Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business Podcast

September 20, 2013

Risky Business #297 -- Matthew Green tells his story

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show, like last week's, is a bit different. I am still moving house, which includes moving the Risky Business office and studio, but everything should be back to normal next week.

So there's no news segment in this week's show, but we have two great feature interviews with academic cryptographers. The first is with Johns Hopkins University's Matthew Green who was actually asked to remove a blog post critical of the NSA from the university's servers last week, leading to a massive controversy. We're going to get his side of the story, that's a great chat.

Peter Gutmann of the University of Auckland also joins us in this week's podcast. He's another well-known crypto academic and I'll be getting his thoughts on the NSA's covert program to subvert public crypto.

I cover some of the same ground with Peter as I do with Matthew, but as you'll hear they have slightly different perspectives on these things.

This week's show is brought to you by Tenable Network Security, makers of fine, fine vulnerability scanning software.

And you know what? The vuln scanning world has changed pretty substantially in the last 5-10 years. You used to use vuln scanners to prioritise which of your awfully out of date windows boxes you'd patch.

But these days you're more likely to use that stuff to find boxes that simply aren't managed. Ron joins us to talk about that.

Risky Business #297 -- Matthew Green tells his story
0:00 / 0:00

Risky Business Podcast

September 13, 2013

Risky Business #296 -- Chilling effect in full swing

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is a shorter one -- there's no feature interview for two reasons. The first is that I'm in the process of moving house, which includes moving my office and studio, so I'm dealing with house painters, bond cleaners and a million other things. But the second reason is because the person I had wanted to interview has been silenced.

I had reached out to Matthew Green, a cryptography researcher at Johns Hopkins University, to do an interview about last week's stunning revelations about the NSA undermining public cryptography standards. Matthew has done some great blog posts on that topic. I tweeted. No response. I emailed. No response. I called. No response.

Then I realised the likely reason why. The university had actually demanded he remove one of the blog posts -- possibly at the behest of the NSA -- in an utterly disgraceful violation of academic freedom. We'll find out more about that in the news segment.

This week's show is brought to you by HackLabs, the Australian security consultancy. And HackLabs head honcho Chris Gatford joins the show to have a chat about the Syrian Electronic Army. Will the SEA stimulate the same type of security spend that LulzSec triggered in 2011? Chris says they probably won't, mostly because the SEA just isn't mysterious and enigmatic enough to intrigue the media.

Adam Boileau joins us for an epic news segment that is mostly concerned with giving the NSA a big can of FU. You can find links to the stories discussed here.

Risky Business #296 -- Chilling effect in full swing
0:00 / 0:00

Risky Business Podcast

September 06, 2013

Risky Business #295 -- Behind Arbor's Packetloop acquisition

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we're taking a look at Arbor Networks' acquisition of Packetloop, a two-year-old Australian start up that makes big data security analytics software. You'd think that Arbor would want to move the company to the USA, but that's not what's happened in this case. Packetloop co-founder Michael Baker joins the show to fill us in.

This week's show is brought to you by the fine folks at Adobe Systems. And in this week's sponsor interview Adobe CSO Brad Arkin joins the podcast to talk about how he manages the security aspect of all the different cloud technologies various arms of the company use. It's a situation made infinitely more complicated by Adobe's habit of buying software companies at a rate of something like one a month. Not surprisingly, some of these acquired companies can leave a little to be desired in the security department. How does the Adobe security team bring these new services into the fold?

Show notes

The NSA's Secret Campaign to Crack, Undermine Internet Encryption - ProPublica
http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-unde...

Patriot Act Author Says NSA Is Abusing Spy Law | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-abusing-patriot-act/

NRA joins ACLU in suit against NSA's surveillance program | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601445-83/nra-joins-aclu-in-suit-agai...

Government to Release Hundreds of Documents Related to NSA Surveillance | Threatpost
http://threatpost.com/government-to-release-hundreds-of-documents-relate...

NSA Laughs at PCs, Prefers Hacking Routers and Switches | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/

What Exactly Are the NSA's 'Groundbreaking Cryptanalytic Capabilities'? | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-n...

Developers Scramble to Build NSA-Proof Email | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/the-scramble-to-build-encryption/

Facebook flaw allowed hackers to delete posted photos | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600991-83/facebook-flaw-allowed-hacke...

Russia Issues International Travel Advisory to Its Hackers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/dont-leave-home/

Aussie linked to US Govt supercomputer hack - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355480,aussie-linked-to-us-govt-superc...

Symantec source code hack lawsuit dismissed - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355201,symantec-source-code-hack-lawsu...

California Abruptly Drops Plan to Implant RFID Chips in Driver's Licenses | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/drivers-license-rfid-chips/

Huge Botnet Found Using Tor Network for Communications | Threatpost
http://threatpost.com/huge-botnet-found-using-tor-network-for-communicat...

Obad Trojan First to Spread Via Mobile Botnet | Threatpost
http://threatpost.com/obad-trojan-first-to-spread-via-mobile-botnet/102184

Hand of Thief Linux Banking Trojan Not Ready For Primetime | Threatpost
http://threatpost.com/hand-of-thief-trojan-not-ready-for-primetime/102159

NetTraveler Now Using Java Exploits, Watering Hole Attacks | Threatpost
http://threatpost.com/nettraveler-variant-adds-java-exploits-watering-ho...

FTC and TrendNet settle claim over hacked security cameras | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601430-83/ftc-and-trendnet-settle-cla...

Syrian Electronic Army Denies New Data Leaks - Krebs on Security
http://krebsonsecurity.com/2013/08/syrian-electronic-army-denies-new-dat...

Updated: Coalition backflips on proof of age net filter - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355904,updated-coalition-backflips-on-...

Update to Bitcoin Client Fixes DoS Bug, Password Strength | Threatpost
http://threatpost.com/update-to-bitcoin-client-fixes-dos-bug-password-st...

Windows 8 Picture Gesture Authentication Research | Threatpost
http://threatpost.com/picture-based-password-schemes-have-their-weakness...

Apple Safari Vulnerable to Buffer Overflow Exploit | Threatpost
http://threatpost.com/public-exploit-available-for-patched-safari-bug/10...

Watchwatch-like Heartbeat Monitor to Replace Passwords | Threatpost
http://threatpost.com/watch-like-heartbeat-monitor-seeks-to-replace-pass...

Researchers: Oracle's Java Security Fails - Krebs on Security
http://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/

Cisco Issues Four Security Advisories | Threatpost
http://threatpost.com/cisco-warns-users-of-four-vulnerabilities/102158

Samsung to build Lookout into KNOX protection | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601382-83/samsung-to-build-lookout-in...

Office, SharePoint Patches Await September Patch Tuesday | Threatpost
http://threatpost.com/critical-office-sharepoint-patches-await-september...

Sydney's Bugcrowd raises $1.6 million - Risk - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355761,sydneys-bugcrowd-raises-16-mill...

Arbor Networks buys Sydney startup PacketLoop - Cloud - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355620,arbor-networks-buys-sydney-star...

Packetloop
https://www.packetloop.com//

SoundCloud - Hear the world's sounds
https://soundcloud.com/lawrence-kennedy/sonny/s-AM7Jg

,

That is one risky business right there. If you have that one, then it will be great. - Roger Stanton

Risky Business #295 -- Behind Arbor's Packetloop acquisition
0:00 / 0:00

Risky Business Podcast

August 30, 2013

Risky Business #294 -- Five Eyes fights terrorists! (And MegaUpload.)

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We've got a pretty heavily spook-themed show for you this week. The feature interview is with New Zealand-based blogger and writer Keith Ng. He was trawling the Kim Dotcom affidavits in New Zealand and noticed that documents pertaining to the illegal GCSB surveillance on Mr. Dotcom had Five Eyes stamped all over them.

So, err, it looks like the surveillance apparatus established by five eyes to combat national security threats and terrorism was used indirectly by the NZ police force to spy on a guy over a copyright case. Interesting stuff.

And Senetas co-founder and CTO Julian Fay joins in this week's sponsor interview to a chat about the types of demands customers are making in the wake of Edward Snowden's leaks. Traffic analysis is king!

Adam Boileau, as usual, stops in to discuss the week's news headlines.

Show notes

These are the show notes for episode 294 of Risky Business

Tech Companies and Government May Soon Go to War Over Surveillance | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/08/stop-clumping-tech-companies-in-wit...

NSA seeks 'groundbreaking' spying powers, new leak reveals | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600647-83/nsa-seeks-groundbreaking-sp...

Internet Giants Got Millions From Taxpayers to Cover PRISM Spying Costs | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/millions-paid-prism-compliance/

Facebook Gave 38K Users' Data to Governments in 6 Months | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/facebook-divulged-user-data/

US intercepted UN comms: report - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354652,us-intercepted-un-comms-report....

School district hires company to follow kids' Facebook, Twitter | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600251-83/school-district-hires-compa...

German government denies Windows 'back door' claims | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599735-83/german-government-denies-wi...

Open Secret About Google's Surveillance Case No Longer Secret - Digits - WSJ
http://blogs.wsj.com/digits/2013/08/26/open-secret-about-googles-surveil...

My Dinner With NSA Director Keith Alexander - Forbes
http://www.forbes.com/sites/jennifergranick/2013/08/22/my-dinner-with-ge...

Melbourne IT compromise redirects NY Times, HuffPo readers - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354935,melbourne-it-compromise-redirec...

Who Built the Syrian Electronic Army? - Krebs on Security
http://krebsonsecurity.com/2013/08/who-built-the-syrian-electronic-army/

China's Internet hit by DDoS attack; sites down for hours | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600083-83/chinas-internet-hit-by-ddos...

Google Palestine domain hacked - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354811,google-palestine-domain-hacked....

LulzSec hacker Sabu's sentencing delayed - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354643,lulzsec-hacker-sabus-sentencing...

Hacker Pleads Guilty to Selling FBI Access to U.S. Supercomputers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/hacker-super-computer-access/

Firefox Extension HTTP Nowhere Allows Users to Surf in Encrypted-Only Mode | Threatpost
http://threatpost.com/firefox-extension-http-nowhere-allows-users-to-bro...

Arabic Text String Crashes iOS, Mac OS X | Threatpost
http://threatpost.com/arabic-text-string-taking-down-apps-clients-browse...

Metasploit Module Adds Sudo Vulnerability for OS X | Threatpost
http://threatpost.com/metasploit-module-adds-sudo-vulnerability-for-os-x...

Phone Hack Could Block Messages, Calls on GSM Networks | Threatpost
http://threatpost.com/phone-hack-could-block-messages-calls-on-some-mobi...

New Mozilla Plug-N-Hack Tool Integrates Browsers and Security Tools | Threatpost
http://threatpost.com/mozilla-plug-n-hack-integrates-browsers-and-securi...

Ransomware snares victims with NSA PRISM ruse - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354787,ransomware-snares-victims-with-...

VMware Patches Root Privilege-Escalation Flaw | Threatpost
http://threatpost.com/vmware-patches-root-privilege-escalation-flaw/102067

Remote Unauthenticated Bug Haunts Cisco ACS Server | Threatpost
http://threatpost.com/remote-unauthenticated-bug-haunts-cisco-acs-server...

Opera 16 Fixes Bugs, Improves HTML5 Performance | Threatpost
http://threatpost.com/opera-16-fixes-bugs-improves-html5-performance/102129

Another Java 6 Vulnerability Found in the Wild | Threatpost
http://threatpost.com/java-6-zero-day-a-reminder-to-upgrade-browser-plug...

OnPoint \u2022 Public Address
http://publicaddress.net/onpoint/

Midnight Oil - Dreamworld - YouTube
http://www.youtube.com/watch?v=OcKcjpSWmm0

,

That is one serious stuff right there. I guess that would be the thing we all are concerned of. - Adam LaFavre

Risky Business #294 -- Five Eyes fights terrorists! (And MegaUpload.)
0:00 / 0:00

Risky Business Podcast

August 23, 2013

Risky Business #293 -- Phishing for (whitehat) fun and profit

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature guest is Haroon Meer of Thinkst Applied Research. He's launched an awesome new site called Phish5.com that allows sysadmins and security consultants to automate phishing campaigns against their own networks and clients.

It's a brilliant idea and well executed.

This week's show is brought to you by the fine folks at Microsoft, and we chat with Microsoft's Jerry Bryant later on about the expansion of the company's MAPP program. If you're an incident responder you really want to hear about this -- you can now submit suspect samples to Microsoft and they'll inspect them for 0day. World-class triage at your fingertips.

Show notes

The following stories were discussed in episode 293 of the Risky Business podcast.

Bradley Manning Sentenced to 35 Years in Prison | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/bradley-manning-sentenced/

BBC News - Bradley Manning: 'I am a woman named Chelsea'
http://www.bbc.co.uk/news/world-us-canada-23798253

Julian Assange's WikiLeaks Party running mate Leslie Cannold quits
http://www.theage.com.au/federal-politics/federal-election-2013/julian-a...

Statement of Resignation from Wikileaks Party National Council at Dan's blog
http://danielmathews.info/blog/2013/08/statement-of-resignation-from-wik...

Security Community Raises Money for Researcher Snubbed by Facebook Bounty Program | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/researcher-denied-facebook-bounty/

Twitter OAuth Data Leaked From Third-Party App | Threatpost
http://threatpost.com/twitter-oauth-data-leaked-from-third-party-app/102035

NSA Broke Privacy Rules Thousands of Times, Contrary to Official Claims | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nsa-violated-privacy-rules/

Declassified 2011 FISC Opinion Shows Court Found Some NSA Surveillance Unconstitutional | Threatpost
http://threatpost.com/declassified-2011-fisc-opinion-shows-court-found-s...

China eyes IBM, Oracle, EMC over possible security issues | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57598827-83/china-eyes-ibm-oracle-emc-o...

U.K. Ordered Guardian to Destroy Snowden Files Because Its Servers Weren't Secure | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/guardian-snowden-files-destroyed/

FDA Issues Recommendations on the Security of Wireless Medical Devices | Threatpost
http://threatpost.com/fda-issues-recommendations-on-the-security-of-wire...

NSA and Intelligence Community turn to Tumblr -- weird but true | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599622-83/nsa-and-intelligence-commun...

Scanning the Internet in 45 Minutes | Threatpost
http://threatpost.com/scanning-the-internet-in-45-minutes/102025

Nasdaq Stock Exchange Goes Dark After Tech Glitch | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nasdaq-outage/

IP Cloaking Violates Computer Fraud and Abuse Act, Judge Rules | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/ip-cloaking-cfaa/

Prison Computer 'Glitch' Blamed for Opening Cell Doors in Maximum-Security Wing | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/computer-prison-door-mishap/

Cybercrooks use DDoS attacks to mask theft of banks' millions | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599646-83/cybercrooks-use-ddos-attack...

How Not to DDoS Your Former Employer - Krebs on Security
http://krebsonsecurity.com/2013/08/how-not-to-ddos-your-former-employer/

Joburg billing leak not a hack: whistle blower
http://businesstech.co.za/news/government/44593/joburg-billing-leak-not-...

Google, Mozilla Considering Limiting Certificate Validity to 60 Months | Threatpost
http://threatpost.com/google-mozilla-considering-limiting-certificate-va...

League of Legends is hacked, with crucial user info accessed | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599450-83/league-of-legends-is-hacked...

Google Chrome 29 Fixes 25 Vulnerabilities | Threatpost
http://threatpost.com/google-chrome-29-fixes-25-vulnerabilities/102038

Microsoft Reissues MS13-066 Windows Server Patch | Threatpost
http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/1...

Jumping Out of IE's Sandbox With One Click | Threatpost
http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054

Cisco Patches DoS, Buffer Overflow Vulnerabilities in UCM | Threatpost
http://threatpost.com/cisco-patches-dos-buffer-overflow-vulnerabilities-...

IT Security News, Security Product Reviews and Opinion - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/

Phish5 - Phish your company in five easy steps
https://phish5.com/

Microsoft Extends MAPP To Incident Responders And Offers Free Online
http://www.darkreading.com/vulnerability/microsoft-extends-mapp-to-incid...

The Bombay Royale
http://thebombayroyale.com/index.html

,

The notes are really good. If you can read it, then that would be better. - Roger Stanton

Risky Business #293 -- Phishing for (whitehat) fun and profit
0:00 / 0:00

Risky Business Podcast

August 16, 2013

Special Las Vegas edition -- Keith Alexander, Moxie and more!

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

This is a special edition of the Risky Business podcast, produced with material recorded at BlackHat and Defcon in Las Vegas.

Features:

\t* Excerpts of Keith Alexander's keynote
\t* An interview with Moxie Marlinspike
\t* A sponsor interview with SensePost trainer Glenn Wilkinson

Special Las Vegas edition -- Keith Alexander, Moxie and more!
0:00 / 0:00

Risky Business Podcast

August 16, 2013

Risky Business #292 -- Jon Callas: Why Silent Mail got the bullet

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we chat with Silent Circle founder Jon Callas about the decision to shutter the Silent Mail service, as well as what Silent Circle is doing to bolster product security in the wake of some pretty nasty bug disclosures by our pal Mark Dowd.

In this week's sponsor interview we chat with Tenable CEO Ron Gula about innovation trends in infosec -- he was working the trade floor like a boss at BlackHat, so I asked him what tickled his fancy.

A shaken but not stirred Adam Boileau joins us from the earthquake-ravaged, lawless badlands of Wellington to discuss the week's news headlines.

Show notes, including links to the stories we discussed in the news segment, can be found here.

Risky Business #292 -- Jon Callas: Why Silent Mail got the bullet
0:00 / 0:00

Risky Business Podcast

August 09, 2013

Risky Business #291 – All your SIMs are belong to Karsten Nohl

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature slot we chat with Karsten Nohl about his research into pillaging SIM cards. It turns out Karsten's research into SIM security was much, much cooler than we initially thought.

In this week's sponsor interview we chat with Jonathan Ness about the all new singing and dancing EMET 4.0.

Adam Boileau pops by for the week's news.

Show notes

BREACH Compression Attack Steals HTTPS Response Secrets | Threatpost
https://threatpost.com/breach-compression-attack-steals-https-secrets-in...

Experts Urge ECC crytpo over RSA algorithm | Threatpost
http://threatpost.com/crypto-gains-ramp-up-calls-to-get-ahead-of-inevita...

JavaScript and Timing Attacks Used to Steal Browser Data | Threatpost
https://threatpost.com/javascript-and-timing-attacks-used-to-steal-brows...

Car hacking code released at Defcon | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57596847-83/car-hacking-code-released-a...

Feds Are Suspects in New Malware That Attacks Tor Anonymity | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/freedom-hosting/

Firefox Zero-Day Used in Child Porn Hunt? - Krebs on Security
http://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-h...

Tor Users Should Leave Insecure Windows Operating System | Threatpost
http://threatpost.com/tor-urges-users-to-leave-windows/101825

Software Obfuscation Mechanism Hampers Reverse Engineering | Threatpost
http://threatpost.com/new-software-obfuscation-throws-wrench-into-revers...

Edward Snowden Granted Asylum, Leaves Moscow Airport | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/edward-snowden-granted-asylum-l...

Newly leaked NSA program sees 'nearly everything' you do | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57596313-83/newly-leaked-nsa-program-se...

House Rejects Amendment to Sever NSA Data Collection Funding | Threatpost
http://threatpost.com/house-rejects-amendment-to-sever-nsa-data-collecti...

Lawmakers Who Upheld NSA Phone Spying Received Double the Defense Industry Cash | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/money-nsa-vote/

Declassified Memos Confirm Dragnet Phone Surveillance Program Was No Secret From Congress | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/phone-dragnet-no-secret/

Edward Snowden's Email Provider Shuts Down After Secret Court Battle | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/lavabit-snowden/

Bradley Manning Acquitted of Aiding the Enemy, Guilty of Espionage Act Violations | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/bradley-manning-not-guilty-aidi...

Twitter's Killer New Two-Factor Solution Kicks SMS to the Curb | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/twitter-new-two-facto/

Mozilla, Blackberry To Test Website Security Via Fuzzing | Threatpost
http://threatpost.com/mozilla-blackberry-join-forces-to-advance-peach-fu...

Fort Disco Botnet Uses Brute-Force Attacks Against CMS Sites | Threatpost
http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms...

Google WebLogin Tokens Expose Google Apps, User Data | Threatpost
http://threatpost.com/convenient-google-weblogin-tokens-can-expose-user-...

Chrome Security Shocker Creates Password Anxiety - Security -
http://www.informationweek.com/security/application-security/chrome-secu...

Apple to Fix Malicious Fake USB Charger Flaw | Threatpost
http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554

Windows 8 Phone Authentication Protocol Weakness | Threatpost
http://threatpost.com/microsoft-warns-of-weakness-in-authentication-prot...

Remotely Exploitable Bug Affects Wide Range of Cisco TelePresence Systems | Threatpost
http://threatpost.com/remotely-exploitable-bug-affects-wide-range-of-cis...

Russian man doctors credit card contract, sues bank after non-repayments - Risk - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/352756,russian-man-doctors-credit-card...

August 2013 Microsoft Patch Tuesday Security Updates | Threatpost
http://threatpost.com/critical-ie-exchange-updates-on-tap-in-august-patc...

Karsten Nohl Demonstrates SIM Card Root Attack At Black Hat | Threatpost
http://threatpost.com/weak-encryption-enables-sim-card-root-attack/101557

Download Enhanced Mitigation Experience Toolkit 4.0 from Official Microsoft Download Centre
http://www.microsoft.com/en-au/download/details.aspx?id=39273

,

The response threats are really good. If you have that one in your record, then that would be great. - Adam LaFavre

Risky Business #291 – All your SIMs are belong to Karsten Nohl
0:00 / 0:00

Risky Business Podcast

July 24, 2013

Risky Business #290 -- A chat with Howard Schmidt

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show features a fantastic, extended interview with Howard Schmidt, the former White House cyber security co-ordinator and special Assistant to the US President.

We spend about 35 minutes talking about what information security looks like from a high-level policy perspective. It's a long interview but there are some gems in there. We talk about some of the initiatives Howard kicked off at the White House, about the critical infrastructure legislation ping-pong game the executive branch played with congress, about Edward Snowden's leaks, and what it was like to work for Barack Obama.

This week's show is brought to you by a new sponsor -- Context Information Security. ContextIS is a global consultancy and managed service provider and its Australian general manager Scott Ceely joins us this week to talk about watering hole attacks. More specifically he's talking to us about a watering hole attack that managed to hose a few high value targets with some pretty basic exploitation techniques. The Crouching Tiger watering hole attack, a case study, if you will.

Adam Boileau, as usual, joins us to talk about the week's news headlines. Show notes here.

Risky Business #290 -- A chat with Howard Schmidt
0:00 / 0:00

Risky Business Podcast

July 19, 2013

Risky Business #289 -- Smart TVs are kinda stoopid

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is brought to you by the fine, fine people at Tenable Network Security, big thanks to Tenable for all its support over the years.

And on this week's show we chat briefly with South Korean researcher SeungJin Lee about Smart TV security. They're equipped with cameras and microphones and they're popping up in living rooms everywhere.

Now, smart phones have cameras and microphones on them, so a lot of the hype around connected home devices seems a bit unreasonable. It's not like this is the first type consumer device that can be turned into a surveillance device. But as you'll hear, Smart TV operating systems are pretty insecure and vulnerable to some pretty basic forms of exploitation, so some of these concerns are actually quite reasonable.

SeungJin Lee will be dropping in to discuss his research into Smart TV security, research he'll be presenting at BlackHat in Las Vegas the week after next!

In this week's sponsor interview we chat with Ron Gula, the CEO of Tenable Network Security. This week we ask Ron if Ed Snowden's revelations on NSA spying could drive non-US companies away from doing business with American cloud service providers.

And we check the week's security news stories with Adam Boileau. Show notes here.

Risky Business #289 -- Smart TVs are kinda stoopid
0:00 / 0:00