Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business Podcast

August 01, 2014

Risky Business #332 -- Evading IDS with Multipath TCP

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature interview we're chat with Catherine Pearce of Neohapsis about some research she'll be presenting at BlackHat next week with her colleague Patrick Thomas. They're doing a talk all about Multipath TCP, and yes, it's exactly what it sounds like and yes, it's great for doing stuff like IDS evasion and confusing firewalls.

In this week's sponsor interview we speak with Senetas CTO Julian Fay about the so-called BADA55 paper. Senetas is about to ship elliptic curve algos with its gear -- is it reconsidering now we know that elliptic curves can be subverted? No way! Tune in to find out why.

Show notes

WikiLeaks publishes court suppression order over what Julian Assange calls 'unprecedented' case of censorship | News.com.au
http://www.news.com.au/technology/online/wikileaks-publishes-court-suppr...

Tor security advisory: "relay early" traffic confirmation attack | The Tor Blog
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traff...

Tor hidden services attacks deanonymize users | Threatpost | The first stop for security news
http://threatpost.com/tor-sniffs-out-attacks-trying-to-deanonymize-hidde...

Russia publicly joins war on Tor privacy with $111,000 bounty | Ars Technica
http://arstechnica.com/security/2014/07/russia-publicly-joins-war-on-tor...

Why the Security of USB Is Fundamentally Broken | Threat Level | WIRED
http://www.wired.com/2014/07/usb-security/

Dark Reading Radio: Data Loss Prevention (DLP) Fail
http://www.darkreading.com/perimeter/dark-reading-radio-data-loss-prevention-(dlp)-fail/a/d-id/1297650?

Your iPhone Can Finally Make Free, Encrypted Calls | Threat Level | WIRED
http://www.wired.com/2014/07/free-encrypted-calling-finally-comes-to-the...

arxiv.org/pdf/1407.4923v1.pdf
http://arxiv.org/pdf/1407.4923v1.pdf

Instasheep: Coder builds tool to hijack Instagram accounts over Wi-Fi | Ars Technica
http://arstechnica.com/security/2014/07/instasheep-coder-builds-tool-to-...

seL4 Secure Microkernel Made Open Source | Threatpost | The first stop for security news
http://threatpost.com/secure-microkernel-sel4-code-goes-open-source/107506

Hackers Plundered Israeli Defense Firms that Built 'Iron Dome' Missile Defense System - Krebs on Security
http://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-fir...

CIA admits to spying on Senate committee - CNET
http://www.cnet.com/au/news/cia-admits-to-spying-on-senate-computers/

China rebuffs Canada for 'irresponsible' hacking claims - CNET
http://www.cnet.com/au/news/china-rebuffs-canada-for-irresponsible-hacki...

Service Drains Competitors' Online Ad Budget - Krebs on Security
http://krebsonsecurity.com/2014/07/service-drains-competitors-online-ad-...

The App I Used to Break Into My Neighbor's Home | Threat Level | WIRED
http://www.wired.com/2014/07/keyme-let-me-break-in/

Microsoft Releases EMET 5.0 Exploit Mitigation Tool | Threatpost | The first stop for security news
http://threatpost.com/microsoft-releases-new-version-of-emet-exploit-mit...

Crouching Yeti APT Campaign Stretches Back Four Years | Threatpost | The first stop for security news
http://threatpost.com/crouching-yeti-apt-campaign-stretches-back-four-ye...

New Backoff PoS Malware Identified in Several Attacks | Threatpost | The first stop for security news
http://threatpost.com/new-backoff-pos-malware-identified-in-several-atta...

Neohapsis Labs | Multipath TCP - BlackHat Briefings Teaser
http://labs.neohapsis.com/2014/07/29/multipath-tcp-blackhat-briefings-te...

We Never Change | Every Day Carry
http://everydaycarry.bandcamp.com/track/we-never-change

Risky Business #332 -- Evading IDS with Multipath TCP
0:00 / 53:12

Risky Business Podcast

July 25, 2014

Risky Business #331 -- The Tails bug that wasn't, the Tor talk that isn't

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Earlier this week Twitter was abuzz with talk of a serious bug in the Tails live OS, a bootable on-a-DVD or USB device OS used by pro-democracy activists. And by pro democracy activists I mean, you know, potheads buying a few ounces on Silk Road, but whatever...

Well according to the Twitters there was a Tails bug that was going to be a big deal... right? Riiight? Well, maybe not.

The Grugq joins the show to discuss that, and the pulling of a scheduled BlackHat talk on Tor.

This week's show is brought to you by Microsoft. Alas my interview with the scheduled MS spokesperson fell through so there's no sponsor interview this week. I'd ask you to check out Microsoft Interflow anyway though, particularly if you're in IR.

Adam drops in for the week's news segment, you can find links to everything discussed here.

Risky Business #331 -- The Tails bug that wasn't, the Tor talk that isn't
0:00 / 50:36

Risky Business Podcast

July 18, 2014

Risky Business #330 -- Setting the infosec agenda

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with infosec journalist turned PR strategist Elinor Mills. For eight years Elinor wrote about security for CNet News.com, before joining Bateman group as a content and media strategist in 2012.

We're chatting with Elinor about how the infosec media agenda is set. Do massive advertising, marketing and PR budgets give disproportionate media influence to companies that don't deserve it? Drum roll please... yup. Yes. Yes they do. But we'll chat to Elinor about that after the news.

In this week's sponsor interview we're chatting with Holly Stewart, Microsoft's senior program manager in its malware protection centre. We're talking about coordinated malware eradication.

Microsoft has launched a new program designed to attack the malware ecosystem at all levels. That means working with the ad distribution networks, online payment companies, ISPs... choke off the distribution, choke off the cash. It's a much more comprehensive approach than we've seen before and Holly will tell us how you might get involved.

Show notes

GCHQ's "Chinese menu" of tools spreads disinformation across Internet | Ars Technica
http://arstechnica.com/security/2014/07/ghcqs-chinese-menu-of-tools-spre...

JTRIG Tools and Techniques
https://www.documentcloud.org/documents/1217406-jtrigall.html

Journalists will face jail over spy leaks under new security laws | World news | theguardian.com
http://www.theguardian.com/world/2014/jul/16/journalists-face-jail-leaks...

NSA spies just LOVE swapping your sexts, says Snowden: 'It's a fringe benefit' \u2022 The Register
http://www.theregister.co.uk/2014/07/17/snowden_says_analysts_swapping_s...

Outside Panel Finds Over-Reliance on NSA Advice Led to Dual EC Problems | Threatpost | The first stop for security news
http://threatpost.com/outside-panel-finds-over-reliance-on-nsa-advice-le...

Swedish Court to Julian Assange: You're Not Going Anywhere | Threat Level | WIRED
http://www.wired.com/2014/07/swedish-court-to-julian-assange-youre-not-g...

Supposed 'leader' of LulzSec pleads guilty to hacking, hubris \u2022 The Register
http://www.theregister.co.uk/2014/07/17/lulzsec_leaderthatwasnt_pleads_g...

Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers | Threat Level | WIRED
http://www.wired.com/2014/07/google-project-zero/

Yahoo Full Application Source Code Disclosure Vulnerability | Security Down!
http://www.sec-down.com/wordpress/?p=440

Chinese hackers take command of Tesla Model S - CNET
http://www.cnet.com/au/news/chinese-hackers-take-command-of-tesla-model-s/

Malware hidden in Chinese inventory scanners targeted logistics, shipping firms | PCWorld
http://www.pcworld.com/article/2453100/malware-hidden-in-chinese-invento...

China calls Apple's iPhone a national security threat - CNET
http://www.cnet.com/au/news/china-calls-apples-iphone-a-national-securit...

Chinese businessman charged with hacking Boeing, Lockheed Martin | Ars Technica
http://arstechnica.com/tech-policy/2014/07/chinese-businessman-charged-w...

FBI: We found US MILITARY AIRCRAFT INTEL during raid on alleged Chinese hacker \u2022 The Register
http://www.theregister.co.uk/2014/07/14/us_military_aircraft_intel_captu...

How elite hackers (almost) stole the NASDAQ | Ars Technica
http://arstechnica.com/security/2014/07/how-elite-hackers-almost-stole-t...

Bitcoin pool GHash.io commits to 40% hashrate limit after its 51% breach | Ars Technica
http://arstechnica.com/business/2014/07/bitcoin-pool-ghash-io-commits-to...

"Severe" password manager attacks steal digital keys and data en masse | Ars Technica
http://arstechnica.com/security/2014/07/severe-password-manager-attacks-...

Mathematics makes strong case that "snoopy2" can be just fine as a password | Ars Technica
http://arstechnica.com/security/2014/07/mathematics-makes-strong-case-th...

DDoS attacks intensified in first half of 2014 - CNET
http://www.cnet.com/au/news/ddos-attacks-intensified-in-first-half-of-2014/

Beware Keyloggers at Hotel Business Centers - Krebs on Security
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-c...

Here's How Easy It Could Be for Hackers to Control Your Hotel Room | Threat Level | WIRED
http://www.wired.com/2014/07/hacking-hotel-room-controls/

SSL Black List Aims to Publicize Certificates Associated With Malware | Threatpost | The first stop for security news
http://threatpost.com/ssl-black-list-aims-to-publicize-certificates-asso...

CNET attacked by Russian hacker group - CNET
http://www.cnet.com/au/news/cnet-attacked-by-russian-hacker-group/

Microsoft: No-IP takedown cleansed 4.7m PCs - Security - News - iTnews.com.au
http://www.itnews.com.au/News/389598,microsoft-no-ip-takedown-cleansed-4...

Exploit emerges for LZO algo hole \u2022 The Register
http://www.theregister.co.uk/2014/07/11/firefox_lzo_rce/

LibreSSL PRNG Vulnerability Patched | Threatpost | The first stop for security news
http://threatpost.com/overblown-libressl-prng-vulnerability-patched/107245

Cisco Patches Wireless Residential Gateway Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/cisco-patches-wireless-residential-gateway-vulnera...

Apple blocks older, risky Flash plug-ins, forcing you to upgrade - CNET
http://www.cnet.com/au/news/apple-blocks-older-risky-flash-plug-ins-forc...

Five Vulnerabilities Fixed in Apache Web Server | Threatpost | The first stop for security news
http://threatpost.com/five-vulnerabilities-fixed-in-apache-web-server/10...

Active Directory flaw allows credentials theft - Security - News - iTnews.com.au
http://www.itnews.com.au/News/389747,active-directory-flaw-allows-creden...

Chrome for Android Update Patches URL Spoofing Bug | Threatpost | The first stop for security news
http://threatpost.com/chrome-for-android-update-fixes-critical-url-spoof...

Rickroll Innocent Televisions With This Google Chromecast Hack | Threat Level | WIRED
http://www.wired.com/2014/07/rickroll-innocent-televisions-with-this-goo...

Win/lose Whirlywirld original.m4v - YouTube
https://www.youtube.com/watch?v=8elKjPxMp98&feature=kp

Risky Business #330 -- Setting the infosec agenda
0:00 / 58:27

Risky Business Podcast

July 11, 2014

Risky Business #329 -- BitCoins ARE money, Snowden seeks Russia stay

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

There is no feature interview in this week's show. If you tuned in last week you would have heard HD Moore and I talking about a project called Invisible.im. Well, we launched a FAQ and the Internet liked it... the Internet *really* liked it... so I've spent much of the week working on invisible.im. There's some really cool stuff happening there that I can't really talk about yet, but I can say the project has picked up a lot of interest.

There's some very cool stuff happening and I'll be able to talk more about it soon.

So, in this week's show we're going to have a chat about the week's infosec news with Adam Boileau, then we'll have a really interesting talk with Chris Gatford, head honcho with this week's sponsor Hacklabs. We're chatting with Chris all about the case of the public transport Victoria website receiving a "free pentest" from a 16-year-old kid. He reported a bug, didn't hear anything back after a couple of days, then went to the press. The whole thing blew up and he wound up in a bunch of hot water with the police.

Anyway, the whole episode came to a conclusion this week. The kid had to sign a statement acknowledging that he'd committed a crime, but beyond that there was no further sanction.

"Unsolicited pentests" are a murky, murky area. Chris joins us to chat about this case and how we might move towards some sort of consensus on how things should actually happen in these situations.

Show notes

Judge Shoots Down 'Bitcoin Isn't Money' Argument in Silk Road Case | Threat Level | WIRED
http://www.wired.com/2014/07/silkroad-bitcoin-isnt-money/

Snowden asks for extension on Russian asylum - CNET
http://www.cnet.com/au/news/snowden-asks-for-extension-on-russian-asylum/

US arrests Russian politician's son over hacking theft - Security - News - iTnews.com.au
http://www.itnews.com.au/News/389424,us-arrests-russian-politicians-son-...

In NSA-intercepted data, those not targeted far outnumber the foreigners who are - The Washington Post
http://www.washingtonpost.com/world/national-security/in-nsa-intercepted...

Latest Snowden Leaks: FBI Targeted Muslim-American Lawyers | Threat Level | WIRED
http://www.wired.com/2014/07/snowden-leaks/

Researcher: I Was Suspended For Finding Flaws In FireEye Security Kit
http://www.forbes.com/sites/thomasbrewster/2014/07/09/researcher-i-was-s...

Google confronts more site certificate problems - CNET
http://www.cnet.com/au/news/google-confronts-more-site-certificate-probl...

Google blocks leaked Goldman Sachs email - Security - Software - News - iTnews.com.au
http://www.itnews.com.au/News/389105,google-blocks-leaked-goldman-sachs-...

Microsoft Settles With No-IP Over Malware Takedown | Threatpost | The first stop for security news
http://threatpost.com/microsoft-settles-with-no-ip-over-malware-takedown...

Chinese Hackers Pursue Key Data on U.S. Workers - NYTimes.com
http://www.nytimes.com/2014/07/10/world/asia/chinese-hackers-pursue-key-data-on-us-workers.html?hp&action=click&pgtype=Homepage&version=LedeSum&module=first-column-region\xaeion=top-news&WT.nav=top-news&_r=2

China cyberspies hit US national security think tanks - CNET
http://www.cnet.com/au/news/china-cyberspies-hit-us-national-security-th...

Android factory reset doesn't delete all data - CNET
http://www.cnet.com/au/news/android-factory-reset-doesnt-delete-all-data/

How Google Map Hackers Can Destroy a Business at Will | Business | WIRED
http://www.wired.com/2014/07/hacking-google-maps/

Aussies dodge US mobile device flight bans - Security - News - iTnews.com.au
http://www.itnews.com.au/News/389388,aussies-dodge-us-mobile-device-flig...

Minister defends NZ's slow migration off XP - Security - Software - News - iTnews.com.au
http://www.itnews.com.au/News/389391,minister-defends-nzs-slow-migration...

Oracle ends Java support for Windows XP - Security - Software - News - iTnews.com.au
http://www.itnews.com.au/News/389378,oracle-ends-java-support-for-window...

Brute-Forcing Botnet Sniffs Out Lax POS Systems | Threatpost | The first stop for security news
http://threatpost.com/brute-forcing-botnet-sniffs-out-lax-pos-systems/10...

DHS Releases Hundreds of Documents on Wrong Project Aurora | Threatpost | The first stop for security news
http://threatpost.com/dhs-releases-hundreds-of-documents-on-wrong-aurora...

Android Exploited to Make, End Phone Calls; Send USSD Codes | Threatpost | The first stop for security news
http://threatpost.com/android-exploited-to-make-and-end-phone-calls-send...

Yahoo Fixes Trio of Bugs in Mail, Messenger, Flickr | Threatpost | The first stop for security news
http://threatpost.com/yahoo-fixes-trio-of-bugs-in-mail-messenger-flickr/...

July 2014 Adobe Flash Player patch | Threatpost | The first stop for security news
http://threatpost.com/adobe-patches-flash-vulnerability-exploited-by-ros...

Microsoft July 2014 Patch Tuesday fixes 29 IE Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/microsoft-july-patch-tuesday-updates-patch-29-ie-v...

The Ex-Google Hacker Taking on the World's Spy Agencies | Threat Level | WIRED
http://www.wired.com/2014/07/morgan-marquis-boire-first-look-media/

Just Another Security Blog: PTV; The police, and the aftermath.
http://blog.internot.info/2014/07/ptv-police-and-aftermath.html

Little band scene - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Little_band_scene

Dogs in Space - Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Dogs_in_Space

Risky Business #329 -- BitCoins ARE money, Snowden seeks Russia stay
0:00 / 50:47

Risky Business Podcast

July 04, 2014

Risky Business #328 -- HD Moore talks massive scanning and invisible.im

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is brought to you by Rapid7, big, big thanks to them.

This week's sponsor interview is with Rapid7's Chief Research Officer HD Moore. But you know what? One interview with HD just isn't enough, is it? So he's also joining us in the feature segment to discuss a project I'm putting together called Invisible.im.

It's an instant messenger system that I designed... it feels very, very weird saying that because I suffer from acute imposter syndrome, but yeah, I designed an IM system for journalists and other privacy conscious people and HD actually made it work! He has created a prototype, and much to everyone's surprise it actually works... we're on to something, so he'll be along after the news to talk about
invisible.im!

Then we're going to chat with HD some more in this week's sponsor interview. The research team at Rapid7's has been doing some really interesting work on massive internet scanning. That sort of thing has become pretty trendy in the last couple of years, but the Rapid7 team have really pushed this stuff towards the
cutting edge. They've also discovered some hilarious vulnerabilities out there in the process. Rapid7's Mark Schloesser will be at BlackHat to talk about their latest research, but HD joins the show today to preview it.

Adam Boileau, as always, joins us for a check of the week's news headlines.

Risky Business #328 -- HD Moore talks massive scanning and invisible.im
0:00 / 71:32

Risky Business Podcast

June 27, 2014

Risky Business #327 -- PayPal grounded by Flight Mode

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Zach Lanier of Duo Security about some work he did on bypassing PayPal's two-factor authentication. In short, PayPal's implementation had an absolute clanger of a logic bug in it that these guys were able to find. The secret sauce to the attack? Flight mode! No joke.

This week's show is sponsored by Tenable Network Security, thanks to them! In this week's sponsor interview we'll hear from Tenable's Marcus Ranum about whether or not law enforcement agencies actually have their priorities straight when it comes to computer crime. Are they going after targets that most harm society? Or are they just hitting soft targets?

Adam Boileau, as always, joins us to discuss the week's news headlines. Show notes are here.

Risky Business #327 -- PayPal grounded by Flight Mode
0:00 / 58:48

Risky Business Podcast

June 20, 2014

Risky Business #326 -- Code Spaces, Nokia blackmailed in hacks

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we have a quick chat with The Register's Darren Pauli about XP still being bloody everywhere. You'd think organisations out there would realise how absolutely crackheaded it is to keep running XP since support ended, but nope... Even the police are happily chugging away on perennially vulnerable boxes. Great.

This week's show is brought to you by BugCrowd: outsourced bug bounty programs.

BugCrowd founder and CEO Casey Ellis will be along in this week's sponsor interview to talk about how you can scope a bounty program. If someone does something out of scope should you still pay? It surprised me but Casey says there's a golden rule of thumb in these circumstances -- did you change code? Then pay a bounty.

We also get his thoughts on whether or not a bounty program would have turned up the bug that smashed Tweetdeck last week.

Adam Boileau, as usual, joins us for the week's news headlines. Show notes here.

Follow Pat on Twitter here.
Follow Adam on Twitter here.

Risky Business #326 -- Code Spaces, Nokia blackmailed in hacks
0:00 / 47:45

Risky Business Podcast

June 13, 2014

Risky Business #325 -- China's old stuff more popular than its new stuff

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we chat to The Grugq about the Chinese cyber espionage campaign unmasking that has no one talking. Unlike the unit 61398 report from Mandiant last February, CrowdStrike's unit 61486 report has really fallen flat.

We'll talk to The Grugq about why that is in this week's feature interview.

In this week's sponsor interview we're chatting with Ron Gula, Tenable Network Security's co-founder and CEO. OpenSSL issues have actually become a genuine pain in the ass for most enterprises, we'll get Ron's observations on that.

Show notes

TweetDeck Hacked-Panic (And Rickrolling) Ensues | Threat Level | WIRED
http://www.wired.com/2014/06/tweetdeck-hacked/

Austrian Teen Ground Zero Of TweetDeck Hack | Threatpost | The first stop for security news
http://threatpost.com/a-day-to-forget-for-teen-at-center-of-tweetdeck-sh...

Personal data for Twitter founders leaked on Tor network - CNET
http://www.cnet.com/au/news/personal-data-for-twitter-founders-leaked-on...

Yahoo Toolbar Vulnerability Triggers Non-Exploitable XSS Payload on All Websites - The Hacker News
http://thehackernews.com/2014/06/yahoo-toolbar-vulnerability-triggers_10...

Gmail Bug Could Have Exposed Every User's Address | Threat Level | WIRED
http://www.wired.com/2014/06/gmail-bug-could-have-exposed-every-users-ad...

Feedly And Evernote Go Down As Attackers Demand Ransom [Update: Second attack brings Feedly down again]
http://www.forbes.com/sites/jaymcgregor/2014/06/11/feedly-and-evernote-g...

Audit Project Released Verified Repositories of TrueCrypt 7.1a | Threatpost | The first stop for security news
http://threatpost.com/audit-project-releases-verified-repositories-of-tr...

Alleged Oleg Pliss iPhone Hackers Arrested in Russia | Threatpost | The first stop for security news
http://threatpost.com/alleged-oleg-pliss-iphone-hackers-arrested-in-russ...

The Feds Are Auctioning a Small Fortune in Silk Road Bitcoins | Threat Level | WIRED
http://www.wired.com/2014/06/silkroad-bitcoin-auction/

USMS Asset Forfeiture Sale
http://www.usmarshals.gov/assets/2014/bitcoins/

China Putter Panda APT Attacks Linked to PLA Unit 61486 | Threatpost | The first stop for security news
http://threatpost.com/attacks-against-space-satellite-companies-linked-t...

China lashes out at Google, Apple for allegedly stealing state secrets - CNET
http://www.cnet.com/au/news/china-lashes-out-at-google-apple-for-alleged...

Inside Edward Snowden's Life as a Robot | Threat Level | WIRED
http://www.wired.com/2014/06/inside-edward-snowdens-life-as-a-robot/

Cops Can't Collect Your Cell Tower Data Without a Warrant, Court Rules | Threat Level | WIRED
http://www.wired.com/2014/06/cell-tower-data-requires-warrant/

Some Governments Have Backdoor Access to Listen in on Calls, Vodafone Says | Threat Level | WIRED
http://www.wired.com/2014/06/vodafone-transparency-report/

Microsoft fights US warrant for customer data stored overseas - CNET
http://www.cnet.com/au/news/microsoft-fights-us-warrant-for-customer-dat...

Quantum Random Number Generator Created Using A Smartphone Camera - Medium
https://medium.com/@arxivblog/quantum-random-number-generator-created-us...

After Heartbleed, We're Overreacting to Bugs That Aren't a Big Deal | Threat Level | WIRED
http://www.wired.com/2014/06/bleed/

Red Button Attack Could Compromise Smart TVs | Threatpost | The first stop for security news
http://threatpost.com/red-button-attack-could-compromise-some-smart-tvs/...

iOS 8 Will Randomize MAC Addresses to Help Stop Tracking | Threatpost | The first stop for security news
http://threatpost.com/ios-8-will-randomize-mac-addresses-to-help-stop-tr...

Google Play App Permissions Privacy, Security Concerns | Threatpost | The first stop for security news
http://threatpost.com/hot-cold-reactions-to-new-google-play-app-permissi...

Edit Google account permissions from an Android device - CNET
http://www.cnet.com/au/how-to/edit-google-account-permissions-from-an-an...

Pinkie Pie Linux Kernel Patch Available | Threatpost | The first stop for security news
http://threatpost.com/debian-urging-users-patch-linux-kernel-flaw/106516

VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable | Threatpost | The first stop for security news
http://threatpost.com/vmware-patches-esxi-against-openssl-flaw-but-many-...

Adobe, Microsoft Push Critical Security Fixes - Krebs on Security
http://krebsonsecurity.com/2014/06/adobe-microsoft-push-critical-securit...

Hat-tribution to PLA Unit 61486 | CrowdStrike
http://www.crowdstrike.com/blog/hat-tribution-pla-unit-61486/index.html

The Cat Empire - Till The Ocean Takes Us All - YouTube
https://www.youtube.com/watch?v=u0hMf6pO66E&feature=kp

We Love the Iraqi Information Minister
http://www.welovetheiraqiinformationminister.com/

Risky Business #325 -- China's old stuff more popular than its new stuff
0:00 / 59:15

Risky Business Podcast

June 06, 2014

Risky Business #324 -- More SSL bugs, plus a chat with Andy Greenberg

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we're joined by Wired journalist Andy Greenberg to chat about one of his areas of interest and coverage -- underground markets and crypto currencies. We also chat to Andy about his views on post-Wikileaks leaking. Why did Snowden go to Glenn Greenwald instead of Wikileaks and what does that tell us about Wikileaks' founding philosophy?

Tune in to hear all about it.

In this week's sponsor interview we chat with Julian Fay, CTO of Senetas.

Senetas is a publicly listed Australian company that makes awesome, awesome layer 2 encryption technology, check out their stuff at Senetas.com.

Julian joins us in this week's show to talk about the demise of Truecrypt and discuss various models for ensuring quality in encryption standards and code.

Show notes

Heartbleed Redux: Another Gaping Wound in Web Encryption Uncovered | Threat Level | WIRED
http://www.wired.com/2014/06/heartbleed-redux-another-gaping-wound-in-ss...

Heartbleed Cupid Wireless Attacks Expose OpenSSL Over WPA | Threatpost | The first stop for security news
http://threatpost.com/heartbleed-exploitable-over-enterprise-wireless-ne...

GnuTLS Patches Critical Remote Code Execution Bug | Threatpost | The first stop for security news
http://threatpost.com/gnutls-patches-critical-remote-code-execution-bug/...

Google Releases End-to-End Encryption Extension | Threatpost | The first stop for security news
http://threatpost.com/google-releases-end-to-end-encryption-extension/10...

Google mocks the NSA with an Easter egg found in email encryption plugin - Neowin
http://www.neowin.net/news/google-mocks-the-nsa-with-an-easter-egg-found...

Crowdsourcing to be Part of Phase Two of TrueCrypt Audit | Threatpost | The first stop for security news
http://threatpost.com/truecrypt-cryptanalysis-to-include-crowdsourcing-a...

NIST Seeking Public Comment on SHA-3 Crypto Algorithm | Threatpost | The first stop for security news
http://threatpost.com/nist-seeks-public-comment-on-sha-3-crypto-algorith...

N.S.A. Collecting Millions of Faces From Web Images - NYTimes.com
http://www.nytimes.com/2014/06/01/us/nsa-collecting-millions-of-faces-fr...

Cut Off Glassholes' Wi-Fi With This Google Glass Detector | Threat Level | WIRED
http://www.wired.com/2014/06/find-and-ban-glassholes-with-this-artists-g...

Iranian Spies Pose as Reporters to Target Lawmakers, Defense Contractors | Threat Level | WIRED
http://www.wired.com/2014/05/iranian-spying/

Dan Farmer Presents Research on IPMI Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/vulnerabilities-in-ipmi-protocol-have-long-shelf-l...

Fake 'Placebo Apps' Booted From Google Play, Amazon | Threatpost | The first stop for security news
http://threatpost.com/placebo-security-apps-booted-from-google-play-amaz...

US disrupts $100M GameOver Zeus malware cybercrime ring - CNET
http://www.cnet.com/au/news/us-disrupts-100m-gameover-zeus-malware-cyber...

Spammer sprung to run Russian national payment system \u2022 The Register
http://www.theregister.co.uk/2014/06/04/hacker_hired_to_build_russias_na...

Hackers Infiltrate Desk Phones for Epic Office Pranks | Threat Level | WIRED
http://www.wired.com/2014/06/desk-phone-hacks/

Monsanto Suffers Data Breach at Precision Planting Unit | Threatpost | The first stop for security news
http://threatpost.com/monsanto-suffers-data-breach-at-precision-planting...

#Operation Irongeek #opirongeek Facts: On Thursday June 5 it was learned - Pastebin.com
http://pastebin.com/X9QxnX8k

Apache Patches Bugs in Tomcat | Threatpost | The first stop for security news
http://threatpost.com/apache-patches-dos-information-disclosure-bugs-in-...

June 2014 Microsoft Patch Tuesday Security Updates | Threatpost | The first stop for security news
http://threatpost.com/microsoft-expected-to-patch-ie-8-zero-day-on-patch...

The Perch Creek Family Jugband - The Great Unknown - YouTube
https://www.youtube.com/watch?v=6on7qCRpHGY

Home
http://www.perchcreek.com/

True Goodbye: 'Using TrueCrypt Is Not Secure' - Krebs on Security
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-s...

Risky Business #324 -- More SSL bugs, plus a chat with Andy Greenberg
0:00 / 52:34

Risky Business Podcast

May 29, 2014

Risky Business #323 -- Sabu, TrueCrypt march into history?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we've got a great interview with Micah Lee. He works for The Intercept, the publication Glenn Greenwald set up to report on the Snowden leaks. He's developed a very simple file transfer tool for ToR called Onionshare. It's a very simple utility that has a bunch of interesting applications.

This week's show is brought to you by Rapid7, thanks a bunch to the guys and gals there. Rapid7's Lee Weiner drops in to talk about how we lock down corporate security in a world where most of your users re-use their VPN passwords on every website they ever join.

Show notes

Lulzsec Leader and Informant 'Sabu' Let Off With Time Served | Threat Level | WIRED
http://www.wired.com/2014/05/hector-monsegur-sabu-sentencing/

US states to investigate eBay security practices - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386257,us-states-to-investigate-ebay-secur...

Apple Ransomware Targeting iCloud Users Hits Australia | Threatpost | The first stop for security news
http://threatpost.com/apple-ransomware-targeting-icloud-users-hits-austr...

TrueCrypt Warns Software 'Not Secure,' Development Shut Down | Threatpost | The first stop for security news
http://threatpost.com/ominous-warning-or-hoax-truecrypt-warns-software-n...

China accuses US of 'large-scale' cyberspying - CNET
http://www.cnet.com/au/news/china-accuses-us-of-large-scale-cyberspying/

China looks to Linux as Windows alternative - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386577,china-looks-to-linux-as-windows-alt...

Spotify alerts Android users to upgrade, citing breach - CNET
http://www.cnet.com/au/news/spotify-alerts-android-users-to-upgrade-citi...

Freedom Act passes US House, despite Silicon Valley concerns - CNET
http://www.cnet.com/au/news/freedom-act-passes-us-house-despite-silicon-...

House Initiates NIST-NSA Separation on Crypto Standards | Threatpost | The first stop for security news
http://threatpost.com/house-committee-initiates-nist-nsa-separation-on-c...

Microsoft: Ignore Unofficial XP Update Workaround
http://www.darkreading.com/microsoft-ignore-unofficial-xp-update-workaro...?

Avast support forum hack snags usernames, passwords - CNET
http://www.cnet.com/au/news/avast-support-forum-hack-snags-usernames-pas...

Complexity as the Enemy of Security - Krebs on Security
http://krebsonsecurity.com/2014/05/complexity-as-the-enemy-of-security/

HackerOne Bug Bounty Platform Lands Top Microsoft Security Expert | Threatpost | The first stop for security news
http://threatpost.com/hackerone-bug-bounty-platform-lands-top-microsoft-...

Pinterest Launches Bug Bounty Program | Threatpost | The first stop for security news
http://threatpost.com/pinterest-launches-bug-bounty-program/106321

Darpa Turns Oculus Into a Weapon for Cyberwar | Threat Level | WIRED
http://www.wired.com/2014/05/darpa-is-using-oculus-rift-to-prep-for-cybe...

NZ meteorology supercomputer hacked - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386441,nz-meteorology-supercomputer-hacked...

CryptoLocker Ransomware Competitor May Have Fatal Flaw | Threatpost | The first stop for security news
http://threatpost.com/cryptolocker-ransomware-competitor-may-have-fatal-...

Backdoor in Call Monitoring, Surveillance Gear - Krebs on Security
http://krebsonsecurity.com/2014/05/backdoor-in-call-monitoring-surveilla...

micahflee/onionshare \xb7 GitHub
https://github.com/micahflee/onionshare

Kiwicon 8: It Is On
https://www.kiwicon.org/blog/kiwicon-8-it-is-on/

LABJACD | Unearthed
https://www.triplejunearthed.com/artist/labjacd

Risky Business #323 -- Sabu, TrueCrypt march into history?
0:00 / 52:08