Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business REPOST

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

For some inexplicable reason, when I posted this week's podcast my content management system (fancy way of saying WordPress) wound up sending out the wrong file with the post in the RSS feed. I'd linked to a presentation by David Rice at GovCERT which WordPress decided should be this week's podcast. Ugh.

So, apologies, listeners... you got David Rice's presentation to GovCERT in Rotterdam instead of my interview with David Rice!

So let's try that again... if you want to actually hear David's presentation you can grab it from link in the older post...

Risky Business REPOST
0:00 / 0:00

Risky Business #78 -- Geekonomics author David Rice

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's podcast was recorded and prepared at the GovCERT Symposium in Rotterdam. This week's feature guest is David Rice, the author of Geekonomics.

Rice argues the pervasiveness of software and systems vulnerabilities are a symptom of a market failure, and the only way out is for governments to introduce economic incentives -- similar to those being considered to reduce carbon emissions -- to whip the vendors in shape.

This week's sponsor guest is Microsoft's Chief Privacy Strategist Peter Cullen. Peter joins the show to discuss, perhaps not surprisingly, privacy in the digital age.

If you're interested, you can also download David's presentation to GovCERT here.

Risky Business #78 -- Geekonomics author David Rice
0:00 / 0:00

Risky Business #77 -- Google engineers huffing Chrome?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's edition of Risky Business is brought to you by Tenable Network Security.

It's been a fairly quiet week so we've prepared a shorter than usual show. In this week's podcast we take a look at the depressing state of the Internet -- a recent 'net-wide scan by nmap creator Fyodor found Telnet is the second most commonly open port. Marcus Ranum pops in to discuss the possible role of backbone providers in mopping up this outrageously shite style of systems management.

ZDNet Australia's Munir Kotadia is also along this week to discuss the news. Nothing earth-shattering -- a few bugs in Google's newly-released Chrome browser, some Facebook application badness and a downright skeletal-challenging backflip on the part of MythBusters' host Adam Savage.

Enjoy!

Risky Business #77 -- Google engineers huffing Chrome?
0:00 / 0:00

Risky Business #76 -- MythBusters mauled, BGP borked, MIFARE mangled

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We've got a great show this week, there's been plenty happening in the infosec world. Our feature topic this week is BGP insecurity. There's been some renewed hysteria around BGP and we'll be getting to the bottom of it with Danny McPherson, Arbor Networks' Chief Smart Guy. As it turns out, you really, really just can't trust Internet routing.

Seriously.

There's been a lot of news about RFID and contactless RFID insecurity over the last few months, and some very interesting video footage from the HOPE conference in New York has surfaced. It turns out a proposed MythBusters segment on RFID security was nixed when the credit card companies called in the lawyertrons to heavy Discovery Channel. Hear the show's own Adam Savage address HOPE back in July.

This week's show is sponsored by RSA security -- they slice, they dice, and they know Alice and Bob's dirty little shared secret. RSA Security's Greg Singh will be along in this week's sponsor segment to have a chat about the MIFARE snafu, key management and other geeky crypto stuff.

And as always, the greatest IT news editor in the world, ZDNet Australia's Munir Kotadia, will be along with the week's news headlines.

Risky Business #76 -- MythBusters mauled, BGP borked, MIFARE mangled
0:00 / 0:00

Risky Business #75 -- Red Hat gets pwned hard, RaceToZero wrap

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's edition of Risky Business is brought to you by Check Point Software.

In this week's news segment we take a long, hard, disapproving look at the "Red Hat incident". It seems the software-maker was fairly thoroughly pwned -- the attackers managed to compromise the package signing boxes for both Fedora Core and Red Hat.

Ouch.

We also check in with RaceToZero virus obfuscation contest organiser Simon Howard. Until now the focus has been on the performance of the contest entrants, but how did the actual anti-virus software hold up? What's good and what sucks?

Simon is back from hosting RaceToZero at DEFCON in Vegas and joined the show by phone from New Zealand.

Steve McDonald is this week's sponsor guest from Check Point Software, and Munir Kotadia joins us from ZDNet Australia HQ for a look at the week's news.

If you'd like to read the Popular Mechanics interview with the MIT "subway hackers," as mentioned on the show, it's here.

Risky Business #75 -- Red Hat gets pwned hard, RaceToZero wrap
0:00 / 0:00

Risky Business #74 -- HOWTO: Make your own Elvis bin Laden e-passport

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's Risky Business is brought to you by Microsoft and hosted, as always, by Vigabyte virtual hosting. On this week's show we take a look at e-passport security. After 9-11, Chimp W Shrub decreed that foreigners wanting to enter the United States would soon need to carry new-fangled, biometric passports with embedded wireless RFIDs.

The result was a rush job the likes of which you've never seen.

This week's guest, Peter Gutmann, has figured out how to modify the data on e-passport chips. He hasn't broken the encryption scheme responsible for signing the data but that doesn't matter -- no one checks to see if the signing key is genuine and even if they do the implementation is so bad it's easy to fool.

The recent theft in Britain of 3,000 blank e-passports in a van hijacking is starting to make a lot more sense.

ZDNet Australia's Munir Kotadia is back this week to chat about recent news, and this week's sponsor interview is with Microsoft's Jeffery Jones who talks comparative vulnerability analysis.

The music used at the end of this week's podcast comes from Marshall and the Fro. Australians can buy the band's album for $25 via Paypal (postage paid) here. Music used with permission.

Risky Business #74 -- HOWTO: Make your own Elvis bin Laden e-passport
0:00 / 0:00

Risky Business #73 -- PCI DSS and kiosk hacking 101

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is brought to you by Tenable Network Security and hosted, as always, by Vigabyte Virtual Hosting.

There's no news segment in this week's news section -- Patrick Gray is on holiday in Japan, so this is a pre-recorded show. But it's still a good one!

This week's feature guest is New Zealand-based security researcher Paul Craig. He's just launched iKAT, the Interactive Kiosk Attack Tool.

Ever wondered how to pwn one of those Internet kiosks in various lobbies and airports? Tune in to find out! Paul's spent over a year working on iKAT and has just launched it at DEFCON.

This week's sponsor interview is with Tenable Network Security's Chief Security Officer Marcus Ranum. For those who haven't worked in the security industry very long, Marcus is kind of a big deal(tm).

This week we're talking to Marcus about the impact the Payment Card Industry Data Security Standard (PCI DSS) has had on industry practices.

Risky Business #73 -- PCI DSS and kiosk hacking 101
0:00 / 0:00

Risky Business #72 -- HOWTO: Launder money

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's edition of Risky Business is brought to you by the fine folks at RSA Security.

In this week's podcast, Risky Business takes a look at an area that impacts the IT security business that surprisingly few infosec professionals know a great deal about: Money laundering.

With recent news of eGold directors agreeing to plead guilty to money laundering charges in the USA, we thought it would make sense to look at how money gets from A to B in the underground. And once it's there, how is it turned into cold, hard cash?

iDefense Senior Threat Analyst Kimberly Zenz joins us on the line from the USA to discuss. Don't worry, she's not one of those vendor people who just claims to know a lot about this stuff, she's the real deal.

Adam Boileau is this week's news guest, and Greg Singh from RSA Security drops in to discuss dodgy package and software update managers in this week's sponsor interview.

Risky Business #72 -- HOWTO: Launder money
0:00 / 0:00

Risky Business #71 -- H D Moore talks DNS bugs

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's Risky Business is sponsored by Microsoft and hosted by Vigabyte virtual hosting.

This week's feature guest on Risky Business is H D Moore. He's the creator of the Metasploit framework and considered by Those Who Know to be a very smart chappy indeed. He joins us this week to talk about the DNS bugs discovered by Dan Kaminsky.

H D, in conjunction with his good buddy |)ruid, has released exploit code for the bugs, but fails to see why they're considered such a big deal.

Considering we've seen similar bugs in the past, it's a fair position. Sure, it's a problem, but why the fuss now?

In this week's sponsor interview we chat to Microsoft's Virus Research and Response Coordinator, Jaukub Kaminsky. (No relation to Dan..) We go over the whitelist/blacklist thing again, as well as having a chat about what it's like being a malware guy at Microsoft.

The company got off to an inauspicious start with AV technologies in the early 90s (MSAV.EXE - remember that? Shudder\u2026), but Jakub says things have changed considerably since then.

Regular guest, ZDNet Australia editor Munir Kotadia, is away on holidays this week. Instead we'll chat to Adam "Metlstorm" Boileau

Risky Business #71 -- H D Moore talks DNS bugs
0:00 / 0:00

Risky Business #70 -- SCADA man, SCADA man, does whatever a SCADA can...

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is with Morgan Marquis-Boire, a pen tester and principal consultant with Security-Assessment.com in NZ. Morgan loves playing with SCADA systems, so much so that he's due to give a SCADA talk at DEFCON in Vegas this year.

In this Risky Business interview Morgan pops the hype bubble on the "China thing", talks about messing with non-IP wireless protocols (serial) used in SCADA deployments, and more.

This week's sponsor interview is a lot of fun, too. We've got our favourite industry cynic, Marcus J Ranum, coming on to the show to discuss deperimiterisation.

We also discuss the week's news with Munir Kotadia from ZDNet Australia.

Risky Business #70 -- SCADA man, SCADA man, does whatever a SCADA can...
0:00 / 0:00