Risky Business Podcast

This week's edition of Risky Business is brought to you by Check Point Software.

In this week's show we take a look at two burning issues: The Internet Explorer 0day that's doing the rounds, and we also talk about e-discovery with Adam Daniel from Deloitte Forensic Data.

Adam explains why e-discovery solutions are all the rage, how they work, and why they're required.

Check Point's Steve MacDonald stops by for this week's sponsor interview -- a discussion around this disastrous, unpatched IE bug that's very much being exploited in the wild.

As always, ZDNet Australia's editor Munir Kotadia pops in for a chat about this week's news.

This week's edition of Risky Business is brought to you by Microsoft.

On this week's show we'll wrap Ruxcon, Sydney's technical security conference. It was held over the weekend, and there were some cracking presentations. Security researcher Mark Dowd joins us with his impressions of the conference presentations.

We'll also check in with Munir Kotadia with a look at the last week's news headlines, and in this week's sponsor interview Microsoft's Julita Atalla joins us to discuss the company's plans to release free antivirus software.

This week's edition of Risky Business is brought to you by Tenable Network Security and hosted by Vigabyte virtual hosting.

This week we take a look at VM security with financial services company CSO Adam Pointon and Assurance.com.au's Neal Wise. The fellas say a recently disclosed flaw in the Citrix Xen hypervisor software should give us all pause. There are some exceptionally crappy virtualisation setups going up left right and centre, Adam and Neal say, and it's only a matter of time before bad practice comes back to bite everyone on the ass.

We'll also check in with Symantec's Tom Powledge, the head of the company's consumer products division. Powledge joins us to discuss Microsoft's decision to give away free anti-virus. He's far from convinced it'll have a negative impact on Symantec's business.

Tenable Network Security CSO Marcus Ranum also drops in for this week's sponsor interview. We spoke to Marcus about his keynote speech from the Hack in The Box conference in Malaysia.

ZDNet Australia's editor, Munir Kotadia, also stops in for a chuckle over the week's news headlines.

This week's edition of Risky Business is sponsored by Check Point Software Technologies and hosted, as always, by Vigabyte virtual hosting.

On this week's show we're taking a fresh look at "bulletproof" hosting services. Just last week a California-based hosting company, McColo, was de-peered by its upstream providers for hosting bot net command and control servers.

The result? A 65-75 percent reduction in global spam levels.

We'll talk to iDefense Senior Threat Analyst Kimberly Zenz about the closure of McColo and what the lasting effect -- if there is one -- will be.

This week also sees the triumphant return of Munir Kotadia from ZDNet Australia. Munir drops in to discuss the week's security news.

And Check Point's Engineering Services Manager, Steve MacDonald, pops in for this week's sponsor interview -- the topic is capacity planning.

This week's edition of Risky Business is brought to you by a tiny little company called Microsoft, and we'll be taking an in-depth look at some widely reported security issues with WPA TKIP.

While reports of the death of WPA have been greatly exaggerated, the issues discovered by Erik Tews and Martin Beck are certainly worth a closer look. Can the new capability of attackers to inject seven packets into your WPA network lead to a total compromise? Will this research open the floodgates and lead to more serious issues being uncovered?

Assurance.com.au's Neal Wise joins us to discuss. Neal is a real WiFi nut and he's been up to his armpits in this stuff since the reports first surfaced.

We'll also check in with Adam Boileau for a chat about the last week's news headlines: Did you read about Google's incredibly daft Android security lapse yet? Holy smokes!

Microsoft's Peter Watson will also swing by for this week's sponsor interview. This week we chat to Peter about the security of cloud computing.

This week's edition of Risky Business is sponsored by RSA Security and hosted by Vigabyte virtual hosting.

In this week's podcast we take a look at cloud computing, which is all the rage all of a sudden. Andrew Walls from Gartner stops by to cut through the hype and talk about what cloud services could mean for the average CSO.

One-time CANVAS developer and freelance security consultant Adam Boileau pops by to discuss the news and respond to the controversy over last week's Risky Business interview with Marcus Ranum.

If you haven't heard, Marcus really had a go at exploit tools like CANVAS and CORE Impact. It really annoyed a lot of listeners, and this week we revisit the topic.

ISP engineer Mark Newton also stops by to talk about the proposed "great firewall of Australia," and RSA's Greg Singh joins us to discuss the sudden swell in uptake of smart card technology.

NOTE: At one point you'll hear me refer to Mark Newton as Matthew Newton. The mistake was mine... sorry, Mark!

This week's edition of Risky Business is brought to you by Tenable Network Security and hosted, as always, by Vigabyte virtual hosting.

On this week's show H D Moore, creator of the Metasploit framework, pops in for a chat. He joins us to discuss changes to Metasploit's license, as well as the features you'll find in the new, upcoming version of the software. (3.2) He'll also discuss his Uninformed.org journal article on the usefulness of IPv6 in pen tests.

Also this week:

• Kiwicon organiser and freelance security nut Adam Boileau joins us with the week's news.
• Microsoft Australia's Chief Security Advisor Peter Watson admits the communication strategy around last week's out of band patch was less than ideal.
• Tenable Network Security's CSO Marcus Ranum joins the show in this week's sponsor interview.

Don't forget to register for Ruxcon! It's coming up!

This week's Risky Business is brought to you by Check Point Software and hosted by Vigabyte virtual hosting.

On this week's show we're going to preview Ruxcon, Australia's premier IT security conference. It dropped off the earth last year, but it's back in 2008 and bigger than ever.

We'll also find out why Macquarie Telecom had egg on its face last week, and catch up with Check Point's Steve MacDonald in this week's sponsor interview.

On this week's show:

• Adam Boileau joins host Patrick Gray to discuss the week's news
• Denis Rowe, National Marketing Manager for Macquarie Telecom issues a mea culpa
• Ruxcon organiser Chris Spencer joins Risky Business to preview November's conference
• Forensics expert Adam Daniel joins us to preview his talk at Ruxcon
• Penetration tester Fionnbharr Davies talks enterprise security
• Check Point's Steve MacDonald talks about the World Bank hack in this week's sponsor interview

| \t Show Player | Play in Popup | Download

This week's edition of Risky Business is brought to you by Microsoft and hosted by Vigabyte virtual hosting.

In this week's show you'll hear an interview with industry legend Dan Geer. Dan has served as chief scientist for Verdasys and CTO of @stake, as well as helping to create Kerberos and the X Window system back in the day.

Dan joins the show this week to discuss the rise of the "military digital complex". It's VERY interesting stuff.

In this week's sponsor interview Microsoft's SDL big kahuna Steve Lipner joins the show to discuss the company's decision to release some of its very own, internal SDL tools to independent software vendors next month.

This is a special weekend listening edition of Risky Business and is brought to you by our sponsor MessageLabs.

If you're a regular listener to this program you'll know I headed to New Zealand a couple of weekends ago to attend the Kiwicon security conference in Wellington... there were presentations, lots of free beer, and of course this presentation by security consultant and researcher Paul Craig.

Paul works for Security Assessment.com in New Zealand, and he delivered by far the most entertaining presentation at Kiwicon. Called the Paul Craig Omnibus Experience, the talk blended three separate talks into one, which I've edited down into one fine hour of listening. The first talk is about iKat, the interactive kiosk attack tool.

iKat was unveiled by Paul at the most recent DEFCON conference in Las Vegas -- it's basically a website that you can visit from Internet kiosks -- like you find in corporate lobbies or airports. Of course when you visit the iKat website from a kiosk you can start clicking on stuff and popping shells. Paul released iKat to get people thinking -- so many people pump all sorts of sensitive information into the average kiosk... but since the release of iKat, we now know fore SURE they're not safe. Umm... thanks mate!

That's the first part of his talk, and it's a lot of fun. As you'll hear, Paul has a healthy sense of humour and does really well in front of a crowd.

In the second part of the Omnibus Experience, Paul discusses his hobby -- stealing data from botnets. In all, Paul boosted 3.3 gigabytes of plain text logs that had been intercepted by a fairly unsophisticated keylogging Trojan... the resulting findings are hilarious.

Last up he unveils the Moth Trojan.

Listeners to our last show would have heard a bit about this. Moth uses native Windows functionality to subvert the operating system. Not only does it allow full remote access to the affected host, but it actually insults the user through Microsoft's text to speech function. It's classic stuff.

Now, you would have heard an interview I did with MacLeonard Starkey from AusCERT about this -- Macca says detecting this thing is actually pretty easy. Now, while Macca has come up with some nifty detection techniques, I think the jury's still out on how effective Paul's techniques are. Because the Trojan is so customisable and allows such an amazing level of control over the infected system, I reckon it'd be a real challenge to get rid of different variants of this thing ... anyway, have a listen to Paul's talk and make your own mind up. I've linked to Paul's Web site where you can download the source code to Moth, and I've also linked to Macca's write up on Moth.

You can find the source code to Moth here, and MacLeonard Starkey's write-up here.