Risky Business Podcast

This edition of Risky Business is sponsored by Sophos.

On this week's show we take a look at a recent survey [pdf] released by Oracle in conjunction with the Independent Oracle User Group.

It found 11 percent of Oracle administrators had never applied a critical patch. In fact, 70 percent of Oracle DBAs surveyed were at least three months behind the patch release times.

How did we get here? Securus Global's Declan Ingram pops in to discuss the possible root cause of such startling data. Race To Zero organiser and master chef Simon Howard also shares his thoughts on database host security.

Paul Ducklin pops by for this week's sponsor interview. We ask Paul how endpoint security providers like Sophos can be expected to battle 0day threats such as the recent PDF and Excel flaws.

If you'd like to comment on anything you've heard on Risky Business, or suggest something you'd like to hear on the show, you can call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

We'll be sure to include your comments in next week's show!

UPDATE: Due to a production glitch in the original podcast recording, certain audio snippets (music, bumpers) were incorrectly rendered. The file has been fixed and replaced!

Yeah yeah, we've all heard about the threat from social networks -- employees post juicy information that attackers can hoover up during reconnaissance. But what if a determined attacker actually infiltrated the social network that exists between your employees? What if they then used that trust to phish for VPN passwords?

That's what the guys from the Snosoft research team claim to have done in a recent customer engagement, with spectacularly successful results. You can read their post here.

Melbourne-based CSO Adam Pointon joins us to discuss the idea.

This week's show is sponsored by Microsoft. Mike Reavy of the MSRC pops in this week to explain Microsoft's exploitability index, and Adam Boileau joins us for the week's news.

This week's edition of Risky Business is brought to you by the fine folks at Check Point Software. They've been making firewalls since 1645!

On this week's show we take a look at the issue of mobile security. You'll hear an excerpt from Fionnbharr Davies' talk at Ruxcon in which he outlines the horror that is an iPhone turned against its master.

After that we check in with Rick Howard, the director of iDefense Labs' in the USA. Despite every vendor under the sun predicting the birth of the mobile hacking age since the year 2000, Rick says 2009 is shaping up as the real deal.

Steve MacDonald from Check Point also swings by for this week's sponsor interview -- the topic? Firewall optimisation software. It's hot right now. So hot. Hot like Hansel.

Risky Business will be late next week -- expect it to be up on Friday. If you'd like to leave feedback for our audio mailbag, you can ring:

Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free)

This week's podcast is sponsored by Tenable Network Security and hosted by Vigabyte virtual hosting.

On this week's show we chat to the head of iDefense Labs, Rick Howard. He joins us to discuss the threat posed to organisations from disgruntled ex-staff. Layoffs have been ramping up, and we've already seen two high-profile incidents involving cranky admins burning down the house, or at least trying to.

Rick also chimes in with his predictions for 2009.

In this week's sponsor interview we chat to Tenable Network Security's CEO Ron Gula, who'll fill you all in on the new, whiz-bang bundle containing Immunity Inc's CANVAS exploitation tool and Tenable's own Nessus software.

This week's news is huge. Munir Kotadia joins us from a small resort island off the coast of Malaysia to discuss the headlines. No joke. Bastard.

You can find the link to the phpbb.com hack here.

Donations to the bushfire relief fund can be made to the Red Cross here.

And don't forget to leave feedback at our voicemail boxes:

Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free)

This week's edition of Risky Business is brought to you by Sophos and hosted, as always, by Vigabyte virtual hosting.

On this week's show we ease back into the year by chatting with Neohapsis founder and CTO Greg Shipley about the ineffectiveness of security technologies and the rise of DLP.

Munir Kotadia stops by with this week's news, and Paul Ducklin from Sophos talks Conficker.

If you're interested in the CERT advisory on Autorun mentioned in the news, you can find it here.

And while it's not mentioned in the show, there's an interesting PDF the team at GOVCERT.NL put together on the md5 SSL thing. Grab it here.

If you'd like to leave some feedback for the Risky Business audio mailbag, call the following numbers and speak your mind! You might just hear yourself on next week's show...

Australia: 02 8569 1835
USA (Toll free): +1 (877) 688-8417

This week's edition of Risky Business is a bit different -- we take a look back over the big stories of 2008 and highlight the best work we saw over the last 12 months.

You'll laugh, you'll cry... you'll hurl.

This is the final Risky Business for the year, with normal programming returning in February. The final edition of Risky Business for the year is brought to you by Tenable Network Security, makers of fine information security software.

So in addition to this week's 20-minute year-in-review special, this week's podcast also includes an interview with Tenable's CSO, Marcus Ranum, in the final sponsor segment for the year.

This week Marcus and Patrick discuss the woeful state of Internet browser security.

NOTE: There is talk in that segment of a Firefox 0day that could have amounted to nothing. Well, it did -- turns out it was a null pointer dereference bug, which means it's probably not exploitable... unless you're Mark Dowd.

A big merry Christmas and thank you to all listeners who helped make Risky Business a success in 2008!

This week's edition of Risky Business is brought to you by RSA Security and hosted, as always, by Vigabyte Virtual hosting.

On this week's show:

• ZDNet Australia's outgoing editor Munir Kotadia joins us to discuss the week's news
• nmap creator Gordon "Fyodor" Lyon discusses his new book
• RSA Security's Greg Singh joins the show to discuss AFP agent Nigel Phair's Consumer Trust and Confidence Online Survey.

We've also got some information on this week's show for Mac users who also use PGP for mail.app... if you're having trouble since installing your 10.5.6 OS X update, it's not just you!

This week's edition of Risky Business is brought to you by Check Point Software.

In this week's show we take a look at two burning issues: The Internet Explorer 0day that's doing the rounds, and we also talk about e-discovery with Adam Daniel from Deloitte Forensic Data.

Adam explains why e-discovery solutions are all the rage, how they work, and why they're required.

Check Point's Steve MacDonald stops by for this week's sponsor interview -- a discussion around this disastrous, unpatched IE bug that's very much being exploited in the wild.

As always, ZDNet Australia's editor Munir Kotadia pops in for a chat about this week's news.

This week's edition of Risky Business is brought to you by Microsoft.

On this week's show we'll wrap Ruxcon, Sydney's technical security conference. It was held over the weekend, and there were some cracking presentations. Security researcher Mark Dowd joins us with his impressions of the conference presentations.

We'll also check in with Munir Kotadia with a look at the last week's news headlines, and in this week's sponsor interview Microsoft's Julita Atalla joins us to discuss the company's plans to release free antivirus software.

This week's edition of Risky Business is brought to you by Tenable Network Security and hosted by Vigabyte virtual hosting.

This week we take a look at VM security with financial services company CSO Adam Pointon and Assurance.com.au's Neal Wise. The fellas say a recently disclosed flaw in the Citrix Xen hypervisor software should give us all pause. There are some exceptionally crappy virtualisation setups going up left right and centre, Adam and Neal say, and it's only a matter of time before bad practice comes back to bite everyone on the ass.

We'll also check in with Symantec's Tom Powledge, the head of the company's consumer products division. Powledge joins us to discuss Microsoft's decision to give away free anti-virus. He's far from convinced it'll have a negative impact on Symantec's business.

Tenable Network Security CSO Marcus Ranum also drops in for this week's sponsor interview. We spoke to Marcus about his keynote speech from the Hack in The Box conference in Malaysia.

ZDNet Australia's editor, Munir Kotadia, also stops in for a chuckle over the week's news headlines.