Risky Business Podcast

This week's podcast is hosted by Vigabyte virtual hosting and sponsored by Tenable Network Security.

Risky Business 108 takes a look at the SDL as it applies to web applications. White Hat Security's Jeremiah Grossman joins the program to argue secure code, in the case of web applications, isn't necessarily cheaper code. It sounds like heresy, but Grossman makes some pretty compelling points during his interview.

Adam Boileau joins us to discuss the news headlines, and this week's sponsor interview is with Tenable Network Security's CSO Marcus Ranum. This week we talk to Ranum about the ridiculousness of the credit card transaction model.

NEWS ITEMS DISCUSSED THIS WEEK:

Researchers Hack Web Application Firewalls

PowerPoint gets hefty fix, Apple inundates
Cyber attack could bring U.S. military response

Microsoft patches critical PowerPoint hole

UC Berkeley computers hacked, 160,000 at risk

Porn name game - is it fun or a live Phishing exercise?

Report: Hackers broke into FAA air traffic control systems

Pirated Windows 7 OS Comes With Trojan, Builds A Botnet

Heartland Breach Cost Company $12.6 Million So Far

Thanks to our sponsor Sophos, this week's edition of the Risky Business podcast is ready to download!

This week's feature interview is pretty kickass; a chat with security megalegend Mark Dowd. We talk to Mark about his entry in Google's Native Client security competition. It's very interesting stuff that could really have implications for your job in a few years.

Sean Richmond, who works for Sophos in Sydney, will be along in this week's sponsor interview to discuss the PDF format. We ask Sean why PDF readers like Acrobat Reader have been pretty bug prone lately.

Adam Boileau is this week's news guest.

Here's a list of the stories Adam and I discussed this week:

Feds' red tape left medical devices infected with computer virus, by Stephanie Condon

Twitter's network gets breached again, By Elinor Mills

MI6 Nixed Major Undercover Operation After Memory Stick Lost, by Kim Zetter

Microsoft Offers Secure Windows... But Only to the Government, by Kim Zetter

Epic Failure from McAfee (Also see McAfee Gets Worked. Hard.)

Over 8M Virginian patient records held to ransom, 30 Apr 2009, from Wikileaks.

Don't forget -- if you have any feedback on this week's show call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free). We'll play your feedback in next week's show.

This week's edition of Risky Business is brought to you by Tenable Network Security and hosted by Vigabyte virtual hosting at discounted rates.

We've got a great show this week. Australia's welfare agency, Centrelink, has written its own smart card authentication protocol and it's released it to the public. It's called PLAID and the plan is to have it recognised an ISO standard. It's an extremely ambitious project and Centrelink's smart card architect Glenn Mitchell will be along to talk about it.

We also chat to Tenable Network Security's Marcus Ranum in this week's sponsor interview. We spoke about the recent hysteria around Chinese hackers apparently downloading the plans for America's Join Strike Fighter.

Freelance security dude Adam "Metlstorm" Boileau is this week's news guest.

We'd like to hear your thoughts on PLAID, too. Do you think it's a waste of time and taxpayer money or a masterstroke? Call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free)... or go to the risky.biz forums.

This week's show is brought to you by Check Point Software.

This week's show is a bit of a mixed bag. We chatted with 451 group analyst Paul Roberts live from the floor at the RSA conference in San Francisco. Then for something completely different we quizzed Adam Pointon about his adventures with X10 home automation equipment.

Check Point Australia's Steve MacDonald is this week's sponsor guest, and Adam Boileau was this week's news guest.

To answer this week's call-in question, tell us what your experience with DLP software's been over the last year. Call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's podcast is brought to you by Microsoft and hosted, as always, by Vigabyte virtual hosting.

On this week's show we hear from Bryan Sartin of Verizon Business Security Solutions. He'll be discussing that company's 2009 Data Breach Study.

Verizon has a well-established forensics unit and its reports are interesting. This study is to the infosec industry what black box reports are to the aviation industry; a post mortem examination of what went wrong.

We also check in with Stuart Strathdee, Microsoft Australia's Strategic Security Advisor in this week's sponsor interview. He'll be chatting about Microsoft's own Security Intelligence Report. There's some really surprising results to come out of that one.

Paul Craig is this week's news guest.

This week's show is sponsored by Sophos, and hosted, as always, by Vigabyte Virtual Hosting.

In this week's feature interview we'll be hearing from former Network Solutions CSO Richard Forno.

He's joining us to discuss a proposed bill in the USA that would require all information security professionals working on government systems to hold some sort of certification. It's an interesting idea, but Forno hates it.

Also on this week's show, Paul Ducklin from Sophos pops in to do his best to debunk the GhostNet conspiracy. Researchers from Cambridge and Toronto Universities claim to have uncovered a clandestine, state-sponsored espionage ring targeting pro Tibet politicians.

Ducklin is very sceptical and will be along soon to tell us why.

Declan Ingram of Securus Global is this week's news guest.
Don't forget to leave some audio feedback for inclusion in next week's show! Call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's Risky Business podcast is brought to you by MessageLabs, and hosted, as always, by Vigabyte virtual hosting.

On this week's show you'll hear some audio from a hearing in the US House of Representatives -- excerpts from the subcommittee on Emerging Threats, Cybersecurity, and Science and Technology Hearing. That hearing posed the question "Do the Payment Card Industry Data Standards Reduce Cybercrime?"

Apparently they don't.

In this week's sponsor interview we chat to Paul Wood from MessageLabs in the UK about some of the more innovative features in malware these days. Paul's up to his armpits in the stuff, so he has some interesting things to say.

Paul Craig from Security-Assessment.com is this week's news guest.

If you'd like to comment on anything you've heard on Risky Business, or suggest something you'd like to hear on the show, you can call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free). We'd love to hear from you.

This week's episode is sponsored by Microsoft and hosted, as always, by Vigabyte virtual hosting.

We're shifting focus a little bit in this week's feature and taking a look at DECT hacking. DECT is the Digital Enhanced Cordless Telecommunications standard, and as you'll hear, it's not always implemented correctly. That can be a lot of fun for the evil guys out there.

Blair Strang will be joining us to talk about that.

Also on this week's show we'll catch up with the host of the PaulDotCom security podcast, Paul Asadoorian. He's popping by to do this week's news segment, and boy, what a week for news it's been.

Microsoft's Internet Explorer product manager, James Pratt, pops by to discuss the new security-related features in the browser in this week's sponsor interview.

If you'd like to comment on anything you've heard on Risky Business, or suggest something you'd like to hear on the show, you can call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's podcast is brought to you by Tenable Network Security and hosted, as always, by Vigabyte virtual hosting.

It's a special day for us at Risky Business HQ -- we've launched our new Web site: http://risky.biz/

We now publish two podcasts, video and written news and opinion. There's also forums, so by all means go and sign up for an account! We'll see you in there.

On this week's show we're talking to L0pht/@stake/Veracode co-founder Chris Wysopal about the rebirth of L0phtCrack, the legendary password cracking package.

In this week's sponsor interview, Tenable Network Security analyst and Open Security Foundation dude Brian "Jericho" Martin pops in for a chat about dataloss -- are you more likely to lose data through a USB key, lost laptop or an actual attack?

Adam Pointon also pops by for a look at the week's news.

Risky Business is brought to you this week by Check Point Software and hosted, as always, by Vigabyte virtual hosting.

This week's feature is all about wardialling. H D Moore pops in to discuss his latest project, WarVOX.

WarVOX is a wardialler with a difference -- instead of trying to connect to any modem that may be found when you're dialling, WarVOX just records a snippet of audio when the line answers, then analyses it to see what it is.Risky Business is brought to you this week by Check Point Software and hosted, as always, by Vigabyte virtual hosting.

This week's feature is all about wardialling. H D Moore pops in to discuss his latest project, WarVOX.

WarVOX is a wardialler with a difference -- instead of trying to connect to any modem that may be found when you're dialling, WarVOX just records a snippet of audio when the line answers, then analyses it to see what it is. Think of it as nmap for the PSTN.

Juniper Networks Senior Security Research Manager Steve Manzuik is this week's news guest, and Steve MacDonald checks in for this week's sponsor interview.

If you'd like to comment on anything you've heard on Risky Business, or suggest something you'd like to hear on the show, you can call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

We'll be sure to include your comments in next week's show!

The music heard at the end of this week's show is by Peregrine. Buy their stuff! See their shows!