Risky Business

On this week's show we'll be chatting with information security's enfant terrible Nathaniel Wakelam about some recon tricks he's been using in bug bounty programs. He uses some nice tricks to rapidly identify ephemeral resources that often result in some spectacular hacks, like, say, being able to download all of REDACTED's source code. That one was cool because it was a temporary resource that got popped -- that's something you have to watch these days. read more [1] [1] http://risky.biz/RB441

On this week's show we check in with Matt Tait, who's probably better known by his Twitter handle: pwnallthethings. And we'll be talking about the politicisation of infosec and the science of attribution. read more [1] [1] http://risky.biz/RB440

On this week's show we're chatting with Alec Muffett about an absolutely awful bit of journalism run by The Guardian. Unless you've been hiding under a rock the last few days you would have seen a story circulating about a supposed government-friendly backdoor in the popular messaging app WhatsApp. Alec joins us this week to explain why that story is, put simply, bullshit. read more [1] [1] http://risky.biz/RB439

On this week's show we'll be speaking with industry analyst Rich Mogull about what he sees as tidal forces that are going to rip the information security industry as we know it apart -- he has some compelling ideas on that, that's this week's feature. We also check in with Mara Tam who spent today attending the Senate Select Committee on Intelligence in DC. It was a public hearing, but a few things shook out of it were pretty interesting. read more [1] [1] http://risky.biz/RB438

This is the last episode for the year -- the last episode of the 10th season! On this week's show Adam and I will discuss the week's news and then we're going to reflect on the major events in 2016; the stuff that stuck out for us. I don't think it'll come as a surprise that the cyber intrigue surrounding the 2016 US presidential election is what peaked our interest this year. read more [1] [1] http://risky.biz/RB437

On this week's show we're chatting with Fitbit security director Sasha Biskup and his colleague Marc Bown about how to build secure embedded devices from insecure components. During the development phase of some Fitbit products, the Fitbit security team has discovered some hideous vulnerabilities that could have compromised security downstream. They've been able to mitigate these issues, but they worry other embedded device manufacturers aren't even looking at the security implications of their suppliers' mistakes. read more [1] [1] http://risky.biz/RB436

In this week's show we're going to have a chat with former NSA general counsel and cyberlaw podcast host Stewart A Baker. We'll get his thoughts on what a Trump presidency could mean when it comes to cyber security. read more [1] [1] http://risky.biz/RB435

On this week's show we chat with Errata Security's Robert Graham about a ridiculous non-story that had readers in the USA convinced that Slate magazine had uncovered a covert communication channel between Donald Trump and a state-linked Russian bank. The basis of this jaw-dropping conclusion? Cherry-picked DNS query logs. We'll find out why that story was total, utter bullshit in this week's feature. read more [1] [1] http://risky.biz/RB434

On this week's show we're taking a look at the Great DDoSSening of 2016! Yep, we'll be having a look at the attacks against Dyn, but perhaps more importantly we'll be asking the question: With a zillion perma-owned things out there able to launch some pretty serious DDoS attacks: What now? IoT device security specialist Stephen Ridley will join us in this week's feature slot to discuss that. This week's sponsor interview is a cracker. We'll be chatting with Cyalnce chief research officer Jon Miller about how the hell you're supposed to benchmark AV these days. It's actually trickier than you'd think, for reasons we'll get into later. We also talk about managing false positives and hit on a few other topics in that one. Jon's ex ISS X-Force, he's been around the traps for a long time and really knows what he's talking about. That's a good interview... big thanks to Cylance for sponsoring this week's show. read more [1] [1] http://risky.biz/RB433

On this week's show we're taking a look at the business dealings of John McAfee. Earlier today the NYSE announced the company that arranged to hire McAfee, MGT Capital, would be de-listed from the NYSE: MKT small cap exchange. This follows a class action investor lawsuit and the unearthing of a remuneration agreement between the company and McAfee that have lead some to suggest the whole company could be a pump and dump scam. read more [1] [1] http://risky.biz/RB432

On this week's show we're taking a look at what the hell the USA should do in response to Russia's hacks against the DNC. A few days ago the Director of National Intelligence and DHS issued a joint statement that officially puts blame for the DNC hacks squarely on Russia. Since then the Internets have been in meltdown over what exactly should be done in response. read more [1] [1] http://risky.biz/RB431

On this week's show we're catching up with Mustafa Al-Bassam. He's a lovely young chap from England who was one upon a time one of the LulzSec crew. Like all the other guys in that crew he got busted, but he didn't spend any time in prison and these days he's doing really well. He's finished his undergrad, works with some blockchain technology and is about to start a PhD. He joins us this week to talk about his in depth analysis of the Shadowbrokers dump, as well as to reflect on his crimes. As you'll hear, he has some regrets. read more [1] [1] http://risky.biz/RB430

This week we'll be having a chat to Paul Marsh about a recent report from UK think tank Chatham House that says there's a looming cyber security crisis about to wreak havoc on the satellite ecosystem. But as you'll hear, Paul thinks the concerns are somewhat overhyped. read more [1] [1] http://risky.biz/RB429

On this week's show we'll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That's a really, really interesting chat with Ryan Duff, coming up after the news. read more [1] [1] http://risky.biz/RB428

We have a great feature interview this week. Risky Business contributor Brian Donohue spoke with Cahill law firm partner Brad Bondi about the suit St Jude Medical has brought against MedSec and Muddy Waters over the short-sell of the medical device manufacturer's shares. That is an illuminating chat that certainly gave me an understanding of where this all could be heading, both in terms of the upcoming trial and how likely it is we'll see similar stuff in the future. read more [1] [1] http://risky.biz/RB427