Risky Business Podcast

This week's show is brought to you by Tenable Network Security and hosted, as always, by Vigabyte virtual hosting.

On this week's show Risky Business guest Jeremiah Grossman -- Whitehat Security founder and blogger -- discusses Cross Site Request Forgery attacks with host Patrick Gray. CSRF attacks are no longer a lab attack folks, they're in the wild. Jeremiah shares his insights with us.

Infosec fixture Ron Gula, the co-founder and CTO of Tenable Network Security, pops by in this week's sponsor interview to discuss his company's moves into the SIEM market and recap the company's move to take Nessus closed source. It's been a few years since that happened -- how did it all end up?

In this week's news segment, Patrick Gray rants about the Australian media's God-awful reporting of sensible comments made by Attorney-General Robert McClelland. The sensationalist tabloid bug is evidently contagious, because it's been sweeping the Aussie media over the last week.

On this week's podcast:

• Patrick Gray discusses the week's news and beatups with Munir Kotadia
• Jeremiah Grossman talks CSRF
• Ron Gula of Tenable Network Security pops in for this week's sponsor interview

This week's Risky Business episode is sponsored by Check Point Software and hosted by Vigabyte virtual hosting. On this week's show we're looking at the latest phishing scam to target advertisers on Australia's largest jobs website, Seek. We'll also take a look at mobile security with our "mystery CSO" Adam Pointon before checking in with our sponsor to chat about drive-by downloads.

On this week's security podcast:

• ZDNet Australia editor Munir Kotadia joins host Patrick Gray to discuss the week's news
• Pure Hacking's Chris Gatford pops in for a quick chat about Seek's phishing woes
• Adam Pointon talks mobile security -- should we believe the hype?
• In this week's sponsor interview Jordy Berson from Check Point in the USA talks drive-by download prevention

This week's Risky Business is sponsored by McAfee and hosted by Vigabyte virtual hosting. The feature topic this week is negative Search Engine Optimisation (SEO) -- how the bad guys are damaging your company's search engine rankings.

On today's podcast:

• Munir Kotadia from ZDNet Australia discusses the week's news
• Roberto Suggi Liverani of Security-Assessment.com talks negative SEO
• Nishad Herath from McAfee joins us for this week's sponsor interview

This week's podcast is sponsored by RSA Security and hosted by Vigabyte. With the prize money at CanSecWest's PWN2OWN competition hitting $20k, we thought we'd take a look at the vulnerability marketplace. Are the days of full and free disclosure over? Insomnia Security's Brett Moore joins us to talk about it.

Risky Business also caught up with AusCERT's Mark McPherson. While AusCERT is putting on an executive program at its conference this year, we had to ask if security really is a boardroom issue.

In this week's sponsor interview RSA's Geoff Noble talks 2FA -- apparently tokens and SMS are old hat.

On this week's show:

• ZDNet Australia editor Munir Kotadia discusses the week's headlines
• Insomnia Security founder, vulnerability researcher and penetration tester Brett Moore discusses bug disclosure -- why give away for free what you can sell to TippingPoint?
• AusCERT's Mark McPherson talks about security in the boadroom and the group's executive program
• In this week's sponsor interview, RSA Security's Geoff Noble looks at multi-factor authentication -- what's after tokens?

Your weekly security podcast, Risky Business, is available for download, with thanks to this week's sponsor Check Point Software. We're in our second four-day week here in Australia, so please forgive the lateness.

On this week's show:

• Brian "Jericho" Martin from Attrition.org discusses the Hannaford stores data breach in the US and resulting law suits

• Securus Global's Declan Ingram talks forensic recovery -- prosecution is hard and Australian businesses are increasingly reluctant to spend the money to recover court-usable evidence

• Check Point Software's Aviv Abramovich, Senior Security Architect, has a chat about these nasty new iframe attacks affecting Web-sites vulnerable to XSS

This week's podcast features an Australian exclusive -- an interview with Robert Malan. He's the founder and CTO of Arbor Networks, a company that does all sorts of cunning things "in the cloud" to mitigate the effects of DDoS attacks. Take that, Ruskies!

Arbor recently acquired Ellacoya networks. They want to start operating closer to the edge of carrier networks, clamping down further on other bot nets badness through policy enforcement.

This week's podcast is brought to you by McAfee and is hosted, as always, by Vigabyte virtual hosting.

On this week's show:

• ZDNet Australia's Munir Kotadia discusses the week's news with Patrick Gray
• Patrick Gray mispronounces Robert Malan's last name several times, then interviews him.
• Mike Sentonas from McAfee pops in for this week's sponsor interview

NOTE (20/3): After wondering why this week's download numbers were a bit slow, I realised the post didn't actually go into the RSS feed. Argh. Reposted now, two days later. Sorry!

This week's Risky Business is sponsored by the fine folk at Symantec. We have a special guest on today's podcast -- Greg Shipley, the CTO of Chicago-based consultancy Neohapsis. Host Patrick Gray\xc2\xa0chatted to\xc2\xa0Shipley while he was in Australia on vacation, and he has some very interesting things to say about the shambles we call the IT security industry.
\xc2\xa0
Oh, and in case you missed it, last week's Risky Business story about Adam Boileau's release of Winlockpwn was followed up by around 50 different news outlets worldwide. We rule.

On this week's podcast:

• ZDNet Australia editor Munir Kotadia discusses the week's news headlines with host Patrick Gray
• Neohapsis CTO Greg Shipley talks security kit, SIEM, whitelisting and more
• Symantec's Senior Director of Product Management Brian Foster tells us what the team at the big yellow box are focussing on these days in this week's sponsor interview

This week's podcast is brought to you by Check Point Software. On this week's show we've got a bit of an exclusive. Adam Boileau has released the software he developed to unlock Windows workstations with Firewire trickery. With all this talk of Cold Boot attacks, Boileau's old attack is suddenly new again.

On this week's show:

• ZDNet Australia's Munir Kotadia discusses this week's security news headlines with host Patrick Gray
• Immunity Inc's Adam Boileau talks Firewire, TPMs, Cold Boot attacks and more
• Check Point's Fred B\xc3\xb6rjesson talks data breach disclosure laws

Links:

Metlstorm's project page for the firewire attack
Arbor Networks blog post on Pakistan's accidental nuking of YouTube
More reading on Cold Boot
More reading on Winlockpwn
SoundFoundation.com.au's purchase page for this week's featured song

On this week's show we look at the James Bond-style attack on BitLocker involving frozen RAM. We also chat about Microsoft's "good worm" brainwave, the Australian Institute of Criminology's cyber-crime survey and more. This week's show is brought to you by Sophos and hosted by Vigabyte.

On this week's show:

• ZDNet Australia's Liam Tung discusses the week's news with host Patrick Gray
• "Homeless hacker" turned legit computer security consultant Adrian Lamo gives his take on the frozen RAM attack
• Sophos' APAC head of technology, Paul Ducklin, talks good worms in this week's sponsor interview
• The Australian Institute of Criminology's principal criminologist Dr. Russell Smith discusses Australia's largest every computer crime survey, which is coming soon!

This week's SoundFoundation track is Geek Manifesto by the Winnie Coopers.

This week's Risky Business is brought to you by Symantec, so a big thanks to the big yellow box! On this week's show we're looking at a different type of information security threat: listening devices and bugging.

Corporate espionage is real a problem in Australia, with incidents going unreported for obvious reasons. Risky Business spoke to bug-hunter and counter intelligence expert Les Goldsmith about Australia's bug problem.

On this week's show:

• Munir Kotadia discusses the week's news with host Patrick Gray
• ESD Group's Les Goldsmith discusses listening devices, counter-intelligence and encrypted telephony
• Senior systems engineer with Symantec, Rogan Mallon, joins us for this week's sponsor interview