Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business #164 -- FX on Blackberry security and wiretaps of the future

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's guest is Felix "FX" Lindner. A well known researcher, FX has spent more than his fair share of time crawling around the innards of Blackberry devices.

He joins us this week to discuss the hubbub about lawful interception and Blackberry devices -- how resistant to wiretapping are they? What's the OS security like? What's the encryption scheme like?

As it turns out, the Blackberry holds up pretty well on most fronts, but FX fears law enforcement and intelligence agencies may start exploiting the baseband chipsets on mobile devices in order to intercept the data they carry.

It's a cracker interview.

We stick with the mobile theme in this week's sponsor interview, asking Symantec's Vincent Weafer why that company is focussing its development efforts on the Android platform. What makes Symantec so confident that Android will become the platform of attackers' choice?

Lateral Security's Adam Boileau pops in to discuss the week's news, including the "holy crap" news that McAfee is to be acquired by Intel for a figure appraoching USD$8b. WTC?!

Here's the Blackberry whitepaper mentioned in the show.

Risky Business #164 -- FX on Blackberry security and wiretaps of the future
0:00 / 50:24

Risky Business #163 -- Hacking ATMs with Barnaby Jack

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is a cracker -- we're joined by IOActive's Barnaby Jack.

He made some major waves at BlackHat this year by demonstrating his attacks on ATMs.

He joins the show to discuss his research and talk about why his talk -- which was originally scheduled for last year's BlackHat conference -- was cancelled last year.

Kaspersky Lab's Vitaly Kamlyuk is this week's sponsor guest. He joins us to discuss what AV companies can do to detect some of the more exotic malware out there such as Stuxnet.

Adam Boileau, as always, checks in with the week's news headlines.

Risky Business #163 -- Hacking ATMs with Barnaby Jack
0:00 / 51:47

Risky Business #162 -- Pwning the Mars Rover with H D Moore

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show chat to H D Moore about his research into the security -- or lack thereof -- of the VxWorks embedded operating system.

H D did a presentation at the Security B-Sides event that ran concurrently with Black Hat in Las Vegas. As it turns out VxWorks is used in a lot of places and the people who put it together suck at maths.

People who suck at maths write bad hashing algos. Really.

We'll also have a chat with Ron Gula of Tenable Network Security in this week's sponsor interview, and of course, Adam Boileau stops by for a chat about the week's news headlines.

Risky Business #162 -- Pwning the Mars Rover with H D Moore
0:00 / 47:58

Risky Business #161 -- APTs: Don't believe the hype

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week we take a look at Verizon Business Security Solutions' data breach investigation report. It declares APTs are nothing more than marketing hype! Polly Waffle!

Verizon's Bryan Sartin and Mark Goudie join us to discuss the report and that company's position on APT hype.

You can find the full report here.

Symantec's Francis deSouza stops by for this week's sponsor interview. In it we discuss the company's plans for its newest acquisitions -- Verisign and PGP corporation.

Adam Boileau also joins us, as usual, to discuss the week's news.

Risky Business #161 -- APTs: Don't believe the hype
0:00 / 54:44

Risky Business #160 -- Clear evidence of state involvement in Stuxnet malware

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is a cracker, and it's brought to you by our brand spanking new sponsor Research In Motion, makers of the Blackberry.

In this week's show we're taking an in depth look at the Stuxnet malware and the hideous, unpatched .lnk bug still affecting Microsoft systems. Paul Ducklin joins us to chat about that.

Ed Curtis from Research in Motion will be along in this week's sponsor interview to have a chat about some of the mistakes people make when rolling out Blackberry Enterprise Server, stay tuned for that.

Adam Boileau, of course, stops by to discuss the week's news headlines!

Risky Business #160 -- Clear evidence of state involvement in Stuxnet malware
0:00 / 41:10

Risky Business #159 -- Skimmers pay massive bribes downunder

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we take a fresh look at the insider threat in light of the news, here in Australia, that criminal syndicates are paying up to $40,000 to bribe service station attendants into helping them skim cards.

If the bad guys are willing to pay $40k for someone that low on the food chain, what will they pay to get at someone in your organisation?

To find out we'll be joined by Gartner research director, AusCERT co-founder and former Commonwealth Bank security big-wig Rob McMillan.

Also this week we chat with Kaspersky's Vitaly Kamlyuk in the sponsor interview.

We'll be chatting about Mozilla's blocking of a malicious plugin that siphoned usernames and passwords off unsuspecting users. What should browser manufacturers be doing to stop this sort of thing from happening?

Adam Boileau, as always, stops in with the week's news.

Risky Business #159 -- Skimmers pay massive bribes downunder
0:00 / 43:17

Risky Business #158 -- Pwning up Apple's iTunes store

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's edition of the show we take a look at the security of Apple's iTunes store. If you haven't heard the news, it seems a rogue app developer was able to bill Apple customers for apps they never bought.

We'll find out just how well the Apple app store was put together in the first place when we speak with Karl Chaffey. He works for a mobile development company and put together an interesting lightning talk for last year's Kiwicon conference which was all about the iTunes store.

Also this week we'll be chatting with Veracode's director of product management Tim Jarrett in our sponsor interview. We'll be talking about how to keep things nice when you're maintaining live code... how much automated scanning should you do? How much manual testing?

Adam Boileau is the week's news guest.

Risky Business #158 -- Pwning up Apple's iTunes store
0:00 / 43:35

Risky Business #157 -- Voluntary codes versus regulation

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

WARNING: This week we missed some bad language during the edit... so hide this filthy podcast from your children's innocent ears.

On this week's show we're chatting with the head of Australia's Internet Industry Association (IIA), Peter Coroneos, about the government's plan to force internet users here to use antivirus software or be kicked off the tubes!

Peter was the architect of Australia's just released voluntary code for ISPs, but he'll be along soon to talk about why he thinks regulation here is actually a BAD idea. That's coming up soon.

In this week's sponsor interview we chat with Tenable Network Security CEO Ron Gula about APTs, or Advanced Persistent Threats. Are APTs a big deal? Are they real? Is this marketing hype? What's going on?

That's this week's sponsor interview, and it's coming up later.

Adam Boileau, as always, joins the show to discuss the week's news headlines.

Risky Business #157 -- Voluntary codes versus regulation
0:00 / 50:49

Risky Business #156 -- ICQ heads to Russia, feds worry

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week's show we have a chat with iDefense threat analyst Kimberly Zenz.

Apparently Russian cybercrooks love to use ICQ, so US-based investigators are worried about the planned sale of ICQ to a Russia-based company called Digital Sky.

Kimberly's specialty is the Russian cybercrime scene, and apparently this mooted sale is interesting for a number of reasons. She joins the show to explain!

Adam Boileau is this week's news guest, and Vitaly Kamlyuk of Kaspersky Labs is this week's sponsor guest. In it we discuss the number of malware samples with valid authenticode signatures that are popping up.

With a system this loose is there actually a point to signing code?

Risky Business #156 -- ICQ heads to Russia, feds worry
0:00 / 48:30

Risky Business #155 -- Can AusCERT survive?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we take a look at Australia's CERT wars. The Australian government has more or less declared AusCERT dead. It says its new group, CERT Australia, which is run out of the Attorney General's Department, will act as the sole point of contact for organisations in Australia when seeking CERT services or coordination.

AusCERT doesn't see it that way. Its general manager, Graham Ingram, fronts this week's program to claim it's business as usual for the member-funded NGO. We also have a chat with our secret squirrel, an anonymous source close to the war.

Mark Dowd is this week's news guest, filling in for Adam Boileau this week. Adam's off presenting at Syscan in Singapore, but he'll be back on deck next week.

In this week's sponsor interview we speak with Check Point's Engineering Services Manager Aviv Abramovich about using logging as a deterrent to data theft.

Risky Business #155 -- Can AusCERT survive?
0:00 / 52:17