Risky Business Podcast

This week's edition of Risky Business is sponsored by Check Point Software Technologies and hosted, as always, by Vigabyte virtual hosting.

On this week's show we're taking a fresh look at "bulletproof" hosting services. Just last week a California-based hosting company, McColo, was de-peered by its upstream providers for hosting bot net command and control servers.

The result? A 65-75 percent reduction in global spam levels.

We'll talk to iDefense Senior Threat Analyst Kimberly Zenz about the closure of McColo and what the lasting effect -- if there is one -- will be.

This week also sees the triumphant return of Munir Kotadia from ZDNet Australia. Munir drops in to discuss the week's security news.

And Check Point's Engineering Services Manager, Steve MacDonald, pops in for this week's sponsor interview -- the topic is capacity planning.

This week's edition of Risky Business is brought to you by a tiny little company called Microsoft, and we'll be taking an in-depth look at some widely reported security issues with WPA TKIP.

While reports of the death of WPA have been greatly exaggerated, the issues discovered by Erik Tews and Martin Beck are certainly worth a closer look. Can the new capability of attackers to inject seven packets into your WPA network lead to a total compromise? Will this research open the floodgates and lead to more serious issues being uncovered?

Assurance.com.au's Neal Wise joins us to discuss. Neal is a real WiFi nut and he's been up to his armpits in this stuff since the reports first surfaced.

We'll also check in with Adam Boileau for a chat about the last week's news headlines: Did you read about Google's incredibly daft Android security lapse yet? Holy smokes!

Microsoft's Peter Watson will also swing by for this week's sponsor interview. This week we chat to Peter about the security of cloud computing.

This week's edition of Risky Business is sponsored by RSA Security and hosted by Vigabyte virtual hosting.

In this week's podcast we take a look at cloud computing, which is all the rage all of a sudden. Andrew Walls from Gartner stops by to cut through the hype and talk about what cloud services could mean for the average CSO.

One-time CANVAS developer and freelance security consultant Adam Boileau pops by to discuss the news and respond to the controversy over last week's Risky Business interview with Marcus Ranum.

If you haven't heard, Marcus really had a go at exploit tools like CANVAS and CORE Impact. It really annoyed a lot of listeners, and this week we revisit the topic.

ISP engineer Mark Newton also stops by to talk about the proposed "great firewall of Australia," and RSA's Greg Singh joins us to discuss the sudden swell in uptake of smart card technology.

NOTE: At one point you'll hear me refer to Mark Newton as Matthew Newton. The mistake was mine... sorry, Mark!

This week's edition of Risky Business is brought to you by Tenable Network Security and hosted, as always, by Vigabyte virtual hosting.

On this week's show H D Moore, creator of the Metasploit framework, pops in for a chat. He joins us to discuss changes to Metasploit's license, as well as the features you'll find in the new, upcoming version of the software. (3.2) He'll also discuss his Uninformed.org journal article on the usefulness of IPv6 in pen tests.

Also this week:

• Kiwicon organiser and freelance security nut Adam Boileau joins us with the week's news.
• Microsoft Australia's Chief Security Advisor Peter Watson admits the communication strategy around last week's out of band patch was less than ideal.
• Tenable Network Security's CSO Marcus Ranum joins the show in this week's sponsor interview.

Don't forget to register for Ruxcon! It's coming up!

This week's Risky Business is brought to you by Check Point Software and hosted by Vigabyte virtual hosting.

On this week's show we're going to preview Ruxcon, Australia's premier IT security conference. It dropped off the earth last year, but it's back in 2008 and bigger than ever.

We'll also find out why Macquarie Telecom had egg on its face last week, and catch up with Check Point's Steve MacDonald in this week's sponsor interview.

On this week's show:

• Adam Boileau joins host Patrick Gray to discuss the week's news
• Denis Rowe, National Marketing Manager for Macquarie Telecom issues a mea culpa
• Ruxcon organiser Chris Spencer joins Risky Business to preview November's conference
• Forensics expert Adam Daniel joins us to preview his talk at Ruxcon
• Penetration tester Fionnbharr Davies talks enterprise security
• Check Point's Steve MacDonald talks about the World Bank hack in this week's sponsor interview

| \t Show Player | Play in Popup | Download

This week's edition of Risky Business is brought to you by Microsoft and hosted by Vigabyte virtual hosting.

In this week's show you'll hear an interview with industry legend Dan Geer. Dan has served as chief scientist for Verdasys and CTO of @stake, as well as helping to create Kerberos and the X Window system back in the day.

Dan joins the show this week to discuss the rise of the "military digital complex". It's VERY interesting stuff.

In this week's sponsor interview Microsoft's SDL big kahuna Steve Lipner joins the show to discuss the company's decision to release some of its very own, internal SDL tools to independent software vendors next month.

This is a special weekend listening edition of Risky Business and is brought to you by our sponsor MessageLabs.

If you're a regular listener to this program you'll know I headed to New Zealand a couple of weekends ago to attend the Kiwicon security conference in Wellington... there were presentations, lots of free beer, and of course this presentation by security consultant and researcher Paul Craig.

Paul works for Security Assessment.com in New Zealand, and he delivered by far the most entertaining presentation at Kiwicon. Called the Paul Craig Omnibus Experience, the talk blended three separate talks into one, which I've edited down into one fine hour of listening. The first talk is about iKat, the interactive kiosk attack tool.

iKat was unveiled by Paul at the most recent DEFCON conference in Las Vegas -- it's basically a website that you can visit from Internet kiosks -- like you find in corporate lobbies or airports. Of course when you visit the iKat website from a kiosk you can start clicking on stuff and popping shells. Paul released iKat to get people thinking -- so many people pump all sorts of sensitive information into the average kiosk... but since the release of iKat, we now know fore SURE they're not safe. Umm... thanks mate!

That's the first part of his talk, and it's a lot of fun. As you'll hear, Paul has a healthy sense of humour and does really well in front of a crowd.

In the second part of the Omnibus Experience, Paul discusses his hobby -- stealing data from botnets. In all, Paul boosted 3.3 gigabytes of plain text logs that had been intercepted by a fairly unsophisticated keylogging Trojan... the resulting findings are hilarious.

Last up he unveils the Moth Trojan.

Listeners to our last show would have heard a bit about this. Moth uses native Windows functionality to subvert the operating system. Not only does it allow full remote access to the affected host, but it actually insults the user through Microsoft's text to speech function. It's classic stuff.

Now, you would have heard an interview I did with MacLeonard Starkey from AusCERT about this -- Macca says detecting this thing is actually pretty easy. Now, while Macca has come up with some nifty detection techniques, I think the jury's still out on how effective Paul's techniques are. Because the Trojan is so customisable and allows such an amazing level of control over the infected system, I reckon it'd be a real challenge to get rid of different variants of this thing ... anyway, have a listen to Paul's talk and make your own mind up. I've linked to Paul's Web site where you can download the source code to Moth, and I've also linked to Macca's write up on Moth.

You can find the source code to Moth here, and MacLeonard Starkey's write-up here.

This week's show is brought to you by RSA Security and hosted by Vigabyte virtual hosting.

We've got two feature interviews this week. The first story in this week's show is an interview with BreakingPoint Systems' Dennis Cox. He's been playing around with TCP Denial of Service attacks for something like 12 years, and he's got a few insights into this latest DoS that some researchers from a Swedish company are saying will melt the Internet.

We'll also chat about a new type of Trojan -- which uses WMI event filters and consumers -- unveiled at the Kiwicon security conference in Wellington. MacLeonard Starkey from AusCERT will be along to talk about that one.

This week's sponsor interview is with Greg Singh of RSA Security. With world markets in a tailspin, layoffs are sure to follow. What can we do to make sure disgruntled ex employees don't make a bad situation worse?

If you're looking for a link to the source for the Moth Trojan you can find it here. To read Macca's write-up on Moth, click here.

This week's edition of Risky Business is brought to you by Check Point and hosted by Vigabyte virtual hosting. Risky Business 80 was recorded at the second annual Kiwicon conference in Wellington, New Zealand.

In this podcast, you'll hear the panel I ran at Kiwicon. Panelists were Insomnia Security's Brett Moore, the University of Auckland's Peter Gutmann and Security-Assessment.com's Paul Craig.

You'll also hear an interview with Mark "pipes" Piper about his latest initiative -- secure-freedom.org. It's a site designed to funnel knowledge from corporate security guys into the delicate little brains of open source developers.

This week's sponsor interview features Check Point Software's Steve MacDonald discussing recent changes to Australia's EPL process.

This special edition of Risky Business was recorded in Rotterdam, in the Netherlands, at the GOVCERT.NL security conference. The conference organisers flew me there to host a couple of ask the expert sessions and record some custom interviews... but I got to record my own stuff too and prepare this special.

This podcast is essentially a bunch of interviews I did at the conference, glued together for your listening pleasure. Big thanks to our advertiser MessageLabs for making this week's show possible!

On this week's show you'll hear:

• Marcus Sachs of the Internet Storm Centre (Day job: Verizon) talks supply chain subversion and fun with USB devices. (Hint: Load them up with malware then leave them in the bathrooms of your target...)
• GovCERT's Carol Overes talks HoneySpiders -- they're basically client-side honeypots, but they could have some nifty commercial applications.
• Lance Spitzner looks back at his experience running the Honeynet Project over the years. Honeynets showed some early promise as potential products, ala "bait and switch honeynets". It never happened, so I asked Lance why.
• A quick interview with Bart Jacobs, the professor who wound up leading the research team that broke NXP Semiconductors' MIFARE RFID access cards. The whole thing has actually turned into a political catastrophe that has potential to divert votes away from the incumbent government...

Massive thanks to all the GOVCERT guys -- Eelco, Roeland, Tarik and especially Erik de Jong. Apologies if I spelled any of your freakish European names incorrectly... ;) Coming from Australia I know plenty of alcos, but not too many Eelcos!