Risky Business Podcast

This week's episode is sponsored by Microsoft and hosted, as always, by Vigabyte virtual hosting.

We're shifting focus a little bit in this week's feature and taking a look at DECT hacking. DECT is the Digital Enhanced Cordless Telecommunications standard, and as you'll hear, it's not always implemented correctly. That can be a lot of fun for the evil guys out there.

Blair Strang will be joining us to talk about that.

Also on this week's show we'll catch up with the host of the PaulDotCom security podcast, Paul Asadoorian. He's popping by to do this week's news segment, and boy, what a week for news it's been.

Microsoft's Internet Explorer product manager, James Pratt, pops by to discuss the new security-related features in the browser in this week's sponsor interview.

If you'd like to comment on anything you've heard on Risky Business, or suggest something you'd like to hear on the show, you can call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

This week's podcast is brought to you by Tenable Network Security and hosted, as always, by Vigabyte virtual hosting.

It's a special day for us at Risky Business HQ -- we've launched our new Web site: http://risky.biz/

We now publish two podcasts, video and written news and opinion. There's also forums, so by all means go and sign up for an account! We'll see you in there.

On this week's show we're talking to L0pht/@stake/Veracode co-founder Chris Wysopal about the rebirth of L0phtCrack, the legendary password cracking package.

In this week's sponsor interview, Tenable Network Security analyst and Open Security Foundation dude Brian "Jericho" Martin pops in for a chat about dataloss -- are you more likely to lose data through a USB key, lost laptop or an actual attack?

Adam Pointon also pops by for a look at the week's news.

Risky Business is brought to you this week by Check Point Software and hosted, as always, by Vigabyte virtual hosting.

This week's feature is all about wardialling. H D Moore pops in to discuss his latest project, WarVOX.

WarVOX is a wardialler with a difference -- instead of trying to connect to any modem that may be found when you're dialling, WarVOX just records a snippet of audio when the line answers, then analyses it to see what it is.Risky Business is brought to you this week by Check Point Software and hosted, as always, by Vigabyte virtual hosting.

This week's feature is all about wardialling. H D Moore pops in to discuss his latest project, WarVOX.

WarVOX is a wardialler with a difference -- instead of trying to connect to any modem that may be found when you're dialling, WarVOX just records a snippet of audio when the line answers, then analyses it to see what it is. Think of it as nmap for the PSTN.

Juniper Networks Senior Security Research Manager Steve Manzuik is this week's news guest, and Steve MacDonald checks in for this week's sponsor interview.

If you'd like to comment on anything you've heard on Risky Business, or suggest something you'd like to hear on the show, you can call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

We'll be sure to include your comments in next week's show!

The music heard at the end of this week's show is by Peregrine. Buy their stuff! See their shows!

This edition of Risky Business is sponsored by Sophos.

On this week's show we take a look at a recent survey [pdf] released by Oracle in conjunction with the Independent Oracle User Group.

It found 11 percent of Oracle administrators had never applied a critical patch. In fact, 70 percent of Oracle DBAs surveyed were at least three months behind the patch release times.

How did we get here? Securus Global's Declan Ingram pops in to discuss the possible root cause of such startling data. Race To Zero organiser and master chef Simon Howard also shares his thoughts on database host security.

Paul Ducklin pops by for this week's sponsor interview. We ask Paul how endpoint security providers like Sophos can be expected to battle 0day threats such as the recent PDF and Excel flaws.

If you'd like to comment on anything you've heard on Risky Business, or suggest something you'd like to hear on the show, you can call Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).

We'll be sure to include your comments in next week's show!

UPDATE: Due to a production glitch in the original podcast recording, certain audio snippets (music, bumpers) were incorrectly rendered. The file has been fixed and replaced!

Yeah yeah, we've all heard about the threat from social networks -- employees post juicy information that attackers can hoover up during reconnaissance. But what if a determined attacker actually infiltrated the social network that exists between your employees? What if they then used that trust to phish for VPN passwords?

That's what the guys from the Snosoft research team claim to have done in a recent customer engagement, with spectacularly successful results. You can read their post here.

Melbourne-based CSO Adam Pointon joins us to discuss the idea.

This week's show is sponsored by Microsoft. Mike Reavy of the MSRC pops in this week to explain Microsoft's exploitability index, and Adam Boileau joins us for the week's news.

This week's edition of Risky Business is brought to you by the fine folks at Check Point Software. They've been making firewalls since 1645!

On this week's show we take a look at the issue of mobile security. You'll hear an excerpt from Fionnbharr Davies' talk at Ruxcon in which he outlines the horror that is an iPhone turned against its master.

After that we check in with Rick Howard, the director of iDefense Labs' in the USA. Despite every vendor under the sun predicting the birth of the mobile hacking age since the year 2000, Rick says 2009 is shaping up as the real deal.

Steve MacDonald from Check Point also swings by for this week's sponsor interview -- the topic? Firewall optimisation software. It's hot right now. So hot. Hot like Hansel.

Risky Business will be late next week -- expect it to be up on Friday. If you'd like to leave feedback for our audio mailbag, you can ring:

Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free)

This week's podcast is sponsored by Tenable Network Security and hosted by Vigabyte virtual hosting.

On this week's show we chat to the head of iDefense Labs, Rick Howard. He joins us to discuss the threat posed to organisations from disgruntled ex-staff. Layoffs have been ramping up, and we've already seen two high-profile incidents involving cranky admins burning down the house, or at least trying to.

Rick also chimes in with his predictions for 2009.

In this week's sponsor interview we chat to Tenable Network Security's CEO Ron Gula, who'll fill you all in on the new, whiz-bang bundle containing Immunity Inc's CANVAS exploitation tool and Tenable's own Nessus software.

This week's news is huge. Munir Kotadia joins us from a small resort island off the coast of Malaysia to discuss the headlines. No joke. Bastard.

You can find the link to the phpbb.com hack here.

Donations to the bushfire relief fund can be made to the Red Cross here.

And don't forget to leave feedback at our voicemail boxes:

Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free)

This week's edition of Risky Business is brought to you by Sophos and hosted, as always, by Vigabyte virtual hosting.

On this week's show we ease back into the year by chatting with Neohapsis founder and CTO Greg Shipley about the ineffectiveness of security technologies and the rise of DLP.

Munir Kotadia stops by with this week's news, and Paul Ducklin from Sophos talks Conficker.

If you're interested in the CERT advisory on Autorun mentioned in the news, you can find it here.

And while it's not mentioned in the show, there's an interesting PDF the team at GOVCERT.NL put together on the md5 SSL thing. Grab it here.

If you'd like to leave some feedback for the Risky Business audio mailbag, call the following numbers and speak your mind! You might just hear yourself on next week's show...

Australia: 02 8569 1835
USA (Toll free): +1 (877) 688-8417

This week's edition of Risky Business is a bit different -- we take a look back over the big stories of 2008 and highlight the best work we saw over the last 12 months.

You'll laugh, you'll cry... you'll hurl.

This is the final Risky Business for the year, with normal programming returning in February. The final edition of Risky Business for the year is brought to you by Tenable Network Security, makers of fine information security software.

So in addition to this week's 20-minute year-in-review special, this week's podcast also includes an interview with Tenable's CSO, Marcus Ranum, in the final sponsor segment for the year.

This week Marcus and Patrick discuss the woeful state of Internet browser security.

NOTE: There is talk in that segment of a Firefox 0day that could have amounted to nothing. Well, it did -- turns out it was a null pointer dereference bug, which means it's probably not exploitable... unless you're Mark Dowd.

A big merry Christmas and thank you to all listeners who helped make Risky Business a success in 2008!

This week's edition of Risky Business is brought to you by RSA Security and hosted, as always, by Vigabyte Virtual hosting.

On this week's show:

• ZDNet Australia's outgoing editor Munir Kotadia joins us to discuss the week's news
• nmap creator Gordon "Fyodor" Lyon discusses his new book
• RSA Security's Greg Singh joins the show to discuss AFP agent Nigel Phair's Consumer Trust and Confidence Online Survey.

We've also got some information on this week's show for Mac users who also use PGP for mail.app... if you're having trouble since installing your 10.5.6 OS X update, it's not just you!