Risky Business

In this week's podcast we check in with Troy Hunt from HaveIBeenPwned.com. Troy has done the responsible thing in adding the Ashley Madison dataset to his service -- you can only search for email addresses in the dump after you've verified that you control them. We'll talk to him about why he did that. read more [1] [1] http://risky.biz/RB379

In this week's feature we're chatting with Dave Aitel of Immunity Inc. We chat to him about the Sony hack being a demonstration of North Korean capability as opposed to genuine revenge... we also talk about security conferences in 2015 and chat to him about his rage-inspiring musings on so-called junk hacking from last year. In this week's sponsor interview we speak with HackLabs big cheese Chris Gatford about the so-called Ghost vulnerability. read more [1] [1] http://risky.biz/RB352

In this week's feature interview we're chatting with Wired journalist Kim Zetter about her fantastic book Stuxnet: Countdown to Zero Day . As it turns out, the assumption that US and Israeli intelligence agencies had "boots on ground" intelligence to design the malicious code could very well be bunkum! read more [1] [1] http://risky.biz/RB351

Welcome back to Risky Business for another year. This is the ninth year of weekly Risky Business podcasts, we're stoked you're sticking around for more. In this week's show Patrick Gray and Adam Boileau discuss the last month's crazy CyberNews(tm) and Palo Alto CTO and founder Nir Zuk stops by for the sponsor interview. You can now support Risky Business by becoming a Patron .

In this special edition we take a look back over the big news items of 2014.

On this week's show Adam and I establish that it's actually quite possible the disaster unfolding at Sony Pictures is, in fact, a North Korean government plot. I know, I know, there are sceptics, but any way you slice or dice it, it actually looks plausible. Tune in to find out why. read more [1] [1] http://risky.biz/RB348

There's lots of fun news in this week's show. Sony Pictures got absolutely flattened, Regin is all the rage and the SEA has been enjoying some success. read more [1] [1] http://risky.biz/RB347

On this week's show we're chatting with Peter Fillmore about payment card security. He was able to clone a contactless card and use it to do his shopping here in Australia -- this is something you shouldn't be able to do. So the question becomes, how can the USA, which is taking tentative steps towards chip cards, avoid some of the mistakes made in more advanced markets like ours? We also find out chip-enabled ATMs pass card data through the chip reader straight into a parser running on the main ATM OS... which, yeah... That's pretty bad. read more [1] [1] http://risky.biz/RB346

On this week's show we're taking a look at how you -- YES YOU -- can game online media. Find out how you can make comments on major news sites just disappear with one line of bash! Find out how you can drive a cupcake recipe into the "most popular" stories box on the world's major news sites! That's a chat with Azhar Desai of Thinkst and it's this week's feature. read more [1] [1] http://risky.biz/RB345

This week's feature interview is with nmap creator Gordon Lyon, who's probably better known by his handle: Fyodor. Last week we brought you the news that the Full Disclosure mailing list was shuttered following legal threats from someone describing themselves as a security researcher. Fyodor runs the seclists.org mailing list archive and he's decided to bring FD back from the dead. I got him on the line and asked him why. read more [1] [1] http://risky.biz/RB315

On this week's show we're taking a look at some absolutely awesome research by Azimuth Security's Tarjei Mandt on the pseudo random number generators used by iOS 6 and 7. Tarjei has figured out a way to blow away iOS's memory mitigations with some very cool tricks. read more [1] [1] http://risky.biz/RB314

On this week's show we have a look at PowerShell, the Microsoft sorta scripting language admin thingy. As it turns out, PowerShell can be an attacker's best friend when it comes to lateral movement through a network. We'll chat with Kieran Jacobson about that in this week's feature interview. He did a cracker presentation at CrikeyCon where he demo'd owning a domain controller and dumping all its creds with something like five lines of PowerShell. I mean, there are caveats there, but wow... the demotime was food for thought. read more [1] [1] http://risky.biz/RB313

It's a solid week for BitCoin news. The (maybe) outing of the elusive Satoshi Nakamoto, the MtGox mystery, dead exchanges and even, unfortunately, a suicide of a former BitCoin exchange CEO in Singapore. But there's been plenty of other news! Apple's gotofail bug, GnuTLS issues, more NTP amplification attacks, and of course YahooWebcamGate. You can find links to the news items discussed in this week's show here . read more [1] [1] http://risky.biz/RB312

This week we chat with a local consultant, Mark Brand of Datacom TSS, about the general topic of authentication. We've seen some interesting cases of things going wrong with auth on consumer sources lately. The @n Twitter username hijacking, the Matt Honan disaster of 2012. Now Google's run off and bought SlickLogin, a novel approach to mobile app auth. Will that get us anywhere? And what about NameCoin -- a BitCoin protocol-derived peer-to-peer authentication scheme? I'd never heard of it, but the concept is fascinating. Mark pops by to fill us in. read more [1] [1] http://risky.biz/RB311

On this week's show we're chatting with COSEINC's Thomas Lim about the Wassenaar Arrangement. It's basically a worldwide framework that restricts the sale of munitions and dual use technologies, and it has exploits in its sites. COSEINC is a security research company that engages in exploit development, and Lim thinks extending regulations to exploit sales is pointless. This week's show is brought to you by BugCrowd , a company that was founded in Australia but is now based in San Francisco thanks to VC investment. read more [1] [1] http://risky.biz/RB310