Risky Business Podcast

Risky Business is back for 2010!

On this week's program we chat with information security legend Dan Geer.\t

Dan's the Chief Information Security Officer for In-Q-Tel, which is, in essence, the technology investment arm of the CIA. He's not appearing in Risky Business is his capacity as an In-Q-Tel employee, however, he joins us as a veteran of the information security industry.

Dan helped create Kerberos during his tie with project Athena at MIT and was the chief technology officer at @Stake for a time.

He's joining us to discuss his prediction of a decline in the popularity of general-purpose computers and the rise of tightly controlled devices like Apple's iPad.

Later on we'll be joined by another veteran, Ron Gula, the chief executive of Tenable Network Security, our sponsor. Ron's popping in to have a bit of a chat about the great big hairy attack on Google.

First, as always, we'll cover the news headlines with our regular guest Adam Boileau.

This week's edition of Risky Business is brought to you by Check Point Software.

It's our last episode for the year -- Risky Business will be back in February 2010.

Until then, here's our year in review special. It's a light hearted look back on 2009, the year that was.

Check Point's Steve MacDonald stops by for this week's sponsor interview.

This week's episode of Risky Business is the second last for the year!

In this week's feature interview we're chatting with Neal Wise about his "one finger punch".

Neal's done some really interesting work in hacking Cisco firmware and the exploit he's developed is literally a two word command that gives you unrestricted access to a whole bunch of Cisco kit. It's not a massive story or anything. It's just funny.

Tenable Network Security's CEO Ron Gula pops along for this week's sponsor interview. He recently keynoted the SANS Incident Detection Summit. Incident response is its own field with its own quirks and Ron wound up having some very interesting conversations with the other attendees. So I got him on the line and asked him to recap the event for us.

Adam Boileau, as always, is this week's news guest.

This week's show is brought to you by the fine folks at Sophos.

This week we're looking at what the mainstream media is calling "climategate".

As world leaders meet in Copenhagen to try to hammer out a coordinated response to global warming, the blogosphere and indeed the mainstream press are all in a tizz over thousands of hacked e-mails from the Climate Research Unit of the University of East Anglia.

In all 13 years of e-mails were stolen from the CRU and leaked online, with some of the e-mails appearing to show scientists manipulating data to exaggerate warming. For their part, scientists say those e-mails have been taken out of context.

Either way, climategate has given climate sceptics a boost leading into Copenhagen, and as you'll hear, the scandal has certainly muddied the climate agenda at a critical time.

So we'll be chatting with scientist and climate change expert Professor Ian Enting from the University of Melbourne about climategate and its impact on the scientific community.

We'll also be having a chinwag with Paul Craig of Security-Assessment.com in New Zealand. Paul has done a whole bunch of research into hacking scientific software -- stuff like fluid dynamics packages, circuit modelling software and even chemistry modelling software. As it turns out, not many people have looked for bugs in this stuff, and they're everywhere. So it's our "hacking scientists" special edition of Risky Business this week.

Paul Ducklin will also be along later in the show for this week's sponsor interview. We'll be talking about that research into English language shellcode.

And Adam Boileau is this week's news guest!

This week's show is a bit different -- we're giving you a double dose of our regular guest Adam Boileau.

Following Kiwicon last weekend I checked in to Chez Boileau for a few nights, so we were able to do the news in his kitchen before I buggered off back to Australia.

While I was there we also had a chat about Kiwicon and discussed some of the presentations we saw. Adam is a key organiser of Kiwicon so it made sense to discuss it with him. Topics covered include GPS security, shared hosting insecurity, Linux kernel rootkit detection, hacking scientists and much, much more.

Coincidentally Check Point's Steve MacDonald was in Wellington when I was, so we caught up for a beer and did this week's sponsor interview in the flesh. The topic was Microsoft's decision to start advising customers to ditch IE6.

In the same statement the company advised its clients to stop licking batteries and filling their petrol tanks with sugar.

This week's show is brought to you by Microsoft.

We've got a couple of great stories in this week's show. We'll be chatting with our semi regular guest Adam Pointon, who's taken a bit of a look through the leaked 911 pager messages that popped up on Wikileaks overnight.

While everyone's been trawling through them looking for evidence that the aliens did it, Adam's been taking a look at the automatically generated messages that network equipment was sending out. It's interesting stuff.

We'll also check in with Mikhail Davidov from Leviathan Security in the USA. They've made the SSL/TLS flaw you've been hearing about MUCH more practical and they've written code that will let you -- yes, you -- perform a channel downgrade attack.

Adam Boileau is this week's news guest, and we're joined by Microsoft's Stuart Strathdee in this week's sponsor interview.

We've got two feature interviews in this week's show. We'll be chatting with Security-Assessment.com's Carl Purvis, who's found a way to man-in-the-middle ADSL connections by spending only $1,000 on kit. Want to own a branch office of a major corporation? No problem!

Carl's due to give a talk at the upcoming Kiwicon conference in which he'll show everyone how it's done, so the interview's a bit of a preview.

We'll also check in very briefly with Assurance.com.au's Oliver Greiter, who's been having a lot of fun with Microsoft's ActiveSync. He'll also be presenting his findings in a lightning talk at Kiwicon.

This week's episode is sponsored by Microsoft, and the company's strategic security advisor, Stuart Strathdee joins us for an interview about the company's latest Security Intelligence Report in this week's sponsor interview.

Adam Boileau is this week's news guest.

Sponsor RB's Movember Team here.

Follow RB on Twitter here.

This week's feature guest is the creator of the iPhone worm, Ashley Towns, aka Ikee. This guy is either a cheeky kid or a cyber terrorist, depending on who you ask, and yup -- we've got him on the show.

We also check in with Paul Ducklin of Sophos in this week's sponsor interview. You've never heard two interviews that clash more, it's hilarious.

In one corner is the heavily pierced kid from Wollongong with the funny haircut, in the other is the middle aged AV guy who's a real stickler for the rules.

It's the naughty kid versus the school principal, both interviewed about the same series of events.

We're also joined by Adam Boileau for a discussion of the week's news.

This week's show is sponsored by the wonderful people from Tenable Network Security.

This week's feature interview is with Chris Disspain, the CEO of Australia's domain name regulator auDA.

This week we're discussing the move to Cyrillic domain names -- some media commentators have gone a bit berserk on this one, saying that the move will introduce massive risks because people will be able to do phishing campaigns with domains made up partially of Cyrillic characters.

Chris will be along to talk about why he thinks that's wrong.

We're also joined by Tenable Network Security's CEO Ron Gula in this week's sponsor interview. Ron gives us his take on Rapid7's acquisition of Metasploit.

Adam Boileau also pops in for a look at the week's news headlines.

PLEASE NOTE: We're having some technical problems with the site and the flash player below doesn't work at the moment. Just use the direct download link or pull the file through your podcatcher/iTunes... sorry for the inconvenience!

This week's podcast is hosted by Vigabyte virtual hosting but sponsored by Check Point.

On this week's show we're taking a look at smart metering. It's all the rage these days -- it will usher in an era of automated billing for electricity, gas and water as well as letting the utilities companies do all sorts of intelligent grid management stuff. Utilities across Australia and indeed throughout the world are rolling this technology out as we speak.

But as you'll hear, there are opposing views on whether or not this stuff is ready for roll out.

Could a smart meter worm that can shut down whole cities be on the horizon? It sounds a bit extreme, but that's one concern Professor Bart Jacobs of Radboud University in the Netherlands highlights. We'll hear from him later.

We'll also hear from Logica's smart metering security expert Karl Dawson. He has extensive experience working with utilities on this sort of thing and says it can be done securely, if it's done right and monitored properly.

In this week's sponsor interview we'll be chatting with Steve MacDonald from Check Point. He's Check Point's engineering services manager here in Australia which means he spends a lot of time with big, big companies dealing with their issues. This week we're chatting to Steve about some of the more idiotic things he's seen customers do. Allow ANY blanket firewall rules anyone?