Risky Business Podcast

On this week's show we chat with information security legend Dan Geer about traffic analysis and "digital exhaust".

Everything we do online produces a tonne of metadata. What can be inferred through the analysis of this metadata and who's likely to analyse it?

Part one of my chat with Dan Geer is this week's feature interview.

This week's show is sponsored by RSA Security, the security division of EMC.

So in this week's sponsor interview we're chatting with RSA's Mason Hooper about the company's 2012 Cybercrime Trends Report. Is Zeus still Zeusy? Still Godlike? We'll find out at the back of this week's show.

Adam Boileau, of course, drops in to discuss the week's news headlines.

On this week's show we're taking a look at the DMARC anti-phishing effort. we mentioned it on the news last week, but we're going to get into it properly with our good buddy Paul Ducklin. He's along after the news.

This week's show is sponsored by Tenable Network Security.

Tenable's chief executive Ron Gula will be along in this week's sponsor interview to chat about the theft of Symantec's source code. He doesn't think it's a world ender, and you know what, he's probably right! He's along after this week's feature interview.

There's also plenty of news to discuss with our news co-host Adam Boileau!

You can "like" Risky Business on Facebook here.

Find Patrick Gray on Twitter here.

Risky Business is back for 2012! This week's edition of the show is sponsored by Adobe.

And as it's our first week back we're focussing mostly on catching up on the news of the last six weeks or so. Between McAfee turning its customers into open relays -- that wound up being used by spammers -- and Symantec realising its source code walked six years ago, it's been a cracking start to the year.

Risky Business news co-host Adam Boileau joins the show to run through the key highlights of the last six weeks.

Also in this week's show, Adobe's product security chief Brad Arkin joins the show to talk about the virtues of silent patching. Brad's been on board with Adobe since 2008 and says the company has actually made progress in the product security arena. Have a listen to him and judge for yourself!

The production of this week's show did not go smoothly. My SSD died, with the entire, unedited show on it. Two people really, really helped out and saved this week's podcast.

Adam Pointon donated a couple of hours of his Tuesday evening and managed to recover the interviews from the dead drive. Massive thanks to him. Jonathan Wrigley of Xero Computing in Calrton let me use one of his display systems to finish cutting together the show.

So big, big thanks to both of them. If you live in Melbourne, by all means pop into Jonno's shop and pick up some stuff for your Mac. Enjoy the show!

This is a special summer edition of the Risky Business podcast. There's no feature interview or sponsor interview -- just Adam Boileau and Patrick Gray discussing the most interesting security news items of the last three weeks, including:

• Did Persians pwn Drones?
• Bradley Manning faces court
• HP to face printer vulnerability lawsuit
• Could the USA's SOPA law break DNSSEC?
• GlobalSign says its CA systems were never compromised
• New guidelines for issuance of SSL certs
• Microsoft to silently update IE in 2012
• Fun fact: Ukranian general arrested for online fraud
• Putin's Twitterbots drown anti-regime hashtags
• Mexican government dismantles Los Zetas' massive comms network
• CNet's Download.com bundles crapware with nmap

I thought we'd just have a bit of a fun feature for the last show of the year. It's an interview with Edith Cowan University's Peter Hannay about a presentation he did at Ruxcon back in 2010, all about turning Amazon's Kindle into a completely free internet access device that works all over the world.

That's right, no subscriber fees and 3G access in a zillion countries.

He'll tell you how you can hack your kindle to use it as a completely free USB Internet access device pretty much anywhere in the world. No more data roaming for you! W00t w00t! SSH everywhere!

Astaro's Angelo Comazzetto takes a look back on Sony's 2011 woes in this week's sponsor interview and Adam Boileau joins us, as always, to discuss the week's news.

Peter Hannay's Kindle code can be found here.

In this week's feature interview we're chatting with Google's Ben Hawkes about the risks posed to browsers by new developments in the way they handle graphics. WebGL and Flash Stage3G allow Websites easy access to graphics cards but introduces a bunch of potential security issues. What if there's a bug in your graphics card driver? Can you then exploit that through the browser?

That, for want of a better word, would be... bad.

It's a topic that's been picking up a bit of coverage over the last six months or so, but is it overhyped?

In this week's sponsor interview we're hearing from Eddie Schwartz the Chief Security Officer of RSA security. We're chatting to him about the notion that keeping attackers out of networks just isn't realistic anymore. CSOs need to cop to that fact, Eddie says, and start looking at some fresh approaches.

We have a good chat about some of the Jericho Forum's security principles [totally legit PDF], too, and how consumer devices entering the enterprise is actually driving a deperimiterisation approach to infosec.

Adam Boileau, as always, drops in for the week's news headlines!

On this week's podcast we take a look at doing some fairly unnatural things to the OS X operating system. We'll hear how to best rootkit OS X and also how messing with EFI bootloaders can be a whole bunch of fun in terms of installing persistent rootkits in PCI firmware.

That's this week's feature interview, with our buddy Loukas from Assurance.com.au.

Also this week we're joined by Tenable Network Security's product manager Jack Daniel in the sponsor interview. He'll be chatting to us all about Dan Geer's new cybersecurity research agenda.

Adam Boileau, as always, joins us to chat about the week's news.

On this week's show we're talking Near Field Communications (NFC) with New Zealand's Nick von Dadelszen.

NFC is set to become the next big thing for micropayments, alas it looks likely there's potential to conduct all sorts of mischief using NFC-equipped mobile phones like Google's Nexus S.

NFC equipped phones are RFID readers, and Nick reckons we're about six months away from being able to use them as card emulators as well. Let the fun begin!

Also this week, RSA Australia's Mason Hooper joins us to discuss Apple's decision to expel vulnerability researcher Charlie Miller from its developer program. Miller had snuck a dodgy app into the company's official appstore that was capable of running unsigned arbitrary code. Nice trick. Apple unimpressed. But did they overreact? That's this week's sponsor interview.

Adam Boileau, of course, is this week's news guest.

This week's feature guest, Michael DeGusta, has done a bit of research on this topic and found, well, Android support is even WORSE than we first thought. He turned his research into a chart that went viral. Here it is:

Also this week, Sophos Network Security's Bill Prout joins us for a chinwag about webapp security in online retail.

Adam Boileau, of course, stops in to discuss the week's news headlines.

| \t Show Player | Play in Popup | Download

In this week's feature we chat to Patrick Webster about his tangle with First State Superannuation.

This is a story we've covered on the show over the last few weeks. If you haven't heard what happened, Pat spotted a bug in First State Super's statements system, probed it, let them know 12 hours later and then wound up with the police on his door!

Since then the whole saga has turned into a pretty big deal here in Australia. The police and civil actions against Webster have both been dropped and First State Super -- and its administrator -- has wound up in a bunch of trouble.

In this week's sponsor interview we're chatting with Tenable CEO Ron Gula about a recent edict from the Securities and Exchange Commission in the USA that advises companies on what sort of cyber risks and incidents they should be disclosing in their quarterly filings. Ron has an interesting take -- initially I disagreed with him but he won me over, I hope you'll stick around for that.

Adam Boileau joins the show, as usual to discuss the week's news.