Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business Podcast

April 19, 2013

Risky Business #278 -- Pentest revenue figures puzzling

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is jam packed. We'll be hearing from our favourite firmware hacker, sneaky Snare, all about the leak of AMI's UEFI implementation source code and firmware signing key. What will it mean for firmware research?

We'll also be chatting with Nick Ellsmore. Nick founded a company here in Australia called SIFT, which eventually merged with Stratsec, which was then bought by BAE. These days, apart from being ridiculously wealthy, Nick has put together Delling Advisory, a consultancy focussing on mergers and acquisitions in information security.

And he's been writing some very interesting blog posts about the Australian information security market. He might be focussing on things downunder, but I'm pretty sure what we're talking about today applies everywhere -- penetration testing revenue estimates just don't add up. Nick believes a lot of mandated pentesting work in Australia is actually being done by IT systems integrators that don't actually have appropriate skills, or isn't being done at all.

This week's show is brought to you by Senetas, an absolutely awesome company that makes layer two crypto gear. You should go to Senetas.com and buy all their things. In this week's sponsor interview we're chatting with Senetas CTO Julian Fay about a proposed extension to BitCoin called Zerocoin. The extension is designed to make Bitcoin anonymous.

As always, Adam Boileau joins us for the week's news headlines. Show notes are here.

Risky Business #278 -- Pentest revenue figures puzzling
0:00 / 0:00

Risky Business Podcast

April 11, 2013

Risky Business #277 -- Vuln research trends with Mark Dowd

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is with Mark Dowd of Azimuth Security. Mark joins the show to fill us in on the latest trends in vulnerability research and exploit development. We recap CanSecWest's Pwn2Own competition and look at what 2013 has in store research-wise.

Risky.Biz is pleased to welcome a new sponsor to the lineup -- Solera Networks, makers of fine, big data security software.

These guys make packet capture-based security kit that I'm told is pretty impressive. And we've got an interesting chat in this week's sponsor interview with Solera's chief technology officer Joe Levy. We chat to him about some of the basics of big data security, as well as looking at how point solution providers are increasingly integrating their kit with established SIEM gear and log management consoles.

Insomnia Security's Adam Boileau joins us for a discussion of the week's news.

Show notes here.

Risky Business #277 -- Vuln research trends with Mark Dowd
0:00 / 0:00

Risky Business Podcast

April 06, 2013

Risky Business #276 -- Cold and flu edition

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is another shorter one! I've been sick so I just couldn't pull together a feature interview.

We've also got a chat with this week's sponsor guest Chris Gatford of the Australian security consulting firm HackLabs.

We chat to Chris about the whole Spamhaus DDoS disaster. How damaging is it when the world's media distracts business and government leaders with stuff like this? What *should* these leaders really be concerned with?

Show notes

You can find this week's show here.

DDoS Attack, Database Breach Take Down Two Bitcoin Services | threatpost
http://threatpost.com/en_us/blogs/ddos-attack-database-breach-take-down-...

Adaptive Glass - Mobile Trends | Open Letter to Instawallet
http://www.adaptiveglass.com/?p=656

Daily chart: A Bit expensive | The Economist
http://www.economist.com/blogs/graphicdetail/2013/03/daily-chart-12

Justin Schuh - Google+ - What Blink means for Chrome Security The Chromium project\u2026
https://plus.google.com/116560594978217291380/posts/AeCnq76cAXb

Vulnerability Patched in PostgreSQL Database Server | threatpost
http://threatpost.com/en_us/blogs/vulnerability-patched-postgresql-datab...

PostgreSQL: 2013-04-04 Security Release FAQ
http://www.postgresql.org/support/security/faq/2013-04-04/

SEC Consult Vulnerability Alert: Critical Vulnerabilities In Sophos Web Protection Appliance - Dark Reading
http://www.darkreading.com/vulnerability-management/167901026/security/n...

iMessage denial of service 'prank' spams users rapidly with messages, crashes iOS Messages app - The Next Web
http://thenextweb.com/apple/2013/03/29/imessage-denial-of-service-prank-...

Anonymous hacks North Korea's Twitter and Flickr accounts | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57577904-83/anonymous-hacks-north-korea...

Who Wrote the Flashback OS X Worm? - Krebs on Security
https://krebsonsecurity.com/2013/04/who-wrote-the-flashback-os-x-worm/

Huawei exec sees no growth in U.S. this year | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57577715-83/huawei-exec-sees-no-growth-...

How the Spamhaus DDoS attack could have been prevented | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57576947-83/how-the-spamhaus-ddos-attac...

FTC Announces Winners of Death-to-Robocalls Challenge | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/04/death-to-robocalls/

DHS Warns of 'TDos' Extortion Attacks on Public Emergency Networks - Krebs on Security
http://krebsonsecurity.com/2013/04/dhs-warns-of-tdos-extortion-attacks-o...

Skype, Dropbox Patch Critical Facebook Authentication Bugs | threatpost
http://threatpost.com/en_us/blogs/skype-dropbox-patch-critical-facebook-...

Using Customer Premise Equipment to Take Over the Internet | threatpost
http://threatpost.com/en_us/blogs/using-customer-premise-equipment-take-...

Phishing Campaign Using Military, Illicit Attachments | threatpost
http://threatpost.com/en_us/blogs/phishing-campaign-using-military-illic...

Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware | threatpost
http://threatpost.com/en_us/blogs/has-anyone-seen-missing-scroll-bar-pho...

Spammers Finding Favor with Google Translate | threatpost
http://threatpost.com/en_us/blogs/spammers-finding-favor-google-translat...

Android malware again targets Tibetans - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/338469,android-malware-again-targets-t...

Backdoor Uses Evernote as Command and Control Server | Security Intelligence Blog | Trend Micro
http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses...

Government Fights for Use of Spy Tool That Spoofs Cell Towers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/gov-fights-stingray-case/

Secret Files Expose Offshore's Global Impact | International Consortium of Investigative Journalists
http://www.icij.org/offshore/secret-files-expose-offshores-global-impact

Aussie software ferrets out hidden money - Strategy - Business - News - iTnews.com.au
http://www.itnews.com.au/News/338723,aussie-software-ferrets-out-hidden-...

Hackers in Uganda: A Documentary by Jeremy Zerechak - Kickstarter
http://www.kickstarter.com/projects/1456247168/hackers-in-uganda-a-docum...

Penetration Testing & Web Application Security - HackLabs
http://www.hacklabs.com/

,

The dream they have is really good. I guess they need to get the whole thing going. - Roger Stanton

Risky Business #276 -- Cold and flu edition
0:00 / 0:00

Risky Business Podcast

March 28, 2013

Risky Business #275 -- Patch Tuesday, Indicator Wednesday?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is brought to you by our longest term sponsor, Tenable Network Security, thanks guys. In this week's sponsor interview we chat with the CEO and co-founder of Tenable, industry stalwart Ron Gula. We're chatting to him about a funny idea -- that the release of indicators of compromise might become so regular that they'll have to be handled in regular info sec team workflow. So we'll have Patch Tuesday and "which IPs owned us" Wednesday.

It's a really interesting chat and it's after the news. It's a short week this week because of Easter, plus I'm in Melbourne taking care of a few things, so there's no feature interview this week.

Show notes

Spamhaus DDoS Attacks Triple Size of Attacks on US Banks | threatpost
http://threatpost.com/en_us/blogs/spamhaus-ddos-attacks-triple-size-atta...

That Internet War Apocalypse Is a Lie
http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie

South Korean cyberattack may not have come from China | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575767-83/south-korean-cyberattack-ma...

Spear Phishing Cause of South Korean Cyber Attack | threatpost
http://threatpost.com/en_us/blogs/spear-phishing-cause-south-korean-cybe...

Legal Experts: Stuxnet Attack on Iran Was Illegal 'Act of Force' | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/stuxnet-act-of-force/

Top Chinese university linked to alleged military cybercrime unit | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57576051-83/top-chinese-university-link...

Don't Just Hate CISPA - Fix It | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/03/dont-hate-cispa-fix-it/

Draft US cyber bill seeks 10 years jail for passwords 'traffickers' - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/337906,draft-us-cyber-bill-seeks-10-ye...

Outdated Java weak spots are widespread, Websense says | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57576504-83/outdated-java-weak-spots-ar...

Apple ID security issue fixed, password page back online | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575955-83/apple-id-security-issue-fix...

Apple Sets May 1 End Date for Apps that Want UDIDs | threatpost
http://threatpost.com/en_us/blogs/apple-sets-may-1-end-date-apps-want-ud...

Missouri Court Rules Against $440,000 Cyberheist Victim - Krebs on Security
http://krebsonsecurity.com/2013/03/missouri-court-rules-against-440000-c...

Attackers Shifting to Delivering Unknown Malware Via FTP and Web Pages | threatpost
http://threatpost.com/en_us/blogs/new-report-confronts-unknown-malware-p...

Privacy 101: Skype Leaks Your Location - Krebs on Security
http://krebsonsecurity.com/2013/03/privacy-101-skype-leaks-your-location/

Researchers Uncover Targeted Attack Campaign Using Android Malware | threatpost
http://threatpost.com/en_us/blogs/researchers-uncover-targeted-attack-ca...

Anonymized Phone Location Data Not So Anonymous, Researchers Find | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/anonymous-phone-location-data/

ICS Vulnerabilities Surface as Monitoring Systems Integrate with Digital Backends | threatpost
http://threatpost.com/en_us/blogs/ics-vulnerabilities-surface-monitoring...

Sensitive Enterprise Data Exposed in Amazon S3 Public Buckets | threatpost
http://threatpost.com/en_us/blogs/sensitive-enterprise-data-exposed-amaz...

83,000 Kiwis exposed in email blunder - Messaging - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/337920,83000-kiwis-exposed-in-email-bl...

Google Fixes 11 Flaws in Chrome | threatpost
http://threatpost.com/en_us/blogs/google-fixes-11-flaws-chrome-032613

Egyptian navy captures divers trying to cut undersea internet cables \u2022 The Register
http://www.theregister.co.uk/2013/03/27/egypt_cables_cut_arrest/

We have Microsoft Tuesday, so how long until we have Indicator Wednesday? | Tenable Network Security
http://www.tenable.com/blog/we-have-microsoft-tuesday-so-how-long-until-...

SW&theE | The Simon Wright Band
http://simonwright.com.au/album/sw-thee

,

Of course, the internet apocalypse is a lie. I guess we can be so sure about that one. - James Cullem

Risky Business #275 -- Patch Tuesday, Indicator Wednesday?
0:00 / 0:00

Risky Business Podcast

March 22, 2013

Risky Business #274 -- Is "active defence" legal?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature interview we chat with Jennifer Granick, the Head of Civil Liberties at Stanford University's Centre for Internet and Society. Jennifer has extensive experience with cyberlaw -- she has acted for clients as diverse as Aaron Swartz and HBGary! She's done it all! And she joins the show to talk about a few things -- is active defence ever legal? And what the hell is going on with the Computer Abuse and Fraud Act over there in the USA?

This week's show is brought to you by Senetas, makers of fine, fine crypto hardware. If you need some crypto in your second layer, I'd suggest you get in touch with these guys. Awesome gear and as you'll hear in this week's sponsor interview with Senetas co-founder and CTO Julian Fay, these guys really know their stuff.

Julian joins the show a bit later on to talk about what happens when his customers ask them to roll with custom algos because some of them don't trust those published crypto techniques.

Show notes

You can find this week's episode here.

South Korea: Chinese address source of attack
http://bigstory.ap.org/article/south-korean-banks-media-report-network-c...

South Korea traces cyberattack to IP address in China | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575494-83/south-korea-traces-cyberatt...

Theories Abound on Wiper Malware Attack Against South Korea | threatpost
http://threatpost.com/en_us/blogs/theories-abound-wiper-malware-attack-a...

Twitter / LukeCleary: @W7VOA http://t.co/EGMq34ssk6
https://twitter.com/LukeCleary/status/314268284029661186

CCD COE - The Tallinn Manual
http://www.ccdcoe.org/249.html

NATO cyberwar directive declares hackers military targets - RT USA
http://rt.com/usa/nato-publishes-cyberwar-guidelines-502/

What 420,000 insecure devices reveal about Web security | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57574919-83/what-420000-insecure-device...

Internet Census 2012
http://internetcensus2012.bitbucket.org/paper.html

Decade-old espionage malware found targeting government computers | Ars Technica
http://arstechnica.com/security/2013/03/decade-old-espionage-malware-fou...

CIA $600 Million Deal For Amazon's Cloud - Business Insider
http://www.businessinsider.com/cia-600-million-deal-for-amazons-cloud-20...

Firm faces scrutiny over hacked ABC website
http://www.smh.com.au/it-pro/security-it/firm-faces-scrutiny-over-hacked...

Experts Tell Congress Serious Deterrence Needed to Impede Foreign Cyber Attacks | threatpost
http://threatpost.com/en_us/blogs/experts-tell-congress-serious-deterren...

AT&T Hacker 'Weev' Sentenced to 3.5 Years in Prison | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/att-hacker-gets-3-years/

Keys denies giving Tribune log-in credentials to Anonymous | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575499-83/keys-denies-giving-tribune-...

Cautious Optimism over Google DNSSEC Deployment | threatpost
http://threatpost.com/en_us/blogs/cautious-optimism-over-google-dnssec-d...

Java Code, Details Released for Potential Sandbox Bypass Issue | threatpost
http://threatpost.com/en_us/blogs/java-bug-code-details-released-allowed...

Vulnerabilities Continue to Weigh Down Samsung Android Phones | threatpost
http://threatpost.com/en_us/blogs/vulnerabilities-continue-weigh-down-sa...

www.revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf
http://www.revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf

Cisco switches to weaker hashing scheme, passwords cracked wide open | Ars Technica
http://arstechnica.com/security/2013/03/cisco-switches-to-weaker-hashing...

Apple adds two-step verification option for Apple IDs | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575655-83/apple-adds-two-step-verific...

Crown casino made no formal complaint to police after $32 million scam | News.com.au
http://www.news.com.au/national-news/victoria/crown-casino-made-no-forma...

Crown casino hi-tech scam nets $32 million | News.com.au
http://www.news.com.au/breaking-news/crown-casino-hi-tech-scam-nets-32-m...

'Chameleon Botnet' takes $6-million-a-month in ad money | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57575320-83/chameleon-botnet-takes-$6-million-a-month-in-ad-money/

Security reporter hit by 'swatting' attack | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57574677-83/security-reporter-hit-by-sw...

Jennifer Granick | Center for Internet and Society
http://cyberlaw.stanford.edu/about/people/jennifer-granick

Senetas grants master distribution status to SafeNet - SafeNet, Senetas, distribution deals - ARN
http://www.arnnet.com.au/article/455608/senetas_grants_master_distributi...

Ash Grunwald - Longtime - YouTube
https://www.youtube.com/watch?v=n2jI1xlzjCo&playnext=1&list=PL64A7F7A1AC...

,

The source of attack will be very good. They need to get the whole thing very good. - James Cullem

Risky Business #274 -- Is "active defence" legal?
0:00 / 0:00

Risky Business Podcast

March 15, 2013

Risky Business #273 -- The birth of the online Pinkertons?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's feature interview we're chatting to industry legend and In-Q-Tel CSO Dan Geer about the idea of offence as defence. If someone's attacking you do you have the moral right to attack them back? Dan actually thinks you do.

This week's show is brought to you by Adobe.

Adobe's head of product security and privacy Brad Arkin pops along to have a bit of a chat about the busy few months they've been having at Adobe dealing with some interesting bugs.

Show notes

Intelligence chief offers dire warning on cyberattacks | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573902-83/intelligence-chief-offers-d...

Spy Chief Says Little Danger of Cyber 'Pearl Harbor' in Next Two Years | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/no-cyber-pearl-harbor/

RBA Chinese hack attack not an online security threat | Crikey
http://www.crikey.com.au/2013/03/12/reserve-bank-hacking-raises-question...

Twitter OAuth API Keys Leaked | threatpost
http://threatpost.com/en_us/blogs/twitter-oauth-api-keys-leaked-030713

Spy Agencies to Get Access to U.S. Bank Transactions Database | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/spy-agencies-to-get-access-to-u...

Secret Courtroom Audio Gives WikiLeaker Bradley Manning a Voice | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/manning_audio/

Retailer Sues Visa Over $13 Million 'Fine' for Being Hacked | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/genesco-sues-visa/

LinkedIn Data Breach Lawsuit Dismissed | threatpost
http://threatpost.com/en_us/blogs/linkedin-data-breach-lawsuit-dismissed...

Doctors 'used fake fingers' to clock in for colleagues at ER | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57574079-83/doctors-used-fake-fingers-t...

Google rolls out initiative to help hacked sites | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573986-83/google-rolls-out-initiative...

FBI investigating how sensitive celebrity data landed on Web | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573983-83/fbi-investigating-how-sensi...

White House demands China cease alleged hacking activity | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573715-83/white-house-demands-china-c...

China claims it's willing to talk to U.S. about cybersecurity | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573805-83/china-claims-its-willing-to...

How Skype monitors and censors its Chinese users | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573243-83/how-skype-monitors-and-cens...

Many Watering Holes, Targets In Hacks That Netted Facebook, Twitter and Apple | The Security Ledger
http://securityledger.com/many-watering-holes-targets-in-hacks-that-nett...

Colin Powell's Facebook page defaced | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573607-83/colin-powells-facebook-page...

Researchers highlight potential security risk to iOS users | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573765-83/researchers-highlight-poten...

Apple marketing chief jabs Android security on Twitter | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573152-83/apple-marketing-chief-jabs-...

Apple Finally Fixes App Store Vulnerabilities | threatpost
http://threatpost.com/en_us/blogs/apple-finally-fixes-app-store-vulnerab...

Researchers win $100,000 for Chrome hack that leaves Windows vulnerable | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57573064-83/researchers-win-$100000-for-chrome-hack-that-leaves-windows-vulnerable/

Microsoft patches against evil maid attack - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/336293,microsoft-patches-against-evil-...

Adobe Fixes Four Critical Flaws in Flash | threatpost
http://threatpost.com/en_us/blogs/adobe-fixes-four-critical-flaws-flash-...

'Herp Derp EFTPOS' update goes public - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/336046,herp-derp-eftpos-update-goes-public...

Hijacked webcam footage paraded online - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/336184,hijacked-webcam-footage-paraded...

Indian Govt pays bounty for botnet probe - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/336271,indian-govt-pays-bounty-for-bot...

DOWNLOAD: Kenneth Bager - Fragment Seven (Les Fleurs) (Jesse Rose remix) - RCRD LBL
http://rcrdlbl.com/2009/01/21/download_kenneth_bager_fragment_seven_les_...

,

Those cyber attacks are imminent. I guess we all should be aware of that one. - Kris Krohn

Risky Business #273 -- The birth of the online Pinkertons?
0:00 / 0:00

Risky Business Podcast

March 07, 2013

Risky Business #272 -- Jon Callas talks Silent Circle

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we chat to PGP Corporation co-founder Jon Callas. Jon's been in the security business for a long time and he's bringing us up to speed on his latest venture, Silent Circle.

This week's show is brought to you by the Australian security consulting and penetration testing firm HackLabs. And we've got a really interesting sponsor interview with HackLabs head honcho Chris Gatford about how many, many organisations simply don't do any foot-printing... and it means they miss so much! Come on people, it's a two-day job!

Adam Boileau, as usual, joins us for this week's news segment.

Show notes

Episode 272 can be found here.

The Java Zero-Day Procession Continues | threatpost
http://threatpost.com/en_us/blogs/java-zero-day-procession-continues-030113

New Java 0-Day Attack Echoes Bit9 Breach - Krebs on Security
http://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-bre...

Oracle issues emergency Java update to patch vulnerabilities | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572496-83/oracle-issues-emergency-jav...

Prompted by Oracle Rejection, Researcher Finds Five New Java Sandbox Vulnerabilities | threatpost
http://threatpost.com/en_us/blogs/prompted-oracle-rejection-researcher-f...

More Java-based malware plagues the cross-platform runtime | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572168-83/more-java-based-malware-pla...

Jailed hacker allowed into IT class, hacks prison computers | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572282-83/jailed-hacker-allowed-into-...

Groundbreaking Cyber Fast Track Research Program Ending | threatpost
http://threatpost.com/en_us/blogs/groundbreaking-cyber-fast-track-resear...

Google Says the FBI Is Secretly Spying on Some of Its Customers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/google-nsl-range/

Attorney General: Aaron Swartz Case Was a 'Good Use of Prosecutorial Discretion' | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/holder-swartz-case/

White House, FCC Chairman Support Legalizing Unlocking of Mobile Phones | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/03/mobile-phone-unlock/

Mobile Malcoders Pay to (Google) Play - Krebs on Security
http://krebsonsecurity.com/2013/03/mobile-malcoders-pay-to-google-play/

APT1-Themed Spear Phishing Campaign Linked to China | threatpost
http://threatpost.com/en_us/blogs/apt1-themed-spear-phishing-campaign-li...

Google Patches 10 Chrome Flaws Ahead of Pwn2Own, Pwnium | threatpost
http://threatpost.com/en_us/blogs/google-patches-10-chrome-flaws-ahead-p...

Time Stamp Bug in Sudo Could Have Allowed Code Entry | threatpost
http://threatpost.com/en_us/blogs/time-stamp-bug-sudo-could-have-allowed...

MiniDuke Espionage Campaign Began About a Year Earlier Than First Thought | threatpost
http://threatpost.com/en_us/blogs/miniduke-espionage-campaign-began-abou...

Apple Begins to Blacklist Old Versions of Flash for Safari | threatpost
http://threatpost.com/en_us/blogs/apple-begins-blacklist-old-versions-fl...

Evernote Compromised, But Says No User Data Affected | threatpost
http://threatpost.com/en_us/blogs/evernote-compromised-says-no-user-data...

Locked-down BlackBerry offers classified, personal use | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572337-83/locked-down-blackberry-offe...

CloudFlare security service goes down after router failure | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572259-83/cloudflare-security-service...

The most secure Android phone in the world (maybe) | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57571961-83/the-most-secure-android-pho...

Sudden death of U.S. engineer in Singapore linked to cyber espionage? | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57572070-83/sudden-death-of-u.s-enginee...

Dropbox users getting spammed, might be from earlier hack | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57571968-83/dropbox-users-getting-spamm...

Anonymous leaks alleged data on BofA execs, surveillance | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57571955-83/anonymous-leaks-alleged-dat...

Dell builds sinkhole data-sharing platform - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/335362,dell-builds-sinkhole-data-shari...

CommBank builds security fault tree after RSA breach - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/335102,commbank-builds-security-fault-...

Use decoy and deception to mess with hackers - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/335049,use-decoy-and-deception-to-mess...

Hackers focus energy on solar sector - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/335003,hackers-focus-energy-on-solar-s...

silent circle - Google Search
https://www.google.com/search?q=silent+circle&aq=f&oq=silent+circle&aqs=...

Here's this week's sponsor: Buy their stuff!!!

Penetration Testing & Web Application Security - HackLabs
http://www.hacklabs.com/

,

The zero day attack is really good. I guess they are aware of what they have. - Kris Krohn

Risky Business #272 -- Jon Callas talks Silent Circle
0:00 / 0:00

Risky Business Podcast

March 01, 2013

Risky Business #271 -- All your funnycats R belong 2 APT1

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Mandiant's Managing Director of Threat Intelligence, Dan McWhorter, about that company's report into Chinese cyber espionage activity.

Mandiant dropped the report last week and it's caused quite a stir, even eliciting a response from the Whitehouse and Chinese officials.

That's an interesting conversation and it's after the news.

This week's show is brought to you by Tenable Network Security, makers of fine vulnerability scanning and SIEM software. Tenable's product manager and all-round nice guy Jack Daniel will be along in this week's sponsor interview to discuss some other aspects of this APT1 issue.

Like, for example, how the attackers were using executable trojans embedded in zip files and still managed to own half the Western world's intellectual property. That's this week's sponsor interview -- an interesting blend of hilarious and depressing.

Show notes

Bradley Manning Takes "Full Responsibility" for Giving WikiLeaks Huge Government Data Trove | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/bradley-manning/

The Incredible Rise and Fall of a Hacker Who Found the Secrets of the Next Xbox and PlayStation-And Maybe More
http://kotaku.com/5986239/the-rise-and-fall-of-superdae-a-most-unusual-v...

Sentencing of LulzSec double agent postponed | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57570764-83/sentencing-of-lulzsec-doubl...

Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/new-stuxnet-variant-found/

EXCLUSIVE: Hacked ABC website likely breached by crooks in 2011 | Risky Business
http://risky.biz/opwilders

MiniDuke Espionage Malware Hits Governments in Europe Using Adobe Exploits | threatpost
http://threatpost.com/en_us/blogs/miniduke-espionage-malware-hits-govern...

Adobe Patches Two Critical Flash Player Vulnerabilities | threatpost
http://threatpost.com/en_us/blogs/adobe-patches-two-critical-flash-playe...

Chrome 25 Fixes Nine High-Risk Vulnerabilities | threatpost
http://threatpost.com/en_us/blogs/chrome-25-fixes-nine-high-risk-vulnera...

Latest Kelihos Botnet Shut Down Live at RSA Conference 2013 | threatpost
http://threatpost.com/en_us/blogs/latest-kelihos-botnet-shut-down-live-r...

RSA Conference 2013: Experts Say It's Time to Prepare for a 'Post-Crypto' World | threatpost
http://threatpost.com/en_us/blogs/rsa-conference-2013-experts-say-its-ti...

Two More Java Zero Days Found by Polish Research Team | threatpost
http://threatpost.com/en_us/blogs/two-more-java-zero-days-found-polish-r...

Microsoft Azure Cloud Storage Suffers Major Outage Over Expired SSL Certificate | threatpost
http://threatpost.com/en_us/blogs/microsoft-azure-cloud-storage-suffers-...

Feds Used Aaron Swartz's Political Manifesto Against Him | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/aaron-swartz-manifesto/

Facebook Patches OAuth Authentication Vulnerability | threatpost
http://threatpost.com/en_us/blogs/facebook-patches-oauth-authentication-...

China blames U.S. for most cyberattacks against military Web sites | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57571811-83/china-blames-u.s-for-most-c...

Add Microsoft to list of hacked companies | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57570861-83/add-microsoft-to-list-of-ha...

ATO passwords stored in clear text - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/334921,ato-passwords-stored-in-clear-t...

Mandiant Intelligence Center Report | Mandiant\xae
http://intelreport.mandiant.com/

Tenable Network Security
http://www.tenable.com/

Das EFX - Straight Out The Sewer - YouTube
http://www.youtube.com/watch?v=xXSsLa3PlDc

Patrick Gray on ABC television, discussing ABC breach
http://www.abc.net.au/7.30/content/2013/s3699924.htm

,

Xbox and Playstation has its secret? Wow, this is a conspiracy theory in one way or another. - Mission Maids

Risky Business #271 -- All your funnycats R belong 2 APT1
0:00 / 0:00

Risky Business Podcast

February 22, 2013

Risky Business #270 -- Red teaming your law firm for fun and profit

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're taking a look at the issue of secondary targeting. These days it's borderline likely that attackers who want information on your company's upcoming mergers and acquisition activity won't even bother attacking you to get the intel. They'll go for your law firm instead... or your accountants... or another partner.

CERT Australia Executive Manager Dr. Carolyn Patterson joins the show to talk about that.

This week's show is brought to you by Senetas, makers of fine, layer 2 encryption hardware boxens! If you're planning a greenfields development, please, please, please go visit the Senetas website. They're a publicly listed company and they make really good gear. This week's sponsor interview is with Senetas co-founder and CTO Julian Fay, who as you'll discover, really knows what he's talking about.

This week we chat to Julian about the various certification schemes out there -- FIPS, Common Criteria and CAPS. We talk about some of the problems with these schemes, and also about some of the changes that are being made to them. Certification is changing, big time, so make sure you listen to that one.

Risky Business #270 -- Red teaming your law firm for fun and profit
0:00 / 0:00

Risky Business Podcast

February 15, 2013

Risky Business #269 -- Dave Aitel on the end of clientsides

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we have a chat with industry stalwart Dave Aitel of Immunity Inc.

Dave joins us to chat about a few things -- like what it will be like when clientside memory corruption exploits become as rare as server side corruption exploits are now. How will that change the security discipline? We also have a chat about El Jefe and sneaky ways of handling command and control.

This week's show is brought to you by NCC Group, the global information security firm. NCC Group's Asia Pacific General Manager and BeEF project creator Wade Alcorn joins us in this week's sponsor slot to chat about recent Ruby on Rails bugs. It's been patched three times in the last month! But how much of a problem is that for you?

Is Ruby on Rails being used for serious business? Should it be?

You can find Patrick on Twitter here and Adam here.

Show notes

Security Firm Bit9 Hacked, Used to Spread Malware - Krebs on Security
http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spr...

Microsoft Report Examines Socio-Economic Relationships to Malware Infections | threatpost
http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-econom...

Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives | threatpost
http://threatpost.com/en_us/blogs/cybersecurity-executive-order-short-ac...

White House Must Respond to Petition Seeking Swartz Prosecutor's Firing | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/swartz-prosecutor-petition/

DHS Watchdog OKs 'Suspicionless' Seizure of Electronic Devices Along Border | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/

Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats:In Turn, It's PDF Time
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html

Emergency Adobe Flash Player Patches Fix Pair of Zero Days | threatpost
http://threatpost.com/en_us/blogs/emergency-adobe-flash-player-patched-f...

Microsoft's next Patch Tuesday to fix 57 security bugs | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57568412-83/microsofts-next-patch-tuesd...

Hackers can easily breach Emergency Alert Systems | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569322-83/hackers-can-easily-breach-e...

Ransomware cybercrime ring dismantled in Europe | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569321-83/ransomware-cybercrime-ring-...

Old OS X malware used in increased attacks against Uyghur groups | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569252-83/old-os-x-malware-used-in-in...

Anonymous fails to shut down live streams of Obama address | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569098-83/anonymous-fails-to-shut-dow...

Gmail of journalists in Myanmar said to be hacked | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57568840-83/gmail-of-journalists-in-mya...

Audacious Hack Exposes Bush Family Pix, E-Mail | The Smoking Gun
http://www.thesmokinggun.com/documents/bush-family-hacked-589132

Telecom NZ says 22,500 Xtra email accounts hacked - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/333169,telecom-nz-says-22500-xtra-emai...

Yahoo! Pushing Java Version Released in 2008 - Krebs on Security
http://krebsonsecurity.com/2013/02/yahoo-pushing-java-version-released-i...

Mega security bugs detailed - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331952,mega-security-bugs-detailed.aspx

Australian Tax System Breached By Criminals
http://www.smh.com.au/it-pro/security-it/criminals-breach-australian-tax...

CERT Australia rebuffs ex-staff criticism - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331618,cert-australia-rebuffs-ex-staff...

Theoretical Lucky Thirteen TLS Attacks Could Turn Practical | threatpost
http://threatpost.com/en_us/blogs/theoretical-lucky-thirteen-tls-attacks...

VMware Fixes Privilege Escalation Vulnerability | threatpost
http://threatpost.com/en_us/blogs/vmware-fixes-privilege-escalation-vuln...

Ballot-stuffing bot hits News Ltd polls - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331994,ballot-stuffing-bot-hits-news-l...

The Ubermotive Guide to Media Influence |
http://www.ubermotive.com/?p=68

Media Watch: News gets gamed (11/02/2013)
http://www.abc.net.au/mediawatch/transcripts/s3688053.htm?site=westernvic

Anonymous intends to block Webcasts of State of the Union | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569044-83/anonymous-intends-to-block-...

IMMUNITY : Knowing You're Secure
http://www.immunityinc.com/products-eljefe.shtml

IMMUNITY : Knowing You're Secure
http://www.immunityinc.com/products-swarm.shtml

JaFFer Music, Lyrics, Songs, and Videos
http://www.reverbnation.com/jafferband

BeEF - The Browser Exploitation Framework Project
http://beefproject.com/

Information Security, Escrow & Other Solutions - NCC Group
http://www.nccgroup.com/

,

This week's show should not be missed. i am definite for the real thing that we will learn on this show. looking forward to it. - Flemings Ultimate Garage

Risky Business #269 -- Dave Aitel on the end of clientsides
0:00 / 0:00