Risky Business Podcast

February 08, 2013

Risky Business #268 -- Outsource your bug bounty program?

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's feature interview is with Casey Ellis of BugCrowd.com -- a new business that runs outsourced bug bounty programs. It's a great idea and it's one that I personally think will really take off over the next couple of years.

This week's show is brought to you by our good friends at Adobe.

Adobe's director of product security and privacy Brad Arkin will be along a bit later on with an update on the phantom 0day issue the company experienced last year, as well as filling us in on some efforts designed to combat spearphishing attacks that use dodgy Flash objects embedded in Office files. It's more interesting than it sounds!

Adam Boileau is back in the news seat for a chat about recent headlines. You can find links to all the articles we discussed here.

Risky Business #268 -- Outsource your bug bounty program?

0:00 / 0:00

Risky Business Podcast

December 13, 2012

Risky Business #267 -- 2012 in review

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's show takes a look back at some of the big issues and stories of 2012: The arrest of the Lulzsec crew, the release of Stratfor's email by Wikileaks and the Australian government ban on Huawei participating in the NBN rollout.

With bonus lulz.

This is the final episode of Risky Business for 2012. We'll be back in February 2013!

Risky Business #267 -- 2012 in review

0:00 / 0:00

Risky Business Podcast

December 07, 2012

Risky Business #266 -- ToR, BitCoin, crooks and quantum key distribution

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

On this week's show we're talking ToR and BitCoin with Alice Hutchings, a Senior Researcher and Analyst with the Australian Institute of Criminology's Global, Economic and Electronic Crime Program.

ToR helps dissidents in foreign countries access information their governments deem unsavoury -- but it also provides a layer of protection to the consumers of child porn. Combine it with technology like BitCoin and bang, you've got Silk Road. Given the illicit uses of such technology, is volunteering to run a ToR server moral?

It's a fun, completely pointless academic conversation and it's coming up after the news!

This week's show is brought to you by Senetas, makers of fine layer 2 encryption technology. Senetas CTO Julian Fay joins us in this week's sponsor interview and we're talking all about Quantum Key Distribution.

It's a technology that is available commercially and after listening to that interview you'll actually know what it does and how it works! I learned a lot doing that interview. It's good stuff.

Show notes

John McAfee Hospitalized in Guatemala | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/12/threatlevel_1206_mcafeehospital/

Sophisticated botnet steals more than $47M by infecting PCs and phones | Ars Technica
http://arstechnica.com/security/2012/12/sophisticated-botnet-steals-more...

Bank Agrees to Reimburse Hacking Victim $300K in Precedent-Setting Case | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/bank-to-pay-hacking-victim/

Massive worm hits Tumblr, spams big blogs like USA Today | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57556784-83/massive-worm-hits-tumblr-sp...

Pentagon Deploying DARPA to Wage War on Backdoors | threatpost
http://threatpost.com/en_us/blogs/pentagon-deploying-darpa-wage-war-back...

Google Launches Private Android App Stores | threatpost
http://threatpost.com/en_us/blogs/google-launches-private-android-app-st...

Hackers steal customer info from insurance provider Nationwide | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57557408-83/hackers-steal-customer-info...

U.S., U.K. caught in middle of huge Swiss spy data leak -- report | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57557004-83/u.s-u.k-caught-in-middle-of...

ATM Thieves Swap Security Camera for Keyboard - Krebs on Security
http://krebsonsecurity.com/2012/12/atm-thieves-swap-security-camera-for-...

Twitter SMS bug lets hackers tweet via other users' accounts | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57557050-83/twitter-sms-bug-lets-hacker...

Security Essentials fails latest AV-Test | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57556340-83/security-essentials-fails-l...

Judge Gives Bradley Manning Permission to Plead Guilty for WikiLeaks Dumps | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/manning-plea-terms-accepted/

Congress Demands United Nations Keep Hands Off the Internet | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/12/united-nations-internet-regs/

Mac malware follows Flashback - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/325137,mac-malware-follows-flashback.aspx

Six Security Flaws Fixed in BIND 9.9.2 | threatpost
http://threatpost.com/en_us/blogs/six-security-flaws-fixed-bind-992-120512

Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday | threatpost
http://threatpost.com/en_us/blogs/microsoft-fixing-11-vulnerabilities-de...

Experts Downplay MySQL Database Zero-Days | threatpost
http://threatpost.com/en_us/blogs/experts-downplay-mysql-database-zero-d...

Austrian Police Raid ToR Exit Node Admin
http://www.scmagazine.com.au/News/324804,tor-exit-node-operator-raided-b...

Senetas - Hybrid Quantum Encryption
http://www.senetas.com/products/products/hybrid-quantum-encryption.htm

,

Being hospitalized in Guatemala is really interesting. I would want to know what the hospital looks like in there. - Feed the Children Reviews

Risky Business #266 -- ToR, BitCoin, crooks and quantum key distribution

0:00 / 0:00

Risky Business Podcast

November 30, 2012

Risky Business #265 -- Reliably detecting 0day with crash dumps

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

On this week's show were chatting with Rex Warren of Leviathan Security in the United States.

Leviathan has been working with DARPA on an interesting new system that can reliably detect failed 0day exploitation attempts against hosts. Basically these guys are just grabbing Dr. Watson crash dumps at the gateway, but where it gets interesting is when we look at what they do with those crash dumps. Emulation FTW.

This week's show is brought to you by the fine folk at Tenable Network Security. If you need vulnerability scanning or SIEM software you really need to go visit their website. On this week's show we're revisiting the topic of phantom 0day with Ron Gula, the chief executive and co-founder of Tenable. We'll also be chatting to him about whether or not the biggest threat to users in the future could be social engineering.

Show notes

Zero-day hotel keycard hack goes unfixed, now being used by Texas thieves | ExtremeTech
http://www.extremetech.com/electronics/141557-zero-day-hotel-keycard-hac...

UN nuclear watchdog confirms data leak | ZDNet
http://www.zdnet.com/un-nuclear-watchdog-confirms-data-leak-7000008001/

Chrome Zero-Day Presentation Gives Way to Mandatory Military Service | threatpost
http://threatpost.com/en_us/blogs/chrome-zero-day-presentation-gives-way...

Google Repairs High-Risk Flaw in Chrome | threatpost
http://threatpost.com/en_us/blogs/google-repairs-high-risk-flaw-chrome-1...

Cisco and "8 Diamonds" threaten Chinese security
http://tech.sina.com.cn/t/2012-11-27/09207834698.shtml

Update: Attack on Romanian TLD Register led to Google, Yahoo Defacements and DNS Redirects | threatpost
http://threatpost.com/en_us/blogs/update-attack-romanian-tld-register-le...

DSD issues advice for executives tackling BYOD | ZDNet
http://www.zdnet.com/au/dsd-issues-advice-for-executives-tackling-byod-7...

Credit card companies' WikiLeaks block just fine, EU says | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57554855-83/credit-card-companies-wikil...

Romanian hackers behind $30m Australian credit card theft - ABC News (Australian Broadcasting Corporation)
http://www.abc.net.au/news/2012-11-29/afp-uncovers-romanian-card-hacking...

Second person guilty in AT&T iPad prank hack - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/324412,second-person-guilty-in-att-ipa...

Researcher reveals backdoor access in Samsung printers | ZDNet
http://www.zdnet.com/researcher-reveals-backdoor-access-in-samsung-print...

Java Zero-Day Exploit on Sale for 'Five Digits' - Krebs on Security
https://krebsonsecurity.com/2012/11/java-zero-day-exploit-on-sale-for-fi...

Kaseya patches platform vulnerability - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/323797,kaseya-patches-platform-vulnera...

Piwik Update Infected with Backdoor Malware | threatpost
http://threatpost.com/en_us/blogs/piwik-update-infected-backdoor-malware...

Researcher Finds Nearly Two Dozen SCADA Bugs in a Few Hours' Time | threatpost
http://threatpost.com/en_us/blogs/researcher-finds-nearly-two-dozen-scad...

Symantec Warns of New Malware Targeting SQL Databases | threatpost
http://threatpost.com/en_us/blogs/symantec-warns-new-malware-targeting-s...

,

Good blog post!! Thank you a lot for providing individuals with an exceptionally terrific opportunity to read from this site. It's usually very ideal and also full of amusement for me and my office peers to search the blog the equivalent of three times in a week to read through the fresh secrets you have got.
villa rental koh samui

,

The hack has been pretty good so far. We all need to get the whole thing involved. - Feed the Children Reviews

Risky Business #265 -- Reliably detecting 0day with crash dumps

0:00 / 0:00

Risky Business Podcast

November 23, 2012

Risky Business #264 -- Three Guys With Ponytails Talk About Security

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

On this week's show I'll being playing an excerpt from a panel discussion that took place at Kiwicon -- the session was called Three Guys with Ponytails Talk Security. The three guys are PGP Corporation co-founder Jon Callas, nCipher co-founder Nicko van Someren and the University of Auckland's Peter Gutmann.

The topics include quantum computing and Peter's oddly overkill print server.

This week's show is brought to you by Adobe! Adobe's head of product security and privacy Brad Arkin joins the show in this week's sponsor segment to talk about what he's calling "phantom 0day".

Show notes

U.S. accused of cyberattack on French government | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57553153-83/u.s-accused-of-cyberattack-...

FreeBSD Servers Compromised; Third-Party Software Packages Could be Impacted | threatpost
http://threatpost.com/en_us/blogs/freebsd-servers-compromised-third-part...

Hacker found guilty of massive AT&T-iPad site breach | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57552852-83/hacker-found-guilty-of-mass...

Attackers Had Access for Months in South Carolina Data Breach | threatpost
http://threatpost.com/en_us/blogs/attackers-had-access-months-south-caro...

Researchers Remotely Control Smart Cards with Malware PoC | threatpost
http://threatpost.com/en_us/blogs/researchers-remotely-control-smart-car...

John McAfee, Unhinged: His Bizarre Breaks From Reality | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/mcafee-unhinged/

Megaupload Assisted U.S. Prosecution of Smaller File-Sharing Service | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/megaupload-investigation-roots/

Microsoft hands Windows 8 Pro to pirates by mistake | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57552960-83/microsoft-hands-windows-8-p...

Anonymous escalates its 'cyberwar' against Israel | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57552168-83/anonymous-escalates-its-cyb...

Obama reportedly signs secretive cybersecurity policy directive | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57550092-83/obama-reportedly-signs-secr...

Facebook Enabling HTTPS by Default for North American Users | threatpost
http://threatpost.com/en_us/blogs/facebook-enabling-https-default-north-...

Aussie researchers paid to make US drones unhackable - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/323047,aussie-researchers-paid-to-make...

Operation High Roller Now Targets Europe's SEPA Network and Large US Bank | threatpost
http://threatpost.com/en_us/blogs/operation-high-roller-now-targets-euro...

Pwning Androids, iPhones with Exchange - Messaging - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/323360,pwning-androids-iphones-with-ex...

Researcher owns blue chip managed service platforms - Cloud - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/323288,researcher-owns-blue-chip-manag...

Judge throws out Steam breach lawsuit over lack of "harm" - SC Magazine
http://www.scmagazine.com/judge-throws-out-steam-breach-lawsuit-over-lac...

Who is McAfee? | The official Blog of John McAfee. -[ www.whoismcafee.com ]-
http://www.whoismcafee.com/

This week's feature track: Can't Get Enough by Supergroove
http://www.youtube.com/watch?v=9gEy2FJ_AiA

,

Does the French government know how to back up what they are saying? If so, they might have to get themselves a good evidence. - Feed the Children Reviews

Risky Business #264 -- Three Guys With Ponytails Talk About Security

0:00 / 0:00

Risky Business Podcast

November 15, 2012

Risky Business #263 -- Data retention and the national security review

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

In this week's feature interview we're chatting with the Assistant Commissioner of the Australian Federal Police, Neil Gaughan.

He's the national manager of High Tech Crime Operations and he's joining us to discuss the ongoing national security review. As a part of that review the government is introducing laws that will force ISPs and other Carriage Service Providers (CSPs) to store information on Australian citizens for two years. It sounds scary, but as you'll hear the data covered by the proposed new law is actually pretty mundane stuff like DHCP and SIP logs.

We have a new Risky Business sponsor this week, an Australian company named Senetas. These guys make layer 2 crypto gear which I find very, very interesting. So in this week's sponsor interview I basically just had a yarn with Senetas co-founder and CTO Julian Fay about where that sort of gear is most useful. As you'll hear, Julian knows networks and he knows crypto.

Adam Boileau, as usual, joins us for the week's news headlines.

Show notes

This week's feature interview source material:
------------------------------------------------------------------------

The AFP's definition of communications metadata:
http://scott-ludlam.greensmps.org.au/sites/default/files/afpdoc.pdf

This week's news items:
------------------------------------------------------------------------

John McAfee, in Hiding, Condemns Belizean Government as 'Pirates' | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/mcafee-essay/

Skype Restores Password Resets, Repairs Flaw that Allows Account Hijacking | threatpost
http://threatpost.com/en_us/blogs/skype-suspends-password-resets-investi...

Attackers Compromise Adobe Connect User Site | threatpost
http://threatpost.com/en_us/blogs/attackers-compromise-adobe-connect-use...

Google Puts Flash in a Sandbox on OS X | threatpost
http://threatpost.com/en_us/blogs/google-puts-flash-sandbox-os-x-111412

Bradley Manning Offers to Plead Guilty to Partial Charges, Including Leaking to WikiLeaks | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/bradley-manning-plea-notice/

============================================
SPONSORED WHITEPAPERS. READ 'EM TO SUPPORT RISKY BUSINESS!

Senetas - Security Products White Papers
http://www.senetas.com/products/resources/white-papers.htm
============================================

Given Tablets but No Teachers, Ethiopian Children Teach Themselves | MIT Technology Review
http://www.technologyreview.com/news/506466/given-tablets-but-no-teacher...

Dictionary apps post false piracy confessions on Twitter - Crave
http://www.cnet.com.au/dictionary-apps-post-false-piracy-confessions-on-...

Hong Kong stock exchange hacker sentenced to jail | ZDNet
http://www.zdnet.com/cn/hong-kong-stock-exchange-hacker-sentenced-to-jai...

Blizzard Sued Over Data Breach, Authenticator Sales | threatpost
http://threatpost.com/en_us/blogs/blizzard-sued-over-data-breach-authent...

Twitter Resets More Passwords Than Accounts Hacked | threatpost
http://threatpost.com/en_us/blogs/twitter-resets-more-passwords-accounts...

Ransomware a growing menace, says Symantec | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57548314-83/ransomware-a-growing-menace...

Microsoft Update Includes Critical Security Update for IE 9, First Patches for Windows 8, RT | threatpost
http://threatpost.com/en_us/blogs/microsoft-update-includes-critical-sec...

Variant of Mac Malware Targets Tibetan Activists | threatpost
http://threatpost.com/en_us/blogs/variant-mac-malware-targets-tibetan-ac...

Memory Bug Fixed in Tor Client | threatpost
http://threatpost.com/en_us/blogs/memory-bug-fixed-tor-client-110912

This week's feature track:
------------------------------------------------------------------------

The Afrobiotics - Don't Play With Fire on Official.fm
http://official.fm/tracks/yG16

Risky Business #263 -- Data retention and the national security review

0:00 / 0:00

Risky Business Podcast

November 08, 2012

Risky Business #262 -- Side channel VM crypto attacks are badass

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

On this week's show we're chatting with renowned megabrain Peter Gutmann about a paper on side channel attacks against crypto keys in virtualised environments. It's really complicated stuff, but very, very interesting.

Peter didn't do this research or write the paper, but I always like getting his take on this stuff because... well... he's really smart and he doesn't overhype stuff. That's after the news.

This week's show is brought to you by a new sponsor! NCC Group! Yay!

These guys have been the acquisition monster over the last couple of years, picking up NGS Security, iSec Partners and Matasano, among others. They're a large infosec company these days with a lot of extremely clever people working for them.

Joining us in this week's sponsor interview is Wade Alcorn, the Australia country manager for NCC Group... he's also the founder of the BeEF project and a very smart guy. He's joining us to have a chat about some interesting developments in Japan where a bunch of people have been arrested and charged with criminal offences for writing grey-market and downright illegal mobile apps.

Show notes

Experts Warn of Zero-Day Exploit for Adobe Reader - Krebs on Security
http://krebsonsecurity.com/2012/11/experts-warn-of-zero-day-exploit-for-...

Adobe Patches Critical Memory Vulnerabilities in Flash Player, AIR | threatpost
http://threatpost.com/en_us/blogs/adobe-patches-critical-memory-vulnerab...

COLUMBIA, S.C. - Lawsuit over SC Revenue security breach expanded - State & Regional - TheState.com
http://www.thestate.com/2012/11/05/2508579/lawsuit-over-sc-revenue-secur...

PixSteal-A Trojan Steals Images, Uploads to Iraqi FTP Server | threatpost
http://threatpost.com/en_us/blogs/pixsteal-trojan-steals-images-uploads-...

M3AAWG Recommends New DKIM Best Practices | threatpost
http://threatpost.com/en_us/blogs/m3aawg-recommends-new-dkim-best-practi...

Google Adds Malware Scanner to Jelly Bean 4.2 | threatpost
http://threatpost.com/en_us/blogs/google-adds-malware-scanner-jelly-bean...

Android Smishing Vulnerability Found in Android Open Source Project Firmware | threatpost
http://threatpost.com/en_us/blogs/android-smishing-vulnerability-found-a...

Coke Gets Hacked And Doesn't Tell Anyone - Businessweek
http://www.businessweek.com/news/2012-11-04/coke-hacked-and-doesn-t-tell

More VMware ESX Source Code Posted Online | threatpost
http://threatpost.com/en_us/blogs/more-vmware-esx-source-code-posted-onl...

Team Ghostshell Allegedly Spills 2.5 M Russian Records | threatpost
http://threatpost.com/en_us/blogs/team-ghostshell-allegedly-spills-25-m-...

Apple Patches Kernel, Passcode Lock and WebKit Flaws in iOS 6.0.1 | threatpost
http://threatpost.com/en_us/blogs/apple-patches-kernel-passcode-lock-and...

Apache Server-Status Publicly Viewable on Top Sites | threatpost
http://threatpost.com/en_us/blogs/apache-server-status-publicly-viewable...

China Most Threatening Cyberspace Force, U.S. Panel Says - Bloomberg
http://www.bloomberg.com/news/2012-11-05/china-most-threatening-cyberspa...

Facebook password-bypass flaw fixed | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57544933-83/facebook-password-bypass-fl...

Hotmail Takes on Election Duties as Servers in New Jersey Crash | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/11/new-jersey-email-fai/

Hackers expose British Navy email logins - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/322232,hackers-expose-british-navy-ema...

Fraudsters launder cash though grants startup - Risk - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/322118,fraudsters-launder-cash-though-...

www.cs.unc.edu/~reiter/papers/2012/CCS.pdf
http://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf

Japanese Android developers arrested for infecting 10 million users - Hacker News , Security updates
http://thehackernews.com/2012/10/japanese-android-developers-arrested.ht...

,

The critical memory it has is really something. We need to get ourselves busy with that one. - Flemings Ultimate Garage

,

Link to Sophail: Applied attacks against Sophos Antivirus
https://lock.cmpxchg8b.com/sophailv2.pdf

Risky Business #262 -- Side channel VM crypto attacks are badass

0:00 / 0:00

Risky Business Podcast

November 02, 2012

Risky Business #261 -- Divide by zero, destroy power grid

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

We've got a great feature interview in this week's show with a computer science undergrad in the US who worked on a paper dealing with GPS security. You'll find out how you can melt down power lines with GPS haxx! Fun for the whole family!

This week's show is sponsored by Tenable Network Security. We'll be having Tenable product manager Jack Daniel on the line to talk about the death of periodical vulnerbility scanning. Apparently continuous scanning is all the rage these days!

I've spent the entire week down with the manflu, as you will probably hear, so apologies if the energy levels are down a bit this week.

Show notes

VUPEN Researchers Say They Have Zero-Day Windows 8 Exploit | threatpost
http://threatpost.com/en_us/blogs/vupen-researchers-say-they-have-zero-d...

Deloitte audit report that makes NZ government look like jerks:
http://www.msd.govt.nz/documents/about-msd-and-our-work/newsroom/media-r...

NY Post Pisses Its Pants Over Terrorism Homework; And You Should Too | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/10/terrorism-homework/

Homeland Security chief: Banks 'under attack' by hackers | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57543300-83/homeland-security-chief-ban...

Huawei looks to German security researchers for help | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57542809-83/huawei-looks-to-german-secu...

Anonymous takes aim at Zynga | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57541801-83/anonymous-takes-aim-at-zynga/

Millions of SSNs lifted from South Carolina database | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57541481-83/millions-of-ssns-lifted-fro...

Feds charge 14 with making ATM cashouts appear like one - SC Magazine
http://www.scmagazine.com/feds-charge-14-with-making-atm-cashouts-appear...

Outages hit Google App Engine, Dropbox, Tumblr, and more | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57541195-83/outages-hit-google-app-engi...

China blocks NY Times over story on leader's 'hidden fortune' | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57541137-83/china-blocks-ny-times-over-...

U.S. looks to replace human surveillance with computers | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57540826-83/u.s-looks-to-replace-human-...

Cisco Patches Vulnerabilities in Data Center and Web Conferencing Products | threatpost
http://threatpost.com/en_us/blogs/cisco-patches-vulnerabilities-data-cen...

ZeroAccess Botnet Cashing in on Click Fraud and Bitcoin Mining | threatpost
http://threatpost.com/en_us/blogs/zeroaccess-botnet-cashing-click-fraud-...

Here's the paper discussed in this week's feature interview!
http://users.ece.cmu.edu/~dbrumley/courses/18487-f12/readings/Nov28_GPS.pdf

If you enjoyed the music in this week's show, buy it!

Shop \xab Andrea Soler
http://andreasoler.com/shop/

,

Windows 8 is really good. I don't really think it will be particularly good in there. - ReputationAdvocate.com

Risky Business #261 -- Divide by zero, destroy power grid

0:00 / 0:00

Risky Business Podcast

October 26, 2012

Risky Business #260 -- News, Ducklin, Arkin and more!

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's show is brought to you by our benevolent overlords at Adobe! And this week's sponsor interview is a must listen. Adobe's director of product security and privacy Brad Arkin joins us to discuss the breach at Adobe HQ that lead to malicious binaries being signed as valid by their code signing boxes.

Yes, it's a sponsor interview but Brad does a great job at answering some tough questions about the known extent of the compromise. I found that conversation extremely interesting and I suspect you will too.

We also chat to him about some new security features in Flash Player and Reader.

Also this week we're chatting with Paul Ducklin of Sophos Australia. Duck is well known to most Risky Business listeners, he's a regular guest, and this week he's joining us to talk about a few items of interest -- Oracle's awful patching schedule, a Sony lawsuit getting tossed and some weak DKIM issues that affected Google.

Insomnia Security's Mark Piper joins us to discuss the week's news headlines. You can find links to all our news in this week's show notes.

Risky Business #260 -- News, Ducklin, Arkin and more!

0:00 / 0:00

Risky Business Podcast

October 20, 2012

Risky Business #259 -- MSDfail, Brett Moore and moooore!

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's show is being produced entirely on the ground at the Ruxcon Breakpoint security conference in my old home town of Melbourne Australia! And it's a shorter show than usual because I'm pretty busy down here producing a bunch of podcasts as a part of some joint coverage I'm doing for both Risky.Biz and The Register. If you want to check out some audio and blog posts from Breakpoint, head to http://risky.biz/breakpoint. They're not up yet, but you'll soon find some interviews with people like Barnaby Jack and Joshua Drake (jduck) there\u2026 or you can subscribe to the RB2 podcast feed at http://risky.biz/feeds if you want that content automagically.

In this week's sponsor interview we're chatting with Insomnia Security founder Brett Moore. Thanks to Insomnia security for all its support of this podcast. If you're a CSO in New Zealand and you've never had a pen test from these guys you're doing it wrong.

It's a company founded by Brett Moore and staffed by the likes of our regular news co-host Adam Boileau and his sometime fill in Mark Piper, as well as a few other guys. Brett joins us to recap Breakpoint and tell us what he thinks of the epic MSDfail in NZ. Why do organisations commission expert advice if they're just going to ignore it?

Show notes

MSD admits not acting on early system breach alerts... | Stuff.co.nz
http://www.stuff.co.nz/technology/digital-living/7826984/MSD-admits-not-...

Russian Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/10/kaspersky-operating-system/

Second LulzSec member pleads out in Sony Pictures attack - SC Magazine
http://www.scmagazine.com/second-lulzsec-member-pleads-out-in-sony-pictu...

Pentagon Hacker McKinnon Wins 10-Year Extradition Battle | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/10/mckinnon-extradition-win/

State-Sponsored Malware 'Flame' Has Smaller, More Devious Cousin | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/

WikiLeaks Goes Behind Paywall, Anonymous Cries Foul | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/10/wikileaks-paywall-anonymous/

Cyberthieves steal $400,000 from Bank of America | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57533007-83/cyberthieves-steal-$400000-from-bank-of-america/

Hackers target Fairfax holiday site Stayz, altering bank details on listings | News.com.au
http://www.news.com.au/travel/australia/hackers-target-fairfax-holiday-s...

Roxon issues discussion paper on mandatory data breach laws - Risk - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/319578,roxon-issues-discussion-paper-o...

Zero-day attacks last much longer than most would believe - SC Magazine
http://www.scmagazine.com/zero-day-attacks-last-much-longer-than-most-wo...

Pacemakers, defibrillators open to attack \u2022 The Register
http://www.theregister.co.uk/2012/10/17/pacemakers_open_to_wireless_attack/

Information Disclosure Zero-Day Discovered in Novell ZENworks | threatpost
http://threatpost.com/en_us/blogs/information-disclosure-zero-day-discov...

Oracle Patch Update to Include 109 Patches | threatpost
http://threatpost.com/en_us/blogs/oracle-patch-update-include-109-patche...

Oracle Leaves Fix for Java SE Zero Day Until February Patch Update | threatpost
http://threatpost.com/en_us/blogs/oracle-leaves-fix-java-se-zero-day-unt...

Adobe Extends Security of Reader and Acrobat With Better Sandbox, Force ASLR | threatpost
http://threatpost.com/en_us/blogs/adobe-extends-security-reader-and-acro...

Exploit Code Released Targeting Firefox 16 Vulnerability | threatpost
http://threatpost.com/en_us/blogs/exploit-code-released-targeting-firefo...

The Cactus Channel - Official Site
http://www.thecactuschannel.com/

,

The breach in the system is always there. We need to get used to it sometimes. - Mission Maids

Risky Business #259 -- MSDfail, Brett Moore and moooore!

0:00 / 0:00