Risky Business Podcast

October 25, 2013

Risky Business #302 -- Poking the FireEye

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's show was recorded at the Ruxcon Breakpoint security conference at the Intercontinental Hotel in Melbourne. So this week's feature interview is a chat with Jonathan Brossard of Toucan Security, we're talking to him about his presentation on bypassing and generally messing with sandbox malware scanners. Poking the FireEye! That's a fun chat.

This week's show is brought to you by HackLabs, the Australian penetration testing firm. So in this week's sponsor interview we chat with HackLabs head honcho Chris Gatford about an early implementation of an over-the-'net NFC authentication scheme developed by IBM Switzerland. Will it catch on? That's coming up a bit later.

Show notes

Intelligence chief: Le Monde's allegations against NSA 'false' | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57608909-83/intelligence-chief-le-monde...

German chancellor Angela Merkel says US spying is an unacceptable breach of trust - ABC News (Australian Broadcasting Corporation):
http://www.abc.net.au/news/2013-10-25/angela-merkel-obama-nsa-spying-spi...

Inside Julian Assange's Alleged Plot to Steal The Fifth Estate Book | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/assange-house/

LinkedIn Intro App a Man in the Middle Attack | Threatpost | The First Stop For Security News:
http://threatpost.com/linkedin-intro-app-equivalent-to-man-in-the-middle...

DARPA Cyber Grand Challenge Offers $2M to Winners | Threatpost | The First Stop For Security News:
http://threatpost.com/darpa-contest-to-pay-2m-for-automated-network-defe...

Google Ideas aids online rebels with digital defenses | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57608525-83/google-ideas-aids-online-re...

Real-world 'Do Not Track' coming to retail stores | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57608726-83/real-world-do-not-track-com...

FBstalker Does Data Mining on Facebook Graph Search | Threatpost | The First Stop For Security News:
http://threatpost.com/fbstalker-automates-facebook-graph-search-data-min...

Experian Sold Consumer Data to ID Theft Service - Krebs on Security:
http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-the...

Apple reasserts claim it doesn't want to spy on your iMessages | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57608139-83/apple-reasserts-claim-it-do...

Snoopy Project mobile tracking and intelligence grows up | Threatpost | The First Stop For Security News:
http://threatpost.com/snoopy-mobile-tracking-profiling-project-gets-a-bo...

7 Eastern Europeans Indicted in Multimillion-Dollar eBay Fraud Scheme | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/romanians-indicted-cyber-fraud/

Report: UN Nuclear Regulator Infected with Malware | Threatpost | The First Stop For Security News:
http://threatpost.com/report-un-nuclear-regulator-infected-with-malware/...

Safari matches rivals with sandboxed Flash for better security | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57609053-83/safari-matches-rivals-with-...

Months Later, EAS Equipment Still Vulnerable to SSH Bugs | Threatpost | The First Stop For Security News:
http://threatpost.com/months-later-eas-equipment-still-vulnerable/102647

Google, FireEye Demand Change from Vulna Ad Network | Threatpost | The First Stop For Security News:
http://threatpost.com/overzealous-android-vulna-ad-network-put-in-its-pl...

ProSoft Technology RadioLinx ControlScape PRNG vulnerability | Threatpost | The First Stop For Security News:
http://threatpost.com/weak-key-generation-plagues-wireless-industrial-au...

Cisco Fixes DoS, Remote Code Execution Bugs in Six Products | Threatpost | The First Stop For Security News:
http://threatpost.com/cisco-fixes-dos-remote-code-execution-bugs-in-six-...

Apple Patches Fix More Than 100 Vulnerabilities | Threatpost | The First Stop For Security News:
http://threatpost.com/apple-patches-fix-more-than-100-vulnerabilities/10...

Critical NETGEAR ReadyNAS Frontview security vulnerability | Threatpost | The First Stop For Security News:
http://threatpost.com/netgear-readynas-storage-vulnerable-to-serious-com...

Simple Bug Exposed Verizon Wireless Users' SMS History | Threatpost | The First Stop For Security News:
http://threatpost.com/simple-bug-exposed-verizon-wireless-users-sms-hist...

[Syscan360 2013] Brossard Jonathan:
http://www.slideshare.net/endrazine/syscan360-2013

,

It is always like that. When people claim something, we all say it is not true. - Kris Krohn Strongbrook

Risky Business #302 -- Poking the FireEye

0:00 / 48:49

Risky Business Podcast

October 18, 2013

Risky Business #301 -- Hack your way to the top of the charts

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

On this week's show we're having a chat with Peter Fillmore about his upcoming talk at Ruxcon. It's all about gaming online music services like Rdio and Spotify. We've heard of clickfraud, but it's time to get ready for streamfraud!

Also this week we're chatting with the CEO of Swiss company ID Quantique about quantum random number generators. With recent revelations that NIST-backed RNGs might have been subverted by the NSA, it seems interest in quantum-based technology is hitting fever pitch.

In fact ID Quantique just raised US$5.6m in funding to expand its operations.

Show notes

NSA collects millions of e-mail address books globally - The Washington Post:
http://www.washingtonpost.com/world/national-security/nsa-collects-milli...

NSA report says Aust spooks swiped 311,113 contacts in one day - Messaging - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360603,nsa-report-says-aust-spooks-swi...

How to Design - And Defend Against - The Perfect Security Backdoor | Wired Opinion | Wired.com:
http://www.wired.com/opinion/2013/10/how-to-design-and-defend-against-th...

Feds Sued for Hiding NSA Spying From Terror Defendants | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/fisa-amendments-act-concealing/

NSA tool may track burner mobiles - Applications - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360571,nsa-tool-may-track-burner-mobil...

Feds Demand Supreme Court Thwart Challenge to NSA Phone Spying | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/scotus-nsa-phone-metadata/

NSA Leaks Prompt Rethinking of U.S. Control Over the Internet's Infrastructure | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/global-net-infrastructure/

NSA phone taps deterred a 'few' terrorists, not 54 - Networks - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360842,nsa-phone-taps-deterred-a-few-t...

NSA chief tightens up retirement plans | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607864-83/nsa-chief-tightens-up-retir...

Lavabit to reopen briefly to allow former clients to retrieve data | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607490-83/lavabit-to-reopen-briefly-t...

Yahoo Mail finally turns on SSL | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607486-83/yahoo-mail-finally-turns-on...

Stallman: How Much Surveillance Can Democracy Withstand? | Wired Opinion | Wired.com:
http://www.wired.com/opinion/2013/10/a-necessary-evil-what-it-takes-for-...

Metasploit Registrar Duped by Social Engineering, Not Fax | Threatpost:
http://threatpost.com/registrar-in-metasploit-dns-hijacking-not-duped-by...

Apple iMessage Open to Man in the Middle, Spoofing Attacks | Threatpost:
http://threatpost.com/apple-imessage-open-to-man-in-the-middle-spoofing-...

Snapchat Complies with Govt., Sends Images to Law Enforcement | Threatpost:
http://threatpost.com/snapchat-complies-with-government-requests-sends-i...

35,000 sites including Fortune 1000 hacked via nasty vBulletin hole - Applications - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360840,35000-sites-including-fortune-1...

MPAA Claims Victory as File-Sharing Service IsoHunt Shuts Down | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/isohunt-shutters/

Compromised certs spread email and browser -jacking malware - Web/client - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360841,compromised-certs-spread-email-...

Indonesia tops China as source of Internet attacks | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607917-83/indonesia-tops-china-as-sou...

Google Fixes Three High-Risk Flaws in Chrome | Threatpost:
http://threatpost.com/google-fixes-three-high-risk-flaws-in-chrome/102586

Researchers Uncover Holes That Open Power Stations to Hacking | Threat Level | Wired.com:
http://www.wired.com/threatlevel/2013/10/ics/

51 Java holes patched - Applications - SC Magazine Australia - Secure Business Intelligence:
http://www.scmagazine.com.au/News/360843,51-java-holes-patched.aspx

D-Link Planning to Patch Router Backdoor Bug | Threatpost:
http://threatpost.com/d-link-planning-to-patch-router-backdoor-bug/102581

Quantum-mechanics security firm nabs $5.6M investment | Security & Privacy - CNET News:
http://news.cnet.com/8301-1009_3-57607540-83/quantum-mechanics-security-firm-nabs-$5.6m-investment/

Senetas:
http://www.senetas.com/

JaFFer - Artist - triple j Unearthed - free music | new Australian music | independent music:
http://www.triplejunearthed.com.au/artists/view.aspx?artistid=48312

,

The NSA is snooping with our emails, that is for sure. That seems to be a creepy move from them. - Sandra Dyche

Risky Business #301 -- Hack your way to the top of the charts

0:00 / 50:12

Risky Business Podcast

October 11, 2013

Risky business #300 -- Will there be more Silk Roads?

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

On this week's show we're chatting with The Grugq about the takedown of Silk Road. How was the service located and taken down?

Also this week, Tenable Network Security CSO Marcus Ranum joins us in the sponsor slot to discuss the proposition that the Internet is, in his words, a US colony. Could we see a balkanisation of the 'net?

Adam Boileau, as always, joins us for the week's news segment. Show notes and links are here.

Risky business #300 -- Will there be more Silk Roads?

0:00 / 67:51

Risky Business Podcast

October 04, 2013

Risky Business #299 -- Christopher Boyce on the CIA's betrayal of Australia

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's show will feature part two of my interview with convicted spy Christopher Boyce. He went on a one man mission to damage his country's military and intelligence apparatus in the 70s. He says he did it because the US was undermining the democratically elected government of Australia.

So this week we go back to the 70s with Chris Boyce to chat about the Whitlam years. Australian Prime Minister Gough Whitlam lost government in 1975 when the Australian senate blocked budget supply and caused a shutdown of the federal government. Sound familiar? That's coming up after the news.

This week's show is brought to you Adobe, and man, they've had a rough week. We don't have Brad Arkin in this week's sponsor slot because he's busy dealing with a crisis over there, but we DO have an interview with Karthik Raman, a security researcher at Adobe who'll be talking about how Adobe runs its secure product lifecycle program.

Mark Piper is filling in for Adam Boileau in this week's news segment. Find links to what we discuss here.

Risky Business #299 -- Christopher Boyce on the CIA's betrayal of Australia

0:00 / 51:39

Risky Business Podcast

September 27, 2013

Risky Business #298 -- With feature guest Christopher Boyce

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

We've got a great feature interview for you all this week. We're chatting with convicted spy, prison escapee and bank robber Christopher Boyce, aka The Falcon. We speak to him about the changing face of espionage; Wikileaks, Manning, Snowden and the radically changed world that awaited him when he walked out of prison.

This week's show is brought to you by Context Information Security, and in this week's sponsor interview we're chatting with Context consultant Paul Stone about the research he presented at the most recent BlackHat USA conference in Vegas. It picked up a lot of buzz -- his was the talk about doing pixel-by-pixel screen scraping with html5-based timing attacks.

It's ingenious stuff, that's a cracker interview, so big thanks again to Context IS for sponsoring this week's show.

Show notes

British Spy Agency GCHQ Hacked Belgian Telecoms Firm - SPIEGEL ONLINE
http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacke...

SPIEGEL Exclusive: NSA Spies on International Bank Transactions - SPIEGEL ONLINE
http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on...

RSA Tells Its Developer Customers: Stop Using NSA-Linked Algorithm | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/

How a Crypto 'Backdoor' Pitted the Tech World Against the NSA | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-backdoor/

NSA Bought Exploit Service From VUPEN, Contract Shows | Threatpost
http://threatpost.com/nsa-bought-exploit-service-from-vupen-contract-sho...

Congress unveils bill to limit NSA's powers | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57604756-83/congress-unveils-bill-to-li...

Kim Dotcom sues New Zealand over electronic snooping | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57602815-83/kim-dotcom-sues-new-zealand...

Dropbox Requests National Security Letter Transparency | Threatpost
http://threatpost.com/dropbox-argues-to-publish-number-of-national-secur...

Google's Gmail Keyword Scanning Might Violate Wiretap Law, Judge Finds | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/gmail-wiretap-ruling/

Data Broker Giants Hacked by ID Theft Service - Krebs on Security
http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft...

Researchers Build Undetectable Dopant Hardware Trojans | Threatpost
http://threatpost.com/researchers-develop-undetectable-hardware-trojans/...

Research detects dangerous malware hiding in peripherals - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/358265,research-detects-dangerous-malw...

BEAST Cryptographic Attack Mitigations Overturned | Threatpost
http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308

Pirate Bay Co-Founder's Sentence Is Reduced - WSJ.com
http://online.wsj.com/article/SB1000142405270230379640457909709168768263...

German Hackers Say They Cracked iPhone's New Fingerprint Scanner | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/iphone-fingerprint-cracked/

Google to Block Many Plug-Ins Starting in 2014 | Threatpost
http://threatpost.com/google-to-block-many-plug-ins-starting-in-2014/102393

iMessage Chat app for Android Worries Security Experts | Threatpost
http://threatpost.com/steer-clear-of-android-imessage-app-experts-say/10...

Yahoo recycled ID users warn of security risk | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57604441-83/yahoo-recycled-id-users-war...

Sefnit Click-Fraud Malware Related to Mevade Tor Botnet | Threatpost
http://threatpost.com/stealthy-new-click-fraud-malware-related-to-tor-bo...

Microsoft Warns of New IE Zero Day | Threatpost
http://threatpost.com/microsoft-warns-of-new-ie-zero-day/102327

IE Zero Day Used in Targeted Attacks Against Japanese Firms | Threatpost
http://threatpost.com/compromised-japanese-media-sites-serving-exploits-...

ICS Vendor Fixes Hard-Coded Credential Bugs Nearly Two Years After Advisory | Threatpost
http://threatpost.com/ics-vendor-fixes-hard-coded-credential-bugs-nearly...

Apple's iOS 7 Update Fixes 80 Security Bugs | Threatpost
http://threatpost.com/apples-ios-7-update-fixes-80-security-bugs/102356

Apple Releases Apple TV 6.0, Fixes 50+ Bugs | Threatpost
http://threatpost.com/after-botched-update-apple-releases-apple-tv-6-0-f...

Some Versions of Ruby on Rails Could Expose Cookies | Threatpost
http://threatpost.com/security-issue-in-ruby-on-rails-could-expose-cooki...

Apache Upgrade Repairs Struts, Fixes Two Vulnerabilities | Threatpost
http://threatpost.com/apache-upgrade-repairs-struts-fixes-two-vulnerabil...

Cisco IOS Update Patches Eight Vulnerabilities | Threatpost
http://threatpost.com/cisco-ios-update-patches-eight-vulnerabilities/102436

Facebook Android Bug Sent Users' Photos in the Clear | Threatpost
http://threatpost.com/facebook-android-bug-sent-users-photos-in-the-clea...

\u25b6 (2000) David Bowie / This is not America ~ Absolute Beginners (2/5) - YouTube
http://www.youtube.com/watch?v=n_bzqyu_4N0

www.contextis.com/files/Browser_Timing_Attacks.pdf
http://www.contextis.com/files/Browser_Timing_Attacks.pdf

,

The Belgians were surprised that they were hacked. They never thought that this could be possible until now. - Kris Krohn

Risky Business #298 -- With feature guest Christopher Boyce

0:00 / 67:23

Risky Business Podcast

September 20, 2013

Risky Business #297 -- Matthew Green tells his story

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's show, like last week's, is a bit different. I am still moving house, which includes moving the Risky Business office and studio, but everything should be back to normal next week.

So there's no news segment in this week's show, but we have two great feature interviews with academic cryptographers. The first is with Johns Hopkins University's Matthew Green who was actually asked to remove a blog post critical of the NSA from the university's servers last week, leading to a massive controversy. We're going to get his side of the story, that's a great chat.

Peter Gutmann of the University of Auckland also joins us in this week's podcast. He's another well-known crypto academic and I'll be getting his thoughts on the NSA's covert program to subvert public crypto.

I cover some of the same ground with Peter as I do with Matthew, but as you'll hear they have slightly different perspectives on these things.

This week's show is brought to you by Tenable Network Security, makers of fine, fine vulnerability scanning software.

And you know what? The vuln scanning world has changed pretty substantially in the last 5-10 years. You used to use vuln scanners to prioritise which of your awfully out of date windows boxes you'd patch.

But these days you're more likely to use that stuff to find boxes that simply aren't managed. Ron joins us to talk about that.

Risky Business #297 -- Matthew Green tells his story

0:00 / 43:40

Risky Business Podcast

September 13, 2013

Risky Business #296 -- Chilling effect in full swing

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's show is a shorter one -- there's no feature interview for two reasons. The first is that I'm in the process of moving house, which includes moving my office and studio, so I'm dealing with house painters, bond cleaners and a million other things. But the second reason is because the person I had wanted to interview has been silenced.

I had reached out to Matthew Green, a cryptography researcher at Johns Hopkins University, to do an interview about last week's stunning revelations about the NSA undermining public cryptography standards. Matthew has done some great blog posts on that topic. I tweeted. No response. I emailed. No response. I called. No response.

Then I realised the likely reason why. The university had actually demanded he remove one of the blog posts -- possibly at the behest of the NSA -- in an utterly disgraceful violation of academic freedom. We'll find out more about that in the news segment.

This week's show is brought to you by HackLabs, the Australian security consultancy. And HackLabs head honcho Chris Gatford joins the show to have a chat about the Syrian Electronic Army. Will the SEA stimulate the same type of security spend that LulzSec triggered in 2011? Chris says they probably won't, mostly because the SEA just isn't mysterious and enigmatic enough to intrigue the media.

Adam Boileau joins us for an epic news segment that is mostly concerned with giving the NSA a big can of FU. You can find links to the stories discussed here.

Risky Business #296 -- Chilling effect in full swing

0:00 / 50:31

Risky Business Podcast

September 06, 2013

Risky Business #295 -- Behind Arbor's Packetloop acquisition

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

In this week's show we're taking a look at Arbor Networks' acquisition of Packetloop, a two-year-old Australian start up that makes big data security analytics software. You'd think that Arbor would want to move the company to the USA, but that's not what's happened in this case. Packetloop co-founder Michael Baker joins the show to fill us in.

This week's show is brought to you by the fine folks at Adobe Systems. And in this week's sponsor interview Adobe CSO Brad Arkin joins the podcast to talk about how he manages the security aspect of all the different cloud technologies various arms of the company use. It's a situation made infinitely more complicated by Adobe's habit of buying software companies at a rate of something like one a month. Not surprisingly, some of these acquired companies can leave a little to be desired in the security department. How does the Adobe security team bring these new services into the fold?

Show notes

The NSA's Secret Campaign to Crack, Undermine Internet Encryption - ProPublica
http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-unde...

Patriot Act Author Says NSA Is Abusing Spy Law | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-abusing-patriot-act/

NRA joins ACLU in suit against NSA's surveillance program | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601445-83/nra-joins-aclu-in-suit-agai...

Government to Release Hundreds of Documents Related to NSA Surveillance | Threatpost
http://threatpost.com/government-to-release-hundreds-of-documents-relate...

NSA Laughs at PCs, Prefers Hacking Routers and Switches | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/

What Exactly Are the NSA's 'Groundbreaking Cryptanalytic Capabilities'? | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-n...

Developers Scramble to Build NSA-Proof Email | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/the-scramble-to-build-encryption/

Facebook flaw allowed hackers to delete posted photos | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600991-83/facebook-flaw-allowed-hacke...

Russia Issues International Travel Advisory to Its Hackers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/dont-leave-home/

Aussie linked to US Govt supercomputer hack - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355480,aussie-linked-to-us-govt-superc...

Symantec source code hack lawsuit dismissed - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355201,symantec-source-code-hack-lawsu...

California Abruptly Drops Plan to Implant RFID Chips in Driver's Licenses | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/09/drivers-license-rfid-chips/

Huge Botnet Found Using Tor Network for Communications | Threatpost
http://threatpost.com/huge-botnet-found-using-tor-network-for-communicat...

Obad Trojan First to Spread Via Mobile Botnet | Threatpost
http://threatpost.com/obad-trojan-first-to-spread-via-mobile-botnet/102184

Hand of Thief Linux Banking Trojan Not Ready For Primetime | Threatpost
http://threatpost.com/hand-of-thief-trojan-not-ready-for-primetime/102159

NetTraveler Now Using Java Exploits, Watering Hole Attacks | Threatpost
http://threatpost.com/nettraveler-variant-adds-java-exploits-watering-ho...

FTC and TrendNet settle claim over hacked security cameras | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601430-83/ftc-and-trendnet-settle-cla...

Syrian Electronic Army Denies New Data Leaks - Krebs on Security
http://krebsonsecurity.com/2013/08/syrian-electronic-army-denies-new-dat...

Updated: Coalition backflips on proof of age net filter - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355904,updated-coalition-backflips-on-...

Update to Bitcoin Client Fixes DoS Bug, Password Strength | Threatpost
http://threatpost.com/update-to-bitcoin-client-fixes-dos-bug-password-st...

Windows 8 Picture Gesture Authentication Research | Threatpost
http://threatpost.com/picture-based-password-schemes-have-their-weakness...

Apple Safari Vulnerable to Buffer Overflow Exploit | Threatpost
http://threatpost.com/public-exploit-available-for-patched-safari-bug/10...

Watchwatch-like Heartbeat Monitor to Replace Passwords | Threatpost
http://threatpost.com/watch-like-heartbeat-monitor-seeks-to-replace-pass...

Researchers: Oracle's Java Security Fails - Krebs on Security
http://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/

Cisco Issues Four Security Advisories | Threatpost
http://threatpost.com/cisco-warns-users-of-four-vulnerabilities/102158

Samsung to build Lookout into KNOX protection | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57601382-83/samsung-to-build-lookout-in...

Office, SharePoint Patches Await September Patch Tuesday | Threatpost
http://threatpost.com/critical-office-sharepoint-patches-await-september...

Sydney's Bugcrowd raises $1.6 million - Risk - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355761,sydneys-bugcrowd-raises-16-mill...

Arbor Networks buys Sydney startup PacketLoop - Cloud - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/355620,arbor-networks-buys-sydney-star...

Packetloop
https://www.packetloop.com//

SoundCloud - Hear the world's sounds
https://soundcloud.com/lawrence-kennedy/sonny/s-AM7Jg

,

That is one risky business right there. If you have that one, then it will be great. - Roger Stanton

Risky Business #295 -- Behind Arbor's Packetloop acquisition

0:00 / 62:04

Risky Business Podcast

August 30, 2013

Risky Business #294 -- Five Eyes fights terrorists! (And MegaUpload.)

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

We've got a pretty heavily spook-themed show for you this week. The feature interview is with New Zealand-based blogger and writer Keith Ng. He was trawling the Kim Dotcom affidavits in New Zealand and noticed that documents pertaining to the illegal GCSB surveillance on Mr. Dotcom had Five Eyes stamped all over them.

So, err, it looks like the surveillance apparatus established by five eyes to combat national security threats and terrorism was used indirectly by the NZ police force to spy on a guy over a copyright case. Interesting stuff.

And Senetas co-founder and CTO Julian Fay joins in this week's sponsor interview to a chat about the types of demands customers are making in the wake of Edward Snowden's leaks. Traffic analysis is king!

Adam Boileau, as usual, stops in to discuss the week's news headlines.

Show notes

These are the show notes for episode 294 of Risky Business

Tech Companies and Government May Soon Go to War Over Surveillance | Wired Opinion | Wired.com
http://www.wired.com/opinion/2013/08/stop-clumping-tech-companies-in-wit...

NSA seeks 'groundbreaking' spying powers, new leak reveals | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600647-83/nsa-seeks-groundbreaking-sp...

Internet Giants Got Millions From Taxpayers to Cover PRISM Spying Costs | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/millions-paid-prism-compliance/

Facebook Gave 38K Users' Data to Governments in 6 Months | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/facebook-divulged-user-data/

US intercepted UN comms: report - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354652,us-intercepted-un-comms-report....

School district hires company to follow kids' Facebook, Twitter | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600251-83/school-district-hires-compa...

German government denies Windows 'back door' claims | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599735-83/german-government-denies-wi...

Open Secret About Google's Surveillance Case No Longer Secret - Digits - WSJ
http://blogs.wsj.com/digits/2013/08/26/open-secret-about-googles-surveil...

My Dinner With NSA Director Keith Alexander - Forbes
http://www.forbes.com/sites/jennifergranick/2013/08/22/my-dinner-with-ge...

Melbourne IT compromise redirects NY Times, HuffPo readers - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354935,melbourne-it-compromise-redirec...

Who Built the Syrian Electronic Army? - Krebs on Security
http://krebsonsecurity.com/2013/08/who-built-the-syrian-electronic-army/

China's Internet hit by DDoS attack; sites down for hours | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57600083-83/chinas-internet-hit-by-ddos...

Google Palestine domain hacked - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354811,google-palestine-domain-hacked....

LulzSec hacker Sabu's sentencing delayed - Hackers - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354643,lulzsec-hacker-sabus-sentencing...

Hacker Pleads Guilty to Selling FBI Access to U.S. Supercomputers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/hacker-super-computer-access/

Firefox Extension HTTP Nowhere Allows Users to Surf in Encrypted-Only Mode | Threatpost
http://threatpost.com/firefox-extension-http-nowhere-allows-users-to-bro...

Arabic Text String Crashes iOS, Mac OS X | Threatpost
http://threatpost.com/arabic-text-string-taking-down-apps-clients-browse...

Metasploit Module Adds Sudo Vulnerability for OS X | Threatpost
http://threatpost.com/metasploit-module-adds-sudo-vulnerability-for-os-x...

Phone Hack Could Block Messages, Calls on GSM Networks | Threatpost
http://threatpost.com/phone-hack-could-block-messages-calls-on-some-mobi...

New Mozilla Plug-N-Hack Tool Integrates Browsers and Security Tools | Threatpost
http://threatpost.com/mozilla-plug-n-hack-integrates-browsers-and-securi...

Ransomware snares victims with NSA PRISM ruse - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/354787,ransomware-snares-victims-with-...

VMware Patches Root Privilege-Escalation Flaw | Threatpost
http://threatpost.com/vmware-patches-root-privilege-escalation-flaw/102067

Remote Unauthenticated Bug Haunts Cisco ACS Server | Threatpost
http://threatpost.com/remote-unauthenticated-bug-haunts-cisco-acs-server...

Opera 16 Fixes Bugs, Improves HTML5 Performance | Threatpost
http://threatpost.com/opera-16-fixes-bugs-improves-html5-performance/102129

Another Java 6 Vulnerability Found in the Wild | Threatpost
http://threatpost.com/java-6-zero-day-a-reminder-to-upgrade-browser-plug...

OnPoint \u2022 Public Address
http://publicaddress.net/onpoint/

Midnight Oil - Dreamworld - YouTube
http://www.youtube.com/watch?v=OcKcjpSWmm0

,

That is one serious stuff right there. I guess that would be the thing we all are concerned of. - Adam LaFavre

Risky Business #294 -- Five Eyes fights terrorists! (And MegaUpload.)

0:00 / 52:28

Risky Business Podcast

August 23, 2013

Risky Business #293 -- Phishing for (whitehat) fun and profit

Presented by

Patrick Gray

CEO and Publisher

Adam Boileau

Technology Editor

This week's feature guest is Haroon Meer of Thinkst Applied Research. He's launched an awesome new site called Phish5.com that allows sysadmins and security consultants to automate phishing campaigns against their own networks and clients.

It's a brilliant idea and well executed.

This week's show is brought to you by the fine folks at Microsoft, and we chat with Microsoft's Jerry Bryant later on about the expansion of the company's MAPP program. If you're an incident responder you really want to hear about this -- you can now submit suspect samples to Microsoft and they'll inspect them for 0day. World-class triage at your fingertips.

Show notes

The following stories were discussed in episode 293 of the Risky Business podcast.

Bradley Manning Sentenced to 35 Years in Prison | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/bradley-manning-sentenced/

BBC News - Bradley Manning: 'I am a woman named Chelsea'
http://www.bbc.co.uk/news/world-us-canada-23798253

Julian Assange's WikiLeaks Party running mate Leslie Cannold quits
http://www.theage.com.au/federal-politics/federal-election-2013/julian-a...

Statement of Resignation from Wikileaks Party National Council at Dan's blog
http://danielmathews.info/blog/2013/08/statement-of-resignation-from-wik...

Security Community Raises Money for Researcher Snubbed by Facebook Bounty Program | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/researcher-denied-facebook-bounty/

Twitter OAuth Data Leaked From Third-Party App | Threatpost
http://threatpost.com/twitter-oauth-data-leaked-from-third-party-app/102035

NSA Broke Privacy Rules Thousands of Times, Contrary to Official Claims | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nsa-violated-privacy-rules/

Declassified 2011 FISC Opinion Shows Court Found Some NSA Surveillance Unconstitutional | Threatpost
http://threatpost.com/declassified-2011-fisc-opinion-shows-court-found-s...

China eyes IBM, Oracle, EMC over possible security issues | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57598827-83/china-eyes-ibm-oracle-emc-o...

U.K. Ordered Guardian to Destroy Snowden Files Because Its Servers Weren't Secure | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/guardian-snowden-files-destroyed/

FDA Issues Recommendations on the Security of Wireless Medical Devices | Threatpost
http://threatpost.com/fda-issues-recommendations-on-the-security-of-wire...

NSA and Intelligence Community turn to Tumblr -- weird but true | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599622-83/nsa-and-intelligence-commun...

Scanning the Internet in 45 Minutes | Threatpost
http://threatpost.com/scanning-the-internet-in-45-minutes/102025

Nasdaq Stock Exchange Goes Dark After Tech Glitch | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nasdaq-outage/

IP Cloaking Violates Computer Fraud and Abuse Act, Judge Rules | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/ip-cloaking-cfaa/

Prison Computer 'Glitch' Blamed for Opening Cell Doors in Maximum-Security Wing | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/computer-prison-door-mishap/

Cybercrooks use DDoS attacks to mask theft of banks' millions | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599646-83/cybercrooks-use-ddos-attack...

How Not to DDoS Your Former Employer - Krebs on Security
http://krebsonsecurity.com/2013/08/how-not-to-ddos-your-former-employer/

Joburg billing leak not a hack: whistle blower
http://businesstech.co.za/news/government/44593/joburg-billing-leak-not-...

Google, Mozilla Considering Limiting Certificate Validity to 60 Months | Threatpost
http://threatpost.com/google-mozilla-considering-limiting-certificate-va...

League of Legends is hacked, with crucial user info accessed | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599450-83/league-of-legends-is-hacked...

Google Chrome 29 Fixes 25 Vulnerabilities | Threatpost
http://threatpost.com/google-chrome-29-fixes-25-vulnerabilities/102038

Microsoft Reissues MS13-066 Windows Server Patch | Threatpost
http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/1...

Jumping Out of IE's Sandbox With One Click | Threatpost
http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054

Cisco Patches DoS, Buffer Overflow Vulnerabilities in UCM | Threatpost
http://threatpost.com/cisco-patches-dos-buffer-overflow-vulnerabilities-...

IT Security News, Security Product Reviews and Opinion - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/

Phish5 - Phish your company in five easy steps
https://phish5.com/

Microsoft Extends MAPP To Incident Responders And Offers Free Online
http://www.darkreading.com/vulnerability/microsoft-extends-mapp-to-incid...

The Bombay Royale
http://thebombayroyale.com/index.html

,

The notes are really good. If you can read it, then that would be better. - Roger Stanton

Risky Business #293 -- Phishing for (whitehat) fun and profit

0:00 / 61:04