Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business Podcast

December 06, 2013

Risky Business #307 -- So, what about that Bromium stuff?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we speak to Bromium co-founder and CTO Simon Crosby all about its tech. We don't normally interview vendors about their technology in the feature slots, but Bromium is very interesting stuff. It's all about hardware-enabled task isolation with Xen-based micro VMs. The way they've implemented this makes it quite difficult for an attacker to gain persistence on a target machine. Simon is a very technical guy, it's a great interview and it's after the news.

This week's show is brought to you by Tenable Network Security, makers of fine, fine, vulnerability scanning tools like Nessus. And in this week's sponsor interview we chat with Tenable's chief architect for the Asia Pacific region Dick Bussiere. Dick is based in Singapore, and surprisingly enough the infosec agenda there isn't being set by the Snowden leaks. So what's driving the infosec narrative in .sg? Dick joins the show with his view.

Show notes

$100 Million Worth of Bitcoins Stolen | Threatpost | The First Stop For Security News
http://threatpost.com/thieves-covering-tracks-following-100m-bitcoin-hei...

Malware jumps 'air gap' between non-networked devices | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57614442-83/malware-jumps-air-gap-betwe...

Huawei reportedly decides to abandon the US market | Mobile - CNET News
http://news.cnet.com/8301-1035_3-57614292-94/huawei-reportedly-decides-t...

Farsnews
http://english.farsnews.com/newstext.aspx?nn=13920909000362

Phone records of Australians may have been offered to foreign spy agencies
http://www.smh.com.au/federal-politics/political-news/phone-records-of-a...

A Few Thoughts on Cryptographic Engineering: How does the NSA break SSL?
http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html

SkyJack - autonomous drone hacking
http://samy.pl/skyjack/

JPMorgan warns 465,000 card users on data loss after cyber attack | Reuters
http://www.reuters.com/article/2013/12/05/us-jpmorgan-dataexposed-idUSBR...

Researchers discover database with 2M stolen login credentials | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57614479-83/researchers-discover-databa...

New Dexter Point-of-Sale Malware Campaigns Discovered | Threatpost | The First Stop For Security News
http://threatpost.com/new-dexter-point-of-sale-malware-campaigns-discove...

Google Nexus phones reportedly susceptible to SMS attacks | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57614074-83/google-nexus-phones-reporte...

Bad apps bypasses Android locks - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/366459,bad-apps-bypasses-android-locks...

IE Reflective Cross-Site Scripting Filter Bypass Discovered | Threatpost | The First Stop For Security News
http://threatpost.com/bypass-of-internet-explorer-cross-site-scripting-f...

TIFF Zero Day Patch Among December 2013 Microsoft updates | Threatpost | The First Stop For Security News
http://threatpost.com/microsoft-to-patch-tiff-zero-day-wait-til-next-yea...

VMware Patches Fix Privilege Escalation Vulnerability | Threatpost | The First Stop For Security News
http://threatpost.com/vmware-patches-privilege-escalation-vulnerability/...

PM - Discovery of more than one whistleblower in East Timor bugging case 05/12/2013
http://www.abc.net.au/pm/content/2013/s3905928.htm

Fact Sheet- Online news sites to be placed on a more consistent licensing framework
http://www.mda.gov.sg/NewsAndEvents/PressRelease/2013/Pages/28052013.aspx

Risky Business #307 -- So, what about that Bromium stuff?
0:00 / 0:00

Risky Business Podcast

November 29, 2013

Risky Business #306 -- Healthcare.gov. Yes. It's that bad.

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we speak with TrustedSec CEO Dave Kennedy about his testimony to the US congress about the Obama administration's healthcare.gov website. It cost over $600m and it's riddled with infosec 101 bugs. We find out just how bad it is and what can be done about it.

This week's show is brought to you by Senetas, makers of fine, fine layer 2 encryption software. In this week's sponsor interview we speak with Senetas CTO and co-founder Julian Fay about the sudden popularity of the layer 2 crypto gear they've been selling for something like 15 years. Have the Snowden revelations actually changed things for encryption companies? Julian says yes, big time, in a tangible way.

Adam Boileau, as always, joins us for a discussion of the week's security news headlines. Links to the news items discussed, plus some other stuff, can be found here.

Risky Business #306 -- Healthcare.gov. Yes. It's that bad.
0:00 / 0:00

Risky Business Podcast

November 22, 2013

Risky Business #305 -- Secure, anonymous IM not a pipe dream

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show, can you have your cake and eat it too? Is it possible to build a usable instant messenger platform that is secure and immune to traffic and metadata analysis?

We speak with international man of mystery The Grugq all about creating a platform that ticks these boxes. As it turns out, it can be done. So goodbye Yahoo, MSN, AOL and Skype... hello to something completely new!

This week's show is brought to you by Tenable Network Security! In this week's sponsor interview we chat with Jeffrey Man of Tenable about why using point to point encryption to dodge PCI scope is an awful idea.

Adam Boileau, as always, stops by to chat about the week's news. Show notes, including links to the week's news items, can be found here.

Risky Business #305 -- Secure, anonymous IM not a pipe dream
0:00 / 0:00

Risky Business Podcast

November 15, 2013

Risky Business #304 -- Tech heavyweights target NSA

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show Adam Boileau and I take a look at the technology industry's latest response to the Snowden revelations. The pushback is definitely gaining momentum.

This week's show is brought to you by Tenable Network Security, big thanks to them. And this week's sponsor interview is with Tenable's very own Jack Daniel

We're chatting to him about the bad patches that have been dispatched from Redmond lately. It's been a long time since we've seen dud patches out of Microsoft, but lately, boy, there have been a few. Will you need to change your operating procedures over this? Stay tuned to find out.

Show notes

Google's Eric Schmidt calls NSA's spying 'outrageous' | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57610710-83/googles-eric-schmidt-calls-...

Microsoft may ramp up encryption of customer data post-Snowden - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/363998,microsoft-may-ramp-up-encryptio...

HTTP/2 Supports only HTTPS URIs | Threatpost | The First Stop For Security News
http://threatpost.com/http2-chair-says-protocol-will-work-only-with-http...

NIST Reviews Crypto Standards Development | Threatpost | The First Stop For Security News
http://threatpost.com/nist-initiates-review-of-its-crypto-standards-deve...

Google: We're bombarded by gov't requests on user data | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57612322-83/google-were-bombarded-by-go...

Microsoft, Facebook unite for Internet Bug Bounty program | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57611325-83/microsoft-facebook-unite-fo...

Microsoft Changes Bug Bounty Program to Include Incident Responders, Forensics Specialists | Threatpost | The First Stop For Security News
http://threatpost.com/microsoft-changes-bug-bounty-program-to-include-in...

In Lavabit Appeal, U.S. Doubles Down on Access to Web Crypto Keys | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/11/lavabit-doj/

NSA workers reportedly shared their passwords with Snowden | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57611528-83/nsa-workers-reportedly-shar...

White House reportedly considers civilian NSA chief | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57611652-83/white-house-reportedly-cons...

British Spies Hacked Telecom Network by Feeding Engineers Fake LinkedIn Pages | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/11/british-spies-hacked-telecom/

Power Plants and Other Vital Systems Are Totally Exposed on the Internet | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/11/internet-exposed/

iOS, Samsung apps popped at Pwn2Own - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/364113,ios-samsung-apps-popped-at-pwn2...

MacRumors Forums Hacked, Passwords Stolen | Threatpost | The First Stop For Security News
http://threatpost.com/macrumors-forums-hacker-says-passwords-wont-be-lea...

Vice.com hacked by Syrian Electronic Army - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/364015,vicecom-hacked-by-syrian-electr...

millions stolen in Bitcoin heist | Threatpost | The First Stop For Security News
http://threatpost.com/attackers-lift-1-2m-from-bitcoin-wallet-service/10...

Bitcoin Selfish Miners | Threatpost | The First Stop For Security News
http://threatpost.com/selfish-miners-could-exploit-p2p-nature-of-bitcoin...

Pen test firms Securus Global, Hacklabs to merge - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/363334,pen-test-firms-securus-global-h...

Microsoft Warns Customers Away From RC4, SHA-1 | Threatpost | The First Stop For Security News
http://threatpost.com/microsoft-warns-customers-away-from-sha-1-and-rc4/...

New zero-day bug targets IE users in drive-by attack | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57611691-83/new-zero-day-bug-targets-ie...

November 2013 Adobe Flash, ColdFusion security patches | Threatpost | The First Stop For Security News
http://threatpost.com/adobe-patches-flash-coldfusion-flaws-unrelated-to-...

New security holes found in D-Link router | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57611824-83/new-security-holes-found-in...

OpenSSH Fixes Memory Corruption Bug With Update | Threatpost | The First Stop For Security News
http://threatpost.com/openssh-fixes-memory-corruption-bug-with-update/10...

Windows XP End of Life a Security Milestone | Threatpost | The First Stop For Security News
http://threatpost.com/microsoft-xp-end-of-life-an-important-security-mil...

Super Micro IPMI zero-day vulnerabilities disclosed | Threatpost | The First Stop For Security News
http://threatpost.com/seven-ipmi-firmware-zero-days-disclosed/102848

Cisco Fixes Blank Admin Password Flaw in TelePresence Product | Threatpost | The First Stop For Security News
http://threatpost.com/cisco-fixes-blank-admin-password-flaw-in-teleprese...

ANZ Falcon 24 7 Credit Card Security - YouTube
http://www.youtube.com/watch?v=0dYhc4ciqEo

PILOTS - Artist - triple j Unearthed - free music | new Australian music | independent music
http://www.triplejunearthed.com/PILOTS

,

Yes, you are really back. That is the attitude we all want to have right there. - James Cullem

Risky Business #304 -- Tech heavyweights target NSA
0:00 / 0:00

Risky Business Podcast

November 01, 2013

Risky Business #303 -- The one with John McAfee

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we chat to McAfee antivirus founder John McAfee about his D-Central project and touch on the events of the last 12 months.

Is he funny "ha ha" or funny "look out"? Have a listen, judge for yourself.

This week's show is brought to you by Context Information Security, and we've got a great sponsor chat with Context's Alex Chapman this week about an evaluation they did on mobile platforms and MDM solutions for the Communications-Electronics Security Group, the part of GCHQ that handles the defensive side of things. Does Android suck as badly as everyone thinks it does? Is Good for Enterprise... umm... good for the enterprise?

Adam Boileau, as always, stops in for the week's news headlines. Show notes, including links to the items discussed, can be found here.

Risky Business #303 -- The one with John McAfee
0:00 / 0:00

Risky Business Podcast

October 25, 2013

Risky Business #302 -- Poking the FireEye

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show was recorded at the Ruxcon Breakpoint security conference at the Intercontinental Hotel in Melbourne. So this week's feature interview is a chat with Jonathan Brossard of Toucan Security, we're talking to him about his presentation on bypassing and generally messing with sandbox malware scanners. Poking the FireEye! That's a fun chat.

This week's show is brought to you by HackLabs, the Australian penetration testing firm. So in this week's sponsor interview we chat with HackLabs head honcho Chris Gatford about an early implementation of an over-the-'net NFC authentication scheme developed by IBM Switzerland. Will it catch on? That's coming up a bit later.

Show notes

Intelligence chief: Le Monde's allegations against NSA 'false' | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57608909-83/intelligence-chief-le-monde...

German chancellor Angela Merkel says US spying is an unacceptable breach of trust - ABC News (Australian Broadcasting Corporation):
http://www.abc.net.au/news/2013-10-25/angela-merkel-obama-nsa-spying-spi...

Inside Julian Assange's Alleged Plot to Steal The Fifth Estate Book | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/assange-house/

LinkedIn Intro App a Man in the Middle Attack | Threatpost | The First Stop For Security News:
http://threatpost.com/linkedin-intro-app-equivalent-to-man-in-the-middle...

DARPA Cyber Grand Challenge Offers $2M to Winners | Threatpost | The First Stop For Security News:
http://threatpost.com/darpa-contest-to-pay-2m-for-automated-network-defe...

Google Ideas aids online rebels with digital defenses | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57608525-83/google-ideas-aids-online-re...

Real-world 'Do Not Track' coming to retail stores | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57608726-83/real-world-do-not-track-com...

FBstalker Does Data Mining on Facebook Graph Search | Threatpost | The First Stop For Security News:
http://threatpost.com/fbstalker-automates-facebook-graph-search-data-min...

Experian Sold Consumer Data to ID Theft Service - Krebs on Security:
http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-the...

Apple reasserts claim it doesn't want to spy on your iMessages | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57608139-83/apple-reasserts-claim-it-do...

Snoopy Project mobile tracking and intelligence grows up | Threatpost | The First Stop For Security News:
http://threatpost.com/snoopy-mobile-tracking-profiling-project-gets-a-bo...

7 Eastern Europeans Indicted in Multimillion-Dollar eBay Fraud Scheme | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/romanians-indicted-cyber-fraud/

Report: UN Nuclear Regulator Infected with Malware | Threatpost | The First Stop For Security News:
http://threatpost.com/report-un-nuclear-regulator-infected-with-malware/...

Safari matches rivals with sandboxed Flash for better security | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57609053-83/safari-matches-rivals-with-...

Months Later, EAS Equipment Still Vulnerable to SSH Bugs | Threatpost | The First Stop For Security News:
http://threatpost.com/months-later-eas-equipment-still-vulnerable/102647

Google, FireEye Demand Change from Vulna Ad Network | Threatpost | The First Stop For Security News:
http://threatpost.com/overzealous-android-vulna-ad-network-put-in-its-pl...

ProSoft Technology RadioLinx ControlScape PRNG vulnerability | Threatpost | The First Stop For Security News:
http://threatpost.com/weak-key-generation-plagues-wireless-industrial-au...

Cisco Fixes DoS, Remote Code Execution Bugs in Six Products | Threatpost | The First Stop For Security News:
http://threatpost.com/cisco-fixes-dos-remote-code-execution-bugs-in-six-...

Apple Patches Fix More Than 100 Vulnerabilities | Threatpost | The First Stop For Security News:
http://threatpost.com/apple-patches-fix-more-than-100-vulnerabilities/10...

Critical NETGEAR ReadyNAS Frontview security vulnerability | Threatpost | The First Stop For Security News:
http://threatpost.com/netgear-readynas-storage-vulnerable-to-serious-com...

Simple Bug Exposed Verizon Wireless Users' SMS History | Threatpost | The First Stop For Security News:
http://threatpost.com/simple-bug-exposed-verizon-wireless-users-sms-hist...

[Syscan360 2013] Brossard Jonathan:
http://www.slideshare.net/endrazine/syscan360-2013

,

It is always like that. When people claim something, we all say it is not true. - Kris Krohn Strongbrook

Risky Business #302 -- Poking the FireEye
0:00 / 0:00

Risky Business Podcast

October 18, 2013

Risky Business #301 -- Hack your way to the top of the charts

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're having a chat with Peter Fillmore about his upcoming talk at Ruxcon. It's all about gaming online music services like Rdio and Spotify. We've heard of clickfraud, but it's time to get ready for streamfraud!

Also this week we're chatting with the CEO of Swiss company ID Quantique about quantum random number generators. With recent revelations that NIST-backed RNGs might have been subverted by the NSA, it seems interest in quantum-based technology is hitting fever pitch.

In fact ID Quantique just raised US$5.6m in funding to expand its operations.

Show notes

NSA collects millions of e-mail address books globally - The Washington Post:
http://www.washingtonpost.com/world/national-security/nsa-collects-milli...

NSA report says Aust spooks swiped 311,113 contacts in one day - Messaging - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360603,nsa-report-says-aust-spooks-swi...

How to Design - And Defend Against - The Perfect Security Backdoor | Wired Opinion | Wired.com:
http://www.wired.com/opinion/2013/10/how-to-design-and-defend-against-th...

Feds Sued for Hiding NSA Spying From Terror Defendants | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/fisa-amendments-act-concealing/

NSA tool may track burner mobiles - Applications - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360571,nsa-tool-may-track-burner-mobil...

Feds Demand Supreme Court Thwart Challenge to NSA Phone Spying | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/scotus-nsa-phone-metadata/

NSA Leaks Prompt Rethinking of U.S. Control Over the Internet's Infrastructure | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/global-net-infrastructure/

NSA phone taps deterred a 'few' terrorists, not 54 - Networks - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360842,nsa-phone-taps-deterred-a-few-t...

NSA chief tightens up retirement plans | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607864-83/nsa-chief-tightens-up-retir...

Lavabit to reopen briefly to allow former clients to retrieve data | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607490-83/lavabit-to-reopen-briefly-t...

Yahoo Mail finally turns on SSL | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607486-83/yahoo-mail-finally-turns-on...

Stallman: How Much Surveillance Can Democracy Withstand? | Wired Opinion | Wired.com:
http://www.wired.com/opinion/2013/10/a-necessary-evil-what-it-takes-for-...

Metasploit Registrar Duped by Social Engineering, Not Fax | Threatpost:
http://threatpost.com/registrar-in-metasploit-dns-hijacking-not-duped-by...

Apple iMessage Open to Man in the Middle, Spoofing Attacks | Threatpost:
http://threatpost.com/apple-imessage-open-to-man-in-the-middle-spoofing-...

Snapchat Complies with Govt., Sends Images to Law Enforcement | Threatpost:
http://threatpost.com/snapchat-complies-with-government-requests-sends-i...

35,000 sites including Fortune 1000 hacked via nasty vBulletin hole - Applications - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360840,35000-sites-including-fortune-1...

MPAA Claims Victory as File-Sharing Service IsoHunt Shuts Down | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/isohunt-shutters/

Compromised certs spread email and browser -jacking malware - Web/client - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360841,compromised-certs-spread-email-...

Indonesia tops China as source of Internet attacks | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607917-83/indonesia-tops-china-as-sou...

Google Fixes Three High-Risk Flaws in Chrome | Threatpost:
http://threatpost.com/google-fixes-three-high-risk-flaws-in-chrome/102586

Researchers Uncover Holes That Open Power Stations to Hacking | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/ics/

51 Java holes patched - Applications - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360843,51-java-holes-patched.aspx

D-Link Planning to Patch Router Backdoor Bug | Threatpost:
http://threatpost.com/d-link-planning-to-patch-router-backdoor-bug/102581

Quantum-mechanics security firm nabs $5.6M investment | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607540-83/quantum-mechanics-security-firm-nabs-$5.6m-investment/

Senetas:
http://www.senetas.com/

JaFFer - Artist - triple j Unearthed - free music | new Australian music | independent music:
http://www.triplejunearthed.com.au/artists/view.aspx?artistid=48312

,

The NSA is snooping with our emails, that is for sure. That seems to be a creepy move from them. - Sandra Dyche

Risky Business #301 -- Hack your way to the top of the charts
0:00 / 0:00

Risky Business Podcast

October 11, 2013

Risky business #300 -- Will there be more Silk Roads?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with The Grugq about the takedown of Silk Road. How was the service located and taken down?

Also this week, Tenable Network Security CSO Marcus Ranum joins us in the sponsor slot to discuss the proposition that the Internet is, in his words, a US colony. Could we see a balkanisation of the 'net?

Adam Boileau, as always, joins us for the week's news segment. Show notes and links are here.

Risky business #300 -- Will there be more Silk Roads?
0:00 / 0:00

Risky Business Podcast

October 04, 2013

Risky Business #299 -- Christopher Boyce on the CIA's betrayal of Australia

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show will feature part two of my interview with convicted spy Christopher Boyce. He went on a one man mission to damage his country's military and intelligence apparatus in the 70s. He says he did it because the US was undermining the democratically elected government of Australia.

So this week we go back to the 70s with Chris Boyce to chat about the Whitlam years. Australian Prime Minister Gough Whitlam lost government in 1975 when the Australian senate blocked budget supply and caused a shutdown of the federal government. Sound familiar? That's coming up after the news.

This week's show is brought to you Adobe, and man, they've had a rough week. We don't have Brad Arkin in this week's sponsor slot because he's busy dealing with a crisis over there, but we DO have an interview with Karthik Raman, a security researcher at Adobe who'll be talking about how Adobe runs its secure product lifecycle program.

Mark Piper is filling in for Adam Boileau in this week's news segment. Find links to what we discuss here.

Risky Business #299 -- Christopher Boyce on the CIA's betrayal of Australia
0:00 / 0:00

Risky Business Podcast

September 27, 2013

Risky Business #298 -- With feature guest Christopher Boyce

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We've got a great feature interview for you all this week. We're chatting with convicted spy, prison escapee and bank robber Christopher Boyce, aka The Falcon. We speak to him about the changing face of espionage; Wikileaks, Manning, Snowden and the radically changed world that awaited him when he walked out of prison.

This week's show is brought to you by Context Information Security, and in this week's sponsor interview we're chatting with Context consultant Paul Stone about the research he presented at the most recent BlackHat USA conference in Vegas. It picked up a lot of buzz -- his was the talk about doing pixel-by-pixel screen scraping with html5-based timing attacks.

It's ingenious stuff, that's a cracker interview, so big thanks again to Context IS for sponsoring this week's show.

Show notes

British Spy Agency GCHQ Hacked Belgian Telecoms Firm - SPIEGEL ONLINE
http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacke...

SPIEGEL Exclusive: NSA Spies on International Bank Transactions - SPIEGEL ONLINE
http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on...

RSA Tells Its Developer Customers: Stop Using NSA-Linked Algorithm | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/

How a Crypto 'Backdoor' Pitted the Tech World Against the NSA | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-backdoor/

NSA Bought Exploit Service From VUPEN, Contract Shows | Threatpost
http://threatpost.com/nsa-bought-exploit-service-from-vupen-contract-sho...

Congress unveils bill to limit NSA's powers | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57604756-83/congress-unveils-bill-to-li...

Kim Dotcom sues New Zealand over electronic snooping | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57602815-83/kim-dotcom-sues-new-zealand...

Dropbox Requests National Security Letter Transparency | Threatpost
http://threatpost.com/dropbox-argues-to-publish-number-of-national-secur...

Google's Gmail Keyword Scanning Might Violate Wiretap Law, Judge Finds | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/gmail-wiretap-ruling/

Data Broker Giants Hacked by ID Theft Service - Krebs on Security
http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft...

Researchers Build Undetectable Dopant Hardware Trojans | Threatpost
http://threatpost.com/researchers-develop-undetectable-hardware-trojans/...

Research detects dangerous malware hiding in peripherals - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/358265,research-detects-dangerous-malw...

BEAST Cryptographic Attack Mitigations Overturned | Threatpost
http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308

Pirate Bay Co-Founder's Sentence Is Reduced - WSJ.com
http://online.wsj.com/article/SB1000142405270230379640457909709168768263...

German Hackers Say They Cracked iPhone's New Fingerprint Scanner | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/iphone-fingerprint-cracked/

Google to Block Many Plug-Ins Starting in 2014 | Threatpost
http://threatpost.com/google-to-block-many-plug-ins-starting-in-2014/102393

iMessage Chat app for Android Worries Security Experts | Threatpost
http://threatpost.com/steer-clear-of-android-imessage-app-experts-say/10...

Yahoo recycled ID users warn of security risk | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57604441-83/yahoo-recycled-id-users-war...

Sefnit Click-Fraud Malware Related to Mevade Tor Botnet | Threatpost
http://threatpost.com/stealthy-new-click-fraud-malware-related-to-tor-bo...

Microsoft Warns of New IE Zero Day | Threatpost
http://threatpost.com/microsoft-warns-of-new-ie-zero-day/102327

IE Zero Day Used in Targeted Attacks Against Japanese Firms | Threatpost
http://threatpost.com/compromised-japanese-media-sites-serving-exploits-...

ICS Vendor Fixes Hard-Coded Credential Bugs Nearly Two Years After Advisory | Threatpost
http://threatpost.com/ics-vendor-fixes-hard-coded-credential-bugs-nearly...

Apple's iOS 7 Update Fixes 80 Security Bugs | Threatpost
http://threatpost.com/apples-ios-7-update-fixes-80-security-bugs/102356

Apple Releases Apple TV 6.0, Fixes 50+ Bugs | Threatpost
http://threatpost.com/after-botched-update-apple-releases-apple-tv-6-0-f...

Some Versions of Ruby on Rails Could Expose Cookies | Threatpost
http://threatpost.com/security-issue-in-ruby-on-rails-could-expose-cooki...

Apache Upgrade Repairs Struts, Fixes Two Vulnerabilities | Threatpost
http://threatpost.com/apache-upgrade-repairs-struts-fixes-two-vulnerabil...

Cisco IOS Update Patches Eight Vulnerabilities | Threatpost
http://threatpost.com/cisco-ios-update-patches-eight-vulnerabilities/102436

Facebook Android Bug Sent Users' Photos in the Clear | Threatpost
http://threatpost.com/facebook-android-bug-sent-users-photos-in-the-clea...

\u25b6 (2000) David Bowie / This is not America ~ Absolute Beginners (2/5) - YouTube
http://www.youtube.com/watch?v=n_bzqyu_4N0

www.contextis.com/files/Browser_Timing_Attacks.pdf
http://www.contextis.com/files/Browser_Timing_Attacks.pdf

,

The Belgians were surprised that they were hacked. They never thought that this could be possible until now. - Kris Krohn

Risky Business #298 -- With feature guest Christopher Boyce
0:00 / 0:00