Risky Business Podcast

This week's show is brought to you by the fine folks at Sophos.

This week we're looking at what the mainstream media is calling "climategate".

As world leaders meet in Copenhagen to try to hammer out a coordinated response to global warming, the blogosphere and indeed the mainstream press are all in a tizz over thousands of hacked e-mails from the Climate Research Unit of the University of East Anglia.

In all 13 years of e-mails were stolen from the CRU and leaked online, with some of the e-mails appearing to show scientists manipulating data to exaggerate warming. For their part, scientists say those e-mails have been taken out of context.

Either way, climategate has given climate sceptics a boost leading into Copenhagen, and as you'll hear, the scandal has certainly muddied the climate agenda at a critical time.

So we'll be chatting with scientist and climate change expert Professor Ian Enting from the University of Melbourne about climategate and its impact on the scientific community.

We'll also be having a chinwag with Paul Craig of Security-Assessment.com in New Zealand. Paul has done a whole bunch of research into hacking scientific software -- stuff like fluid dynamics packages, circuit modelling software and even chemistry modelling software. As it turns out, not many people have looked for bugs in this stuff, and they're everywhere. So it's our "hacking scientists" special edition of Risky Business this week.

Paul Ducklin will also be along later in the show for this week's sponsor interview. We'll be talking about that research into English language shellcode.

And Adam Boileau is this week's news guest!

This week's show is a bit different -- we're giving you a double dose of our regular guest Adam Boileau.

Following Kiwicon last weekend I checked in to Chez Boileau for a few nights, so we were able to do the news in his kitchen before I buggered off back to Australia.

While I was there we also had a chat about Kiwicon and discussed some of the presentations we saw. Adam is a key organiser of Kiwicon so it made sense to discuss it with him. Topics covered include GPS security, shared hosting insecurity, Linux kernel rootkit detection, hacking scientists and much, much more.

Coincidentally Check Point's Steve MacDonald was in Wellington when I was, so we caught up for a beer and did this week's sponsor interview in the flesh. The topic was Microsoft's decision to start advising customers to ditch IE6.

In the same statement the company advised its clients to stop licking batteries and filling their petrol tanks with sugar.

This week's show is brought to you by Microsoft.

We've got a couple of great stories in this week's show. We'll be chatting with our semi regular guest Adam Pointon, who's taken a bit of a look through the leaked 911 pager messages that popped up on Wikileaks overnight.

While everyone's been trawling through them looking for evidence that the aliens did it, Adam's been taking a look at the automatically generated messages that network equipment was sending out. It's interesting stuff.

We'll also check in with Mikhail Davidov from Leviathan Security in the USA. They've made the SSL/TLS flaw you've been hearing about MUCH more practical and they've written code that will let you -- yes, you -- perform a channel downgrade attack.

Adam Boileau is this week's news guest, and we're joined by Microsoft's Stuart Strathdee in this week's sponsor interview.

We've got two feature interviews in this week's show. We'll be chatting with Security-Assessment.com's Carl Purvis, who's found a way to man-in-the-middle ADSL connections by spending only $1,000 on kit. Want to own a branch office of a major corporation? No problem!

Carl's due to give a talk at the upcoming Kiwicon conference in which he'll show everyone how it's done, so the interview's a bit of a preview.

We'll also check in very briefly with Assurance.com.au's Oliver Greiter, who's been having a lot of fun with Microsoft's ActiveSync. He'll also be presenting his findings in a lightning talk at Kiwicon.

This week's episode is sponsored by Microsoft, and the company's strategic security advisor, Stuart Strathdee joins us for an interview about the company's latest Security Intelligence Report in this week's sponsor interview.

Adam Boileau is this week's news guest.

Sponsor RB's Movember Team here.

Follow RB on Twitter here.

This week's feature guest is the creator of the iPhone worm, Ashley Towns, aka Ikee. This guy is either a cheeky kid or a cyber terrorist, depending on who you ask, and yup -- we've got him on the show.

We also check in with Paul Ducklin of Sophos in this week's sponsor interview. You've never heard two interviews that clash more, it's hilarious.

In one corner is the heavily pierced kid from Wollongong with the funny haircut, in the other is the middle aged AV guy who's a real stickler for the rules.

It's the naughty kid versus the school principal, both interviewed about the same series of events.

We're also joined by Adam Boileau for a discussion of the week's news.

This week's show is sponsored by the wonderful people from Tenable Network Security.

This week's feature interview is with Chris Disspain, the CEO of Australia's domain name regulator auDA.

This week we're discussing the move to Cyrillic domain names -- some media commentators have gone a bit berserk on this one, saying that the move will introduce massive risks because people will be able to do phishing campaigns with domains made up partially of Cyrillic characters.

Chris will be along to talk about why he thinks that's wrong.

We're also joined by Tenable Network Security's CEO Ron Gula in this week's sponsor interview. Ron gives us his take on Rapid7's acquisition of Metasploit.

Adam Boileau also pops in for a look at the week's news headlines.

PLEASE NOTE: We're having some technical problems with the site and the flash player below doesn't work at the moment. Just use the direct download link or pull the file through your podcatcher/iTunes... sorry for the inconvenience!

This week's podcast is hosted by Vigabyte virtual hosting but sponsored by Check Point.

On this week's show we're taking a look at smart metering. It's all the rage these days -- it will usher in an era of automated billing for electricity, gas and water as well as letting the utilities companies do all sorts of intelligent grid management stuff. Utilities across Australia and indeed throughout the world are rolling this technology out as we speak.

But as you'll hear, there are opposing views on whether or not this stuff is ready for roll out.

Could a smart meter worm that can shut down whole cities be on the horizon? It sounds a bit extreme, but that's one concern Professor Bart Jacobs of Radboud University in the Netherlands highlights. We'll hear from him later.

We'll also hear from Logica's smart metering security expert Karl Dawson. He has extensive experience working with utilities on this sort of thing and says it can be done securely, if it's done right and monitored properly.

In this week's sponsor interview we'll be chatting with Steve MacDonald from Check Point. He's Check Point's engineering services manager here in Australia which means he spends a lot of time with big, big companies dealing with their issues. This week we're chatting to Steve about some of the more idiotic things he's seen customers do. Allow ANY blanket firewall rules anyone?

This week's edition of Risky Business is brought to you by Sophos.

And what a show it is! We've got the exclusive podcast interview with HD Moore, who fills us in on the acquisition of the Metasploit project by Rapid7.

Now, before you GPL freaks run to the shed to dig out the pitchforks and flaming torches, you should hear this interview. The way HD describes it, this acquisition is about the best thing that could have happened to Metasploit.

Rapid7's director of products and operations, Corey Thomas, also joins the show with some soothing words for anyone with concerns about the acquisition.

We're also joined this week by Adam Boileau, who discusses the week's news headlines, and Paul Ducklin of Sophos joins us for the week's sponsor interview.

Subscribe to the Risky Business podcast here.

Follow Risky Business on Twitter here.

Sign up for a forum account and our weekly newsletter here.

...or leave us a voicemail on Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's show features an excerpt from David Rice's plenary speech at the GovCERT Symposium in Rotterdam, The Netherlands.

In his talk, David asks what the security business could learn from pasta sauce, Diet Pepsi and food science in general. It's a bit out there, but it's well worth a listen.

You'll also hear from Microsoft Australia's Andrew Parsons about a couple of programs Microsoft is running that involve giving away an absolute tonne of expensive software to students and start-ups. It's not a security related interview, but hey, the programs are pretty interesting and worth featuring.

There's no news guest this week -- I'm still travelling back to Australia from Europe. It's a long way. No, really... It's far.

But we'll be back to regular programming next week.

This week's show is a bit of a special edition, prepared at the GovCERT.nl Symposium at the World Trade Centre in Rotterdam, Netherlands.

This isn't a regular edition of the show, so sadly we will not be joined by our regular news guest Adam Boileau for our weekly news segment. Instead, we'll be having a chat with Neohapsis CTO Greg Shipley, who's also here to give his own talk at GovCERT.nl.

Greg's firm actually did some of the forensics work on one of the organisations allegedly attacked by Alberto Gonzalez, the Internet super-villain. If you've been in a cave for the last few months, Gonzalez is the guy who's suspected of stealing up to 135 million credit card numbers over several years... and he's now in prison as a result.

Greg's and I discussed how these sorts of breaches could actually happen in organisations that actually pay attention to their security.

In this week's sponsor interview, Check Point's Engineering Services Manager Steve MacDonald will be along to have a talk about a recent report -- one that we mentioned on last week's show -- that claimed up to nine percent of corporate machines are actually infected with custom-designed malware.

Working for Check Point, Steve has a lot of exposure to large corporate clients, and depressingly, says the report is entirely plausible.