorities straight when it comes to computer crime. Are they going after targets that most harm society? Or are they just hitting soft targets?

Adam Boileau, as always, joins us to discuss the week's news headlines. Show notes are here.

Risky Business #327 -- PayPal grounded by Flight Mode
0:00 / 0:00

Risky Business Podcast

June 20, 2014

Risky Business #326 -- Code Spaces, Nokia blackmailed in hacks

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we have a quick chat with The Register's Darren Pauli about XP still being bloody everywhere. You'd think organisations out there would realise how absolutely crackheaded it is to keep running XP since support ended, but nope... Even the police are happily chugging away on perennially vulnerable boxes. Great.

This week's show is brought to you by BugCrowd: outsourced bug bounty programs.

BugCrowd founder and CEO Casey Ellis will be along in this week's sponsor interview to talk about how you can scope a bounty program. If someone does something out of scope should you still pay? It surprised me but Casey says there's a golden rule of thumb in these circumstances -- did you change code? Then pay a bounty.

We also get his thoughts on whether or not a bounty program would have turned up the bug that smashed Tweetdeck last week.

Adam Boileau, as usual, joins us for the week's news headlines. Show notes here.

Follow Pat on Twitter here.
Follow Adam on Twitter here.

Risky Business #326 -- Code Spaces, Nokia blackmailed in hacks
0:00 / 0:00

Risky Business Podcast

June 13, 2014

Risky Business #325 -- China's old stuff more popular than its new stuff

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we chat to The Grugq about the Chinese cyber espionage campaign unmasking that has no one talking. Unlike the unit 61398 report from Mandiant last February, CrowdStrike's unit 61486 report has really fallen flat.

We'll talk to The Grugq about why that is in this week's feature interview.

In this week's sponsor interview we're chatting with Ron Gula, Tenable Network Security's co-founder and CEO. OpenSSL issues have actually become a genuine pain in the ass for most enterprises, we'll get Ron's observations on that.

Show notes

TweetDeck Hacked-Panic (And Rickrolling) Ensues | Threat Level | WIRED
http://www.wired.com/2014/06/tweetdeck-hacked/

Austrian Teen Ground Zero Of TweetDeck Hack | Threatpost | The first stop for security news
http://threatpost.com/a-day-to-forget-for-teen-at-center-of-tweetdeck-sh...

Personal data for Twitter founders leaked on Tor network - CNET
http://www.cnet.com/au/news/personal-data-for-twitter-founders-leaked-on...

Yahoo Toolbar Vulnerability Triggers Non-Exploitable XSS Payload on All Websites - The Hacker News
http://thehackernews.com/2014/06/yahoo-toolbar-vulnerability-triggers_10...

Gmail Bug Could Have Exposed Every User's Address | Threat Level | WIRED
http://www.wired.com/2014/06/gmail-bug-could-have-exposed-every-users-ad...

Feedly And Evernote Go Down As Attackers Demand Ransom [Update: Second attack brings Feedly down again]
http://www.forbes.com/sites/jaymcgregor/2014/06/11/feedly-and-evernote-g...

Audit Project Released Verified Repositories of TrueCrypt 7.1a | Threatpost | The first stop for security news
http://threatpost.com/audit-project-releases-verified-repositories-of-tr...

Alleged Oleg Pliss iPhone Hackers Arrested in Russia | Threatpost | The first stop for security news
http://threatpost.com/alleged-oleg-pliss-iphone-hackers-arrested-in-russ...

The Feds Are Auctioning a Small Fortune in Silk Road Bitcoins | Threat Level | WIRED
http://www.wired.com/2014/06/silkroad-bitcoin-auction/

USMS Asset Forfeiture Sale
http://www.usmarshals.gov/assets/2014/bitcoins/

China Putter Panda APT Attacks Linked to PLA Unit 61486 | Threatpost | The first stop for security news
http://threatpost.com/attacks-against-space-satellite-companies-linked-t...

China lashes out at Google, Apple for allegedly stealing state secrets - CNET
http://www.cnet.com/au/news/china-lashes-out-at-google-apple-for-alleged...

Inside Edward Snowden's Life as a Robot | Threat Level | WIRED
http://www.wired.com/2014/06/inside-edward-snowdens-life-as-a-robot/

Cops Can't Collect Your Cell Tower Data Without a Warrant, Court Rules | Threat Level | WIRED
http://www.wired.com/2014/06/cell-tower-data-requires-warrant/

Some Governments Have Backdoor Access to Listen in on Calls, Vodafone Says | Threat Level | WIRED
http://www.wired.com/2014/06/vodafone-transparency-report/

Microsoft fights US warrant for customer data stored overseas - CNET
http://www.cnet.com/au/news/microsoft-fights-us-warrant-for-customer-dat...

Quantum Random Number Generator Created Using A Smartphone Camera - Medium
https://medium.com/@arxivblog/quantum-random-number-generator-created-us...

After Heartbleed, We're Overreacting to Bugs That Aren't a Big Deal | Threat Level | WIRED
http://www.wired.com/2014/06/bleed/

Red Button Attack Could Compromise Smart TVs | Threatpost | The first stop for security news
http://threatpost.com/red-button-attack-could-compromise-some-smart-tvs/...

iOS 8 Will Randomize MAC Addresses to Help Stop Tracking | Threatpost | The first stop for security news
http://threatpost.com/ios-8-will-randomize-mac-addresses-to-help-stop-tr...

Google Play App Permissions Privacy, Security Concerns | Threatpost | The first stop for security news
http://threatpost.com/hot-cold-reactions-to-new-google-play-app-permissi...

Edit Google account permissions from an Android device - CNET
http://www.cnet.com/au/how-to/edit-google-account-permissions-from-an-an...

Pinkie Pie Linux Kernel Patch Available | Threatpost | The first stop for security news
http://threatpost.com/debian-urging-users-patch-linux-kernel-flaw/106516

VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable | Threatpost | The first stop for security news
http://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-...

Adobe, Microsoft Push Critical Security Fixes - Krebs on Security
http://krebsonsecurity.com/2014/06/adobe-microsoft-push-critical-securit...

Hat-tribution to PLA Unit 61486 | CrowdStrike
http://www.crowdstrike.com/blog/hat-tribution-pla-unit-61486/index.html

The Cat Empire - Till The Ocean Takes Us All - YouTube
https://www.youtube.com/watch?v=u0hMf6pO66E&feature=kp

We Love the Iraqi Information Minister
http://www.welovetheiraqiinformationminister.com/

Risky Business #325 -- China's old stuff more popular than its new stuff
0:00 / 0:00

Risky Business Podcast

June 06, 2014

Risky Business #324 -- More SSL bugs, plus a chat with Andy Greenberg

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we're joined by Wired journalist Andy Greenberg to chat about one of his areas of interest and coverage -- underground markets and crypto currencies. We also chat to Andy about his views on post-Wikileaks leaking. Why did Snowden go to Glenn Greenwald instead of Wikileaks and what does that tell us about Wikileaks' founding philosophy?

Tune in to hear all about it.

In this week's sponsor interview we chat with Julian Fay, CTO of Senetas.

Senetas is a publicly listed Australian company that makes awesome, awesome layer 2 encryption technology, check out their stuff at Senetas.com.

Julian joins us in this week's show to talk about the demise of Truecrypt and discuss various models for ensuring quality in encryption standards and code.

Show notes

Heartbleed Redux: Another Gaping Wound in Web Encryption Uncovered | Threat Level | WIRED
http://www.wired.com/2014/06/heartbleed-redux-another-gaping-wound-in-ss...

Heartbleed Cupid Wireless Attacks Expose OpenSSL Over WPA | Threatpost | The first stop for security news
http://threatpost.com/heartbleed-exploitable-over-enterprise-wireless-ne...

GnuTLS Patches Critical Remote Code Execution Bug | Threatpost | The first stop for security news
http://threatpost.com/gnutls-patches-critical-remote-code-execution-bug/...

Google Releases End-to-End Encryption Extension | Threatpost | The first stop for security news
http://threatpost.com/google-releases-end-to-end-encryption-extension/10...

Google mocks the NSA with an Easter egg found in email encryption plugin - Neowin
http://www.neowin.net/news/google-mocks-the-nsa-with-an-easter-egg-found...

Crowdsourcing to be Part of Phase Two of TrueCrypt Audit | Threatpost | The first stop for security news
http://threatpost.com/truecrypt-cryptanalysis-to-include-crowdsourcing-a...

NIST Seeking Public Comment on SHA-3 Crypto Algorithm | Threatpost | The first stop for security news
http://threatpost.com/nist-seeks-public-comment-on-sha-3-crypto-algorith...

N.S.A. Collecting Millions of Faces From Web Images - NYTimes.com
http://www.nytimes.com/2014/06/01/us/nsa-collecting-millions-of-faces-fr...

Cut Off Glassholes' Wi-Fi With This Google Glass Detector | Threat Level | WIRED
http://www.wired.com/2014/06/find-and-ban-glassholes-with-this-artists-g...

Iranian Spies Pose as Reporters to Target Lawmakers, Defense Contractors | Threat Level | WIRED
http://www.wired.com/2014/05/iranian-spying/

Dan Farmer Presents Research on IPMI Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/vulnerabilities-in-ipmi-protocol-have-long-shelf-l...

Fake 'Placebo Apps' Booted From Google Play, Amazon | Threatpost | The first stop for security news
http://threatpost.com/placebo-security-apps-booted-from-google-play-amaz...

US disrupts $100M GameOver Zeus malware cybercrime ring - CNET
http://www.cnet.com/au/news/us-disrupts-100m-gameover-zeus-malware-cyber...

Spammer sprung to run Russian national payment system \u2022 The Register
http://www.theregister.co.uk/2014/06/04/hacker_hired_to_build_russias_na...

Hackers Infiltrate Desk Phones for Epic Office Pranks | Threat Level | WIRED
http://www.wired.com/2014/06/desk-phone-hacks/

Monsanto Suffers Data Breach at Precision Planting Unit | Threatpost | The first stop for security news
http://threatpost.com/monsanto-suffers-data-breach-at-precision-planting...

#Operation Irongeek #opirongeek Facts: On Thursday June 5 it was learned - Pastebin.com
http://pastebin.com/X9QxnX8k

Apache Patches Bugs in Tomcat | Threatpost | The first stop for security news
http://threatpost.com/apache-patches-dos-information-disclosure-bugs-in-...

June 2014 Microsoft Patch Tuesday Security Updates | Threatpost | The first stop for security news
http://threatpost.com/microsoft-expected-to-patch-ie-8-zero-day-on-patch...

The Perch Creek Family Jugband - The Great Unknown - YouTube
https://www.youtube.com/watch?v=6on7qCRpHGY

Home
http://www.perchcreek.com/

True Goodbye: 'Using TrueCrypt Is Not Secure' - Krebs on Security
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-s...

Risky Business #324 -- More SSL bugs, plus a chat with Andy Greenberg
0:00 / 0:00

Risky Business Podcast

May 29, 2014

Risky Business #323 -- Sabu, TrueCrypt march into history?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we've got a great interview with Micah Lee. He works for The Intercept, the publication Glenn Greenwald set up to report on the Snowden leaks. He's developed a very simple file transfer tool for ToR called Onionshare. It's a very simple utility that has a bunch of interesting applications.

This week's show is brought to you by Rapid7, thanks a bunch to the guys and gals there. Rapid7's Lee Weiner drops in to talk about how we lock down corporate security in a world where most of your users re-use their VPN passwords on every website they ever join.

Show notes

Lulzsec Leader and Informant 'Sabu' Let Off With Time Served | Threat Level | WIRED
http://www.wired.com/2014/05/hector-monsegur-sabu-sentencing/

US states to investigate eBay security practices - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386257,us-states-to-investigate-ebay-secur...

Apple Ransomware Targeting iCloud Users Hits Australia | Threatpost | The first stop for security news
http://threatpost.com/apple-ransomware-targeting-icloud-users-hits-austr...

TrueCrypt Warns Software 'Not Secure,' Development Shut Down | Threatpost | The first stop for security news
http://threatpost.com/ominous-warning-or-hoax-truecrypt-warns-software-n...

China accuses US of 'large-scale' cyberspying - CNET
http://www.cnet.com/au/news/china-accuses-us-of-large-scale-cyberspying/

China looks to Linux as Windows alternative - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386577,china-looks-to-linux-as-windows-alt...

Spotify alerts Android users to upgrade, citing breach - CNET
http://www.cnet.com/au/news/spotify-alerts-android-users-to-upgrade-citi...

Freedom Act passes US House, despite Silicon Valley concerns - CNET
http://www.cnet.com/au/news/freedom-act-passes-us-house-despite-silicon-...

House Initiates NIST-NSA Separation on Crypto Standards | Threatpost | The first stop for security news
http://threatpost.com/house-committee-initiates-nist-nsa-separation-on-c...

Microsoft: Ignore Unofficial XP Update Workaround
http://www.darkreading.com/microsoft-ignore-unofficial-xp-update-workaro...?

Avast support forum hack snags usernames, passwords - CNET
http://www.cnet.com/au/news/avast-support-forum-hack-snags-usernames-pas...

Complexity as the Enemy of Security - Krebs on Security
http://krebsonsecurity.com/2014/05/complexity-as-the-enemy-of-security/

HackerOne Bug Bounty Platform Lands Top Microsoft Security Expert | Threatpost | The first stop for security news
http://threatpost.com/hackerone-bug-bounty-platform-lands-top-microsoft-...

Pinterest Launches Bug Bounty Program | Threatpost | The first stop for security news
http://threatpost.com/pinterest-launches-bug-bounty-program/106321

Darpa Turns Oculus Into a Weapon for Cyberwar | Threat Level | WIRED
http://www.wired.com/2014/05/darpa-is-using-oculus-rift-to-prep-for-cybe...

NZ meteorology supercomputer hacked - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386441,nz-meteorology-supercomputer-hacked...

CryptoLocker Ransomware Competitor May Have Fatal Flaw | Threatpost | The first stop for security news
http://threatpost.com/cryptolocker-ransomware-competitor-may-have-fatal-...

Backdoor in Call Monitoring, Surveillance Gear - Krebs on Security
http://krebsonsecurity.com/2014/05/backdoor-in-call-monitoring-surveilla...

micahflee/onionshare \xb7 GitHub
https://github.com/micahflee/onionshare

Kiwicon 8: It Is On
https://www.kiwicon.org/blog/kiwicon-8-it-is-on/

LABJACD | Unearthed
https://www.triplejunearthed.com/artist/labjacd

Risky Business #323 -- Sabu, TrueCrypt march into history?
0:00 / 0:00

Risky Business Podcast

May 23, 2014

Risky Business #322 -- China charges: Just what is America doing?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

On this week's show we've got a cracking interview with ANU Professor and former prime ministerial advisor Hugh White about the charges brought against alleged Chinese military hackers by the US Department of Justice. That one's coming up after the news.

This week's show is brought to you by Tenable Network Security. Jack Daniel of Tenable stops by in this week's sponsor interview to talk about password managers in light of the eBay breach. Is it time we really started encouraging people to use them?

Show notes

Hackers raid eBay in historic breach, access 145 million records | Reuters
http://uk.reuters.com/article/2014/05/22/uk-ebay-password-idUKKBN0E10ZL2...

Expert: Fake eBay Customer List is Bitcoin Bait - Krebs on Security
http://krebsonsecurity.com/2014/05/expert-fake-ebay-customer-list-is-bit...

'Blackshades' Trojan Users Had It Coming - Krebs on Security
http://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/

U.S. Indictment of Chinese Hackers Could Be Awkward for the NSA | Enterprise | WIRED
http://www.wired.com/2014/05/us-indictments-of-chinese-military-hackers-...

USDOJ: U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage
http://www.justice.gov/opa/pr/2014/May/14-ag-528.html

NSA reportedly installing spyware on US-made hardware - CNET
http://www.cnet.com/au/news/nsa-reportedly-installing-spyware-on-us-made...

China ups security checks on tech suppliers as US tensions mount - CNET
http://www.cnet.com/au/news/china-ups-security-checks-on-tech-suppliers-...

Why did China ban Windows 8? - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386140,why-did-china-ban-windows-8.aspx

Cisco CEO asks Obama to control NSA surveillance - CNET
http://www.cnet.com/au/news/cisco-ceo-asks-obama-to-control-nsa-surveill...

NSA Reform Bill Passes the House-With a Gaping Loophole | Threat Level | WIRED
http://www.wired.com/2014/05/usa-freedom-act-2/

Free App Lets the Next Snowden Send Big Files Securely and Anonymously | Threat Level | WIRED
http://www.wired.com/2014/05/onionshare/

Pro-Privacy Blackphone Pulls $30M Into Silent Circle | TechCrunch
http://techcrunch.com/2014/05/21/silent-circle-funding/

Whistleblowers Beware: Apps Like Whisper and Secret Will Rat You Out | Business | WIRED
http://www.wired.com/2014/05/whistleblowers-beware/

Secrets, lies and Snowden's email: why I was forced to shut down Lavabit | Comment is free | theguardian.com
http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shu...

Darkcoin, the Shadowy Cousin of Bitcoin, Is Booming | Threat Level | WIRED
http://www.wired.com/2014/05/darkcoin-is-booming/

AFP arrests man over Melbourne IT hack - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386200,afp-arrests-man-over-melbourne-it-h...

SNMP DDoS Attacks Spike
http://www.darkreading.com/attacks-breaches/snmp-ddos-attacks-spike/d/d-...?

SNMP Public Community String Zero Day in Routers Disclosed | Threatpost | The first stop for security news
http://threatpost.com/embedded-devices-leak-authentication-data-via-snmp...

XMPP Mandating Encryption on Messaging Service Operators | Threatpost | The first stop for security news
http://threatpost.com/xmpp-mandating-encryption-on-messaging-service-ope...

Remove metadata from Office files, PDFs, and images - CNET
http://www.cnet.com/au/how-to/remove-metadata-from-office-files-pdfs-and...

Chip and PIN EMV Protocol security vulnerabilities found | Threatpost | The first stop for security news
http://threatpost.com/researchers-find-serious-problems-in-chip-and-pin-...

Privileged User Access Lacking Trust But Verify | Threatpost | The first stop for security news
http://threatpost.com/enterprises-still-lax-on-privileged-user-access-co...

ICS-CERT Confirms Public Utility Compromised Recently | Threatpost | The first stop for security news
http://threatpost.com/ics-cert-confirms-public-utility-compromised-recen...

Samsung Eyeing Iris Recognition for New Phones | Threatpost | The first stop for security news
http://threatpost.com/samsung-eyeing-iris-recognition-for-new-phones/106222

Why You Should Ditch Adobe Shockwave - Krebs on Security
http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/

Malvertising Redirecting to Angler EK, Silverlight Exploits | Threatpost | The first stop for security news
http://threatpost.com/malvertising-redirecting-to-microsoft-silverlight-...

Android Outlook App Could Expose Emails, Attachments | Threatpost | The first stop for security news
http://threatpost.com/android-outlook-app-could-expose-emails-attachment...

Microsoft Working on Patch for IE 8 Zero Day | Threatpost | The first stop for security news
http://threatpost.com/microsoft-working-on-patch-for-ie-8-zero-day/106247

Chrome 35 Fixes 23 Security Flaws | Threatpost | The first stop for security news
http://threatpost.com/chrome-35-fixes-23-security-flaws/106188

Professor Hugh White - Researchers - ANU
https://researchers.anu.edu.au/researchers/white-hj

02 - Mammal - Think - YouTube
https://www.youtube.com/watch?v=mCQXqHr9CwE&feature=kp

Risky Business #322 -- China charges: Just what is America doing?
0:00 / 0:00

Risky Business Podcast

May 09, 2014

Risky Business 321 -- Silvio goes to Bunnings

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Silvio Cesare about his new pastime of messing around with home alarm systems, garage door remotes and car immobilisers. How secure do you think your little key ring transmitters are? Well, not very. But the interesting thing is, the tools that you need to crack these things are now very cheap -- could we see thieves roaming the streets with software defined radios, opening up your neighbourhood's garages? Tune in to find out

This week's show is brought to you by HackLabs, an Australian penetration testing and security consulting firm. HackLabs head honcho Chris Gatford joins us in this week's sponsor interview to have a yarn about inadvertent disclosures.

It seems every week we're reading another story about sensitive information being uploaded to a web accessible directory and indexed by Google. It's true that there's no cure for stupid, but is there anything we can do to stop these things happening?

Adam Boileau, as always, joins the show to discuss the week's security news.

Show notes and links to everything can be found here.

Risky Business 321 -- Silvio goes to Bunnings
0:00 / 0:00

Risky Business Podcast

May 02, 2014

Risky Business #320 -- Hacking cars with Charlie Miller

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with security researcher Charlie Miller about the work he's been doing with Chris Valasek on hacking cars. It's fun stuff, but yeah, it might make you want to go back to driving an older car.

This week's show is sponsored by BugCrowd. We've got a great interview with BugCrowd founder and CEO Casey Ellis about a really, really interesting little case study he went through involving a random bug-hunter who'd tried blackmailing a BugCrowd client. The solution they came up with was ingenious and spectacularly lulzy.

Show notes

Microsoft fixes big IE bug -- even on Windows XP - CNET
http://www.cnet.com/news/microsoft-fixes-big-ie-bug-on-windows-xp-even/

Microsoft tells IE users how to defend against zero-day bug - CNET
http://www.cnet.com/news/microsoft-tells-ie-users-how-to-defend-against-...

Flash Zero Day Used to Target Victims in Syria | Threatpost | The first stop for security news
http://threatpost.com/flash-zero-day-used-to-target-victims-in-syria/105726

Mozilla Redesigns Firefox, Fixes Security Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/mozilla-redesigns-firefox-browser-fixes-security-v...

Mozilla Offers Bug Bounty for Heartbleed-like Crypto Bugs | Threatpost | The first stop for security news
http://threatpost.com/mozilla-offers-bug-bounty-for-new-certificate-veri...

After Heartbleed, NSA reveals some flaws are kept secret - CNET
http://www.cnet.com/news/after-heartbleed-nsa-reveals-some-flaws-are-kep...

Obama Policy on Zero Days Craps Out - Forbes
http://www.forbes.com/sites/jennifergranick/2014/04/29/obama-policy-on-z...

Target Accelerates Chip-and-Pin Roll Out, Hires New CIO | Threatpost | The first stop for security news
http://threatpost.com/target-accelerates-chip-and-pin-roll-out-hires-new...

Anonymous activist pleads guilty to threatening FBI agent - CNET
http://www.cnet.com/news/anonymous-activist-pleads-guilty-to-threatening...

Inside the 'DarkMarket' Prototype, a Silk Road the FBI Can Never Seize | Threat Level | WIRED
http://www.wired.com/2014/04/darkmarket/

It's Insanely Easy to Hack Hospital Equipment | Threat Level | WIRED
http://www.wired.com/2014/04/hospital-equipment-vulnerable/

Hackers Can Mess With Traffic Lights to Jam Roads and Reroute Cars | Threat Level | WIRED
http://www.wired.com/2014/04/traffic-lights-hacking/

Exploiting Facebook Notes to Launch DDoS | Threatpost | The first stop for security news
http://threatpost.com/exploiting-facebook-notes-to-launch-ddos/105701

UltraDNS Dealing with DDoS Attack | Threatpost | The first stop for security news
http://threatpost.com/ultradns-dealing-with-ddos-attack/105806

Vishing Attacks Targeting Dozens of Banks, Users' Card Data | Threatpost | The first stop for security news
http://threatpost.com/vishing-attacks-targeting-dozens-of-banks/105774

AOL Breached, Investigating Spam from Spoofed Accounts | Threatpost | The first stop for security news
http://threatpost.com/aol-investigating-breach-urges-users-to-change-pas...

Apache Struts Zero Day Vulnerability Patch to be Re-Issued | Threatpost | The first stop for security news
http://threatpost.com/apache-warns-of-faulty-zero-day-patch-for-struts/1...

Vulnerability in Viber Allows Snooping of Images, Videos | Threatpost | The first stop for security news
http://threatpost.com/vulnerability-in-viber-allows-intercept-of-images-...

60 Minutes shocked to find 8-inch floppies drive nuclear deterrent | Ars Technica
http://arstechnica.com/information-technology/2014/04/60-minutes-shocked...

RIP | Every Day Carry
http://everydaycarry.bandcamp.com/releases

Risky Business #320 -- Hacking cars with Charlie Miller
0:00 / 0:00

Risky Business Podcast

April 24, 2014

Risky Business #319 -- The one with weev in it

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Please note we have disabled access to this recording. It was published before the interview subject outed himself as a committed Nazi. If you're a journalist or researcher and you'd like access to the recording, please email us and we can provide you with a copy.

This week's show is brought to you by Adobe! Big thanks to Adobe for making this week's show possible.

And we've got an... err... *interesting* program for you this week... we'll be chatting with Andrew Auernheimer, aka weev, about the recent appeal victory that saw him out of prison after 14 months inside. Is he going to pull his head in after his scrape with the law?

He says no way!

Also this week we chat with Wade Baker of Verizon Business Security Solutions about the latest Verizon Data Breach Investigation Report and the nine attack patterns they've observed from 10 years of breach data.

Adam Boileau, as always, pops in to discuss the week's news headlines. Show notes are here.

Risky Business #319 -- The one with weev in it
0:00 / 0:00

Risky Business Podcast

April 17, 2014

Risky Business #318 -- TrueCrypt passes audit, Weev off the hook and more

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

It's a four day week this week and a four day next week so I'm afraid I couldn't organise feature interviews for both, so this week you're getting an extra long news section and a sponsor interview!

This week's show is brought to you by Senetas, makers of fine, fine layer 2 encryption gear. If you're planning a greenfields network you have absolutely no excuse to not check out their stuff, it rocks like a banana on its back. This week we're joined by Senetas CEO Andrew Wilson in the sponsor slot. He'll be talking about a privacy act readiness survey Senetas did that yielded some genuinely depressing results.

He also compares director-level attitudes to infosec to director-level attitudes to occupational health and safety issues 50 years ago. It's a really, really interesting take so do stick around for that.

Show notes are here.

Risky Business #318 -- TrueCrypt passes audit, Weev off the hook and more
0:00 / 0:00