Risky Business Podcast

This week's edition of Risky Business is brought to you by Sophos.

And what a show it is! We've got the exclusive podcast interview with HD Moore, who fills us in on the acquisition of the Metasploit project by Rapid7.

Now, before you GPL freaks run to the shed to dig out the pitchforks and flaming torches, you should hear this interview. The way HD describes it, this acquisition is about the best thing that could have happened to Metasploit.

Rapid7's director of products and operations, Corey Thomas, also joins the show with some soothing words for anyone with concerns about the acquisition.

We're also joined this week by Adam Boileau, who discusses the week's news headlines, and Paul Ducklin of Sophos joins us for the week's sponsor interview.

Subscribe to the Risky Business podcast here.

Follow Risky Business on Twitter here.

Sign up for a forum account and our weekly newsletter here.

...or leave us a voicemail on Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's show features an excerpt from David Rice's plenary speech at the GovCERT Symposium in Rotterdam, The Netherlands.

In his talk, David asks what the security business could learn from pasta sauce, Diet Pepsi and food science in general. It's a bit out there, but it's well worth a listen.

You'll also hear from Microsoft Australia's Andrew Parsons about a couple of programs Microsoft is running that involve giving away an absolute tonne of expensive software to students and start-ups. It's not a security related interview, but hey, the programs are pretty interesting and worth featuring.

There's no news guest this week -- I'm still travelling back to Australia from Europe. It's a long way. No, really... It's far.

But we'll be back to regular programming next week.

This week's show is a bit of a special edition, prepared at the GovCERT.nl Symposium at the World Trade Centre in Rotterdam, Netherlands.

This isn't a regular edition of the show, so sadly we will not be joined by our regular news guest Adam Boileau for our weekly news segment. Instead, we'll be having a chat with Neohapsis CTO Greg Shipley, who's also here to give his own talk at GovCERT.nl.

Greg's firm actually did some of the forensics work on one of the organisations allegedly attacked by Alberto Gonzalez, the Internet super-villain. If you've been in a cave for the last few months, Gonzalez is the guy who's suspected of stealing up to 135 million credit card numbers over several years... and he's now in prison as a result.

Greg's and I discussed how these sorts of breaches could actually happen in organisations that actually pay attention to their security.

In this week's sponsor interview, Check Point's Engineering Services Manager Steve MacDonald will be along to have a talk about a recent report -- one that we mentioned on last week's show -- that claimed up to nine percent of corporate machines are actually infected with custom-designed malware.

Working for Check Point, Steve has a lot of exposure to large corporate clients, and depressingly, says the report is entirely plausible.

On this week's show we'll be chatting with Stratsec's Chief Technology guy Nick Ellsmore about bank fraud liability. A couple in the USA who fell victim to a phishing scam are suing their bank to get their money back. Nick's not a lawyer, but he's one of those guys who follows the law as it relates to security very, very closely, so he'll be on the show to talk about that.

We'll also check in with the head of Australia's domain name regulator auDA, Chris Disspain. A couple of years ago an Australian domain name registrar, Bottle Domains, had its credit card database walked out through the perimeter. That's lead to auDA taking court action and by the looks of things it's set to drag out a bit longer.

In this week's sponsor interview we're joined by Microsoft's Stuart Strathdee. That one's a bit of a mixed chat about all sorts of stuff. We're talking all things Microsoft. And there's been a lot of MS-related news of late.

Adam Boileau is this week's news guest.

[MINOR CORRECTION: It's mentioned in the show that it's rare for a TLD regulator to take action against registrars. Risky.Biz is told that is not the case.]

On this week's show we'll be taking a look at the disclosure of security vulnerabilities in Web applications.

An interesting blog has recently popped up here. If you visit (at your own risk), what you'll see there is basically nothing but screen caps of owned Web applications. They're big targets, too.

We're talking about Facebook, RBS WorldPay, that sort of thing. Browsing through that blog is a very diverting 20 minutes.

Is owning sites and posting the results like this unethical? We thought we'd ask our guest Adam Pointon. He's a CSO for a financial services company that operates a very complicated web application for tens of thousands of users.

We'll also be chatting with our sponsor guest Paul Asadoorian this week. Paul is the co-host of the PaulDotCom Security Weekly podcast. When he's not in front of a microphone, Paul's out there being Tenable Network Security's evangelist. This week we're chatting with him about some interesting research the SANS Institute has released which revealed which weaknesses in corporate security are actually doing the most damage.

This week's special news guest is Munir Kotadia.

Risky.Biz has been asked to help a well respected security company find a new penetration tester in Melbourne. E-mail jobs at risky dot biz for more information. Details are in the show... if you're not interested, put someone forward for a $1,000 finder's fee.

You can find Risky Business on Twitter here.

Sign up to our weekly newsletter here.

This week's edition of Risky Business is brought to you by the fine folks at Sophos, the makers of all types of security software and the employer many, many smart cookies.

This week's show is a bit of a mixed bag. We'll of course be checking in with our buddy Adam Boileau to discuss the week's news headlines, then we'll be having a chat with journalist Cameron Stewart. He works for The Australian, a Murdoch-owned newspaper, and he's written a series of articles alleging Australia's spy agency ASIO has been called in to investigate Chinese networking equipment manufacturer Huawei over alleged links to Chinese intelligence organisations.

Interesting stuff to say the least.

Then we're going all Mac on you. We'll be chatting to Brett Olsen, who's been doing some interesting work in looking at the privacy implications of some iPhone applications. Yes, I know iPhone stuff has been done to death, but Olsen's i-phone-home project could be a preview of things to come across the whole mobile computing space.

Then of course we'll be chatting with Sean Richmond of Sophos in this week's sponsor interview. He'll be giving us a vendor take on Apple's decision to build some rudimentary AV into its operating system.

Sign up to the Risky.Biz newsletter here.

This week's episode is sponsored by Check Point software.

On this week's show we're chatting to Alastair MacGibbon of Surete Group. He was the Australian Federal Police Agent who established the multi-jurisdictional Australian High Tech Crime Centre back in 2003. He was with the AFP for 15 years and spent the majority of his policing career working in drug enforcement. That included investigating criminal drug syndicates.

He'll be along this week to dispel some of the current theories doing the rounds about online criminal activity.

We'll also be joined by Check Point's Fred Borjesson to discuss hardcore, customised malware: memory scrapers, rootkits and other stuff the hardcore bad guys use to exfiltrate card data from compromised organisations. It's virtually impossible to detect because, well, it's not widely distributed like most malware -- this is hardcore stuff for hardcore people. That's this week's sponsor interview.

We also discuss the week's news with Adam Boileau.

This week's show is sponsored by Microsoft and hosted by Vigabyte virtual hosting.

On this week's show we chat with Jose Nazario, the manager of security research for Arbor Networks. Jose is joining us to talk about the latest trends in botnet C&C. Apparently, using IRC is sooooo 2005 these days...

We also talk to Stuart Strathdee from Microsoft in this week's sponsor segment. In it, we discuss alleged criminal mastermind and all round badass Albert "The SoupNazi" Gonzalez. Will his capture and prosecution be a deterrent or an inspiration to fraudsters?

And of course the show wouldn't be complete without Adam "Metlstorm" Boileau jumping on board for a look at the week's news headlines.

This week's edition of Risky Business is brought to you by Sophos and hosted by Vigabyte virtual hosting.

On this week's show we chat with Professor Gernot Heiser. He's the chief Technology Officer of OK-Labs, or Open Kernel Labs. The company makes software for embedded systems, and recently NICTA -- that's a government funded technology R&D lab -- has claimed to have mathematically verified one of the OK-labs kernels as being mathematically perfect. No buffer overflows. No null pointer dereferences. No divide by zeros.

The Prof stops by to explain what this all means.

We also chat with Sean Richmond from Sophos in this week's sponsor interview. We quiz Sean on this virus doing the rounds that affects Delphi development environments. Interesting stuff!

And of course Adam Boileau pops by with the week's news headlines.

On this week's show we're chatting with CEO of Australia's Internet Industry Association, Peter Coroneos. Peter led the charge for a National 2FA scheme many years ago... it hasn't quite gotten off the ground yet, but Peter joins us shortly to discuss the scheme, how it got started and why it hasn't really gone anywhere yet.

We're also joined by a special guest in our sponsor segment this week, Paul Asadoorian, the host of the PaulDotCom Security Weekly podcast. Paul's dayjob is as Tenable's "Evangelist". He won't be evangelising anything this week though, he's popping by to talk about training. Paul did work for SANS, and we'll be asking Paul what he thinks training and certification are good for.

And we'll be checking the week's news with Adam "metlstorm" Boileau!