Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business #62 -- Hacking Salesforce.com for fun and profit

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's Risky Business podcast is brought to you by Check Point Software and hosted, as always, by Vigabyte virtual hosting.

In this week's show we speak to one of the pioneers of cash-for-vulnerability business practices -- David Endler. He's the director of TippingPoint's DVlabs and the founder and chairman of the VoIP Security Alliance. He popped by to talk about the latest trends in bug shopping.

Of particular interest is what Endler has to say about buying bugs in software-as-a-service applications like Salesforce.com. While TippingPoint would look at buying vulnerabilities in online applications, he doesn't want to be seen to be encouraging any law breaking. It's a bind!

On this week's podcast:

  • ZDNet Australia editor Munir Kotadia discusses the week's news with host Patrick Gray
  • TippingPoint DVlabs director David Endler discusses the market for software as a service bugs
  • Check Point's Steve MacDonald drops by to share his perspective on recent comments made by RSA Security's president Art Coviello in this week's sponsor interview
Risky Business #62 -- Hacking Salesforce.com for fun and profit
0:00 / 0:00

Risky Business #61 -- H D Moore's evil Eee PC

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

McAfee is the sponsor of this, the greatest episode of Risky Business in the history of the universe. Big thanks!Not only does this week's podcast feature security legend H D Moore discussing his evil creation -- an Eee PC that sucks passwords out of the atmosphere, black hole style -- but RSA president Art Coviello drops by to share his not-so-happy thoughts on Bruce Schneier.On this week's podcast:

  • ZDNet Australia's Munir Kotadia joins us for this week's news headlines.
  • Security super-boffin H D Moore joins us to talk about his contribution to wireless mayhem
  • Art Covellio, president of RSA, pops by to rip popular security commentor Bruce Schneier a new one
  • David Marcus from McAfee's US-based Avert Labs marks the 30th anniversary of spam and talks about the company's global spam experiment

NOTE:\xa0I'm\xa0on the road this week and had to record some of this week's show from his mate's living room in Maroubra. It may echo like a cave, but it's actually quite a nice place... News this week was recorded with Skype. Sorry about the crap quality. -- Pat

Risky Business #61 -- H D Moore's evil Eee PC
0:00 / 0:00

Risky Business #60 -- Mark Dowd talks NULL pointers, Simon Howard defends DEFCON's Race To Zero

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's Risky Business is an absolute cracker. Big thanks to sponsor RSA for paying our bills this week, and to Vigabyte for hosting our site.

We have two great guests on this week's show. Mark Dowd popped along to discuss his paper on NULL pointer dereferences. His research -- which included uncovering a very, very nasty bug in Flash -- has created quite a stir in the security community. In this interview Mark tells us there could be more exploitable NULL pointer bugs around the corner... and he also hints that he's about to make the Microsoft security team quite unhappy.

The second feature spot on this week's show is an exclusive interview with Simon Howard. Last Friday he announced a new competition at DEFCON -- The Race To Zero. Entrants have to modify virus code to sneak it past scanners. The whole thing's designed as a gigantic piss-take on AV. Not surprisingly, some AV companies have made Howard out as some sort of devil-worshipping cyber-terrorist. You know you're in trouble when the most informed commentary on your initiative is taking place on Slashdot, so Simon popped in to defend the competition.

On this week's security podcast:

  • Patrick Gray and ZDNet Australia editor Munir Kotadia discuss the week's news
  • Race To Zero organiser Simon Howard defends the competition
  • Security superstar, mega-genius and lovely bloke Mark Dowd takes time out from pwning everything on the planet to discuss his most recent research
  • RSA's Greg Singh stops by in this week's sponsor interview. The topic is DLP
Risky Business #60 -- Mark Dowd talks NULL pointers, Simon Howard defends DEFCON's Race To Zero
0:00 / 0:00

Risky Business #59 -- Blackhat CSRF and the alarmist media

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's show is brought to you by Tenable Network Security and hosted, as always, by Vigabyte virtual hosting.

On this week's show Risky Business guest Jeremiah Grossman -- Whitehat Security founder and blogger -- discusses Cross Site Request Forgery attacks with host Patrick Gray. CSRF attacks are no longer a lab attack folks, they're in the wild. Jeremiah shares his insights with us.

Infosec fixture Ron Gula, the co-founder and CTO of Tenable Network Security, pops by in this week's sponsor interview to discuss his company's moves into the SIEM market and recap the company's move to take Nessus closed source. It's been a few years since that happened -- how did it all end up?

In this week's news segment, Patrick Gray rants about the Australian media's God-awful reporting of sensible comments made by Attorney-General Robert McClelland. The sensationalist tabloid bug is evidently contagious, because it's been sweeping the Aussie media over the last week.

On this week's podcast:

  • Patrick Gray discusses the week's news and beatups with Munir Kotadia
  • Jeremiah Grossman talks CSRF
  • Ron Gula of Tenable Network Security pops in for this week's sponsor interview
Risky Business #59 -- Blackhat CSRF and the alarmist media
0:00 / 0:00

Risky Business #58 -- Seek advertisers targeted

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's Risky Business episode is sponsored by Check Point Software and hosted by Vigabyte virtual hosting. On this week's show we're looking at the latest phishing scam to target advertisers on Australia's largest jobs website, Seek. We'll also take a look at mobile security with our "mystery CSO" Adam Pointon before checking in with our sponsor to chat about drive-by downloads.

On this week's security podcast:

  • ZDNet Australia editor Munir Kotadia joins host Patrick Gray to discuss the week's news
  • Pure Hacking's Chris Gatford pops in for a quick chat about Seek's phishing woes
  • Adam Pointon talks mobile security -- should we believe the hype?
  • In this week's sponsor interview Jordy Berson from Check Point in the USA talks drive-by download prevention
Risky Business #58 -- Seek advertisers targeted
0:00 / 0:00

Risky Business #57 -- Negative SEO

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's Risky Business is sponsored by McAfee and hosted by Vigabyte virtual hosting. The feature topic this week is negative Search Engine Optimisation (SEO) -- how the bad guys are damaging your company's search engine rankings.

On today's podcast:

  • Munir Kotadia from ZDNet Australia discusses the week's news
  • Roberto Suggi Liverani of Security-Assessment.com talks negative SEO
  • Nishad Herath from McAfee joins us for this week's sponsor interview
Risky Business #57 -- Negative SEO
0:00 / 0:00

Risky Business #56 -- 0day bugs: "Knowledge is power"

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's podcast is sponsored by RSA Security and hosted by Vigabyte. With the prize money at CanSecWest's PWN2OWN competition hitting $20k, we thought we'd take a look at the vulnerability marketplace. Are the days of full and free disclosure over? Insomnia Security's Brett Moore joins us to talk about it.

Risky Business also caught up with AusCERT's Mark McPherson. While AusCERT is putting on an executive program at its conference this year, we had to ask if security really is a boardroom issue.

In this week's sponsor interview RSA's Geoff Noble talks 2FA -- apparently tokens and SMS are old hat.

On this week's show:

  • ZDNet Australia editor Munir Kotadia discusses the week's headlines
  • Insomnia Security founder, vulnerability researcher and penetration tester Brett Moore discusses bug disclosure -- why give away for free what you can sell to TippingPoint?
  • AusCERT's Mark McPherson talks about security in the boadroom and the group's executive program
  • In this week's sponsor interview, RSA Security's Geoff Noble looks at multi-factor authentication -- what's after tokens?
Risky Business #56 -- 0day bugs: "Knowledge is power"
0:00 / 0:00

Risky Business #55 -- Unfashionable forensics, Hannaford and more

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Your weekly security podcast, Risky Business, is available for download, with thanks to this week's sponsor Check Point Software. We're in our second four-day week here in Australia, so please forgive the lateness.

On this week's show:

  • Brian "Jericho" Martin from Attrition.org discusses the Hannaford stores data breach in the US and resulting law suits

  • Securus Global's Declan Ingram talks forensic recovery -- prosecution is hard and Australian businesses are increasingly reluctant to spend the money to recover court-usable evidence

  • Check Point Software's Aviv Abramovich, Senior Security Architect, has a chat about these nasty new iframe attacks affecting Web-sites vulnerable to XSS

Risky Business #55 -- Unfashionable forensics, Hannaford and more
0:00 / 0:00

Risky Business #54 -- Robert Malan, CTO and founder, Arbor Networks

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's podcast features an Australian exclusive -- an interview with Robert Malan. He's the founder and CTO of Arbor Networks, a company that does all sorts of cunning things "in the cloud" to mitigate the effects of DDoS attacks. Take that, Ruskies!

Arbor recently acquired Ellacoya networks. They want to start operating closer to the edge of carrier networks, clamping down further on other bot nets badness through policy enforcement.

This week's podcast is brought to you by McAfee and is hosted, as always, by Vigabyte virtual hosting.

On this week's show:

  • ZDNet Australia's Munir Kotadia discusses the week's news with Patrick Gray
  • Patrick Gray mispronounces Robert Malan's last name several times, then interviews him.
  • Mike Sentonas from McAfee pops in for this week's sponsor interview

NOTE (20/3): After wondering why this week's download numbers were a bit slow, I realised the post didn't actually go into the RSS feed. Argh. Reposted now, two days later. Sorry!

Risky Business #54 -- Robert Malan, CTO and founder, Arbor Networks
0:00 / 0:00

Risky Business #53 -- Product or feature?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's Risky Business is sponsored by the fine folk at Symantec. We have a special guest on today's podcast -- Greg Shipley, the CTO of Chicago-based consultancy Neohapsis. Host Patrick Gray\xc2\xa0chatted to\xc2\xa0Shipley while he was in Australia on vacation, and he has some very interesting things to say about the shambles we call the IT security industry.
\xc2\xa0
Oh, and in case you missed it, last week's Risky Business story about Adam Boileau's release of Winlockpwn was followed up by around 50 different news outlets worldwide. We rule.

On this week's podcast:

  • ZDNet Australia editor Munir Kotadia discusses the week's news headlines with host Patrick Gray
  • Neohapsis CTO Greg Shipley talks security kit, SIEM, whitelisting and more
  • Symantec's Senior Director of Product Management Brian Foster tells us what the team at the big yellow box are focussing on these days in this week's sponsor interview
Risky Business #53 -- Product or feature?
0:00 / 0:00