Risky Business

On this week's show we're talking ToR and BitCoin with Alice Hutchings, a Senior Researcher and Analyst with the Australian Institute of Criminology's Global, Economic and Electronic Crime Program. ToR helps dissidents in foreign countries access information their governments deem unsavoury -- but it also provides a layer of protection to the consumers of child porn. Combine it with technology like BitCoin and bang, you've got Silk Road. Given the illicit uses of such technology, is volunteering to run a ToR server moral? read more [1] [1] http://risky.biz/RB266

On this week's show were chatting with Rex Warren of Leviathan Security in the United States. Leviathan has been working with DARPA on an interesting new system that can reliably detect failed 0day exploitation attempts against hosts. Basically these guys are just grabbing Dr. Watson crash dumps at the gateway, but where it gets interesting is when we look at what they do with those crash dumps. Emulation FTW. read more [1] [1] http://risky.biz/RB265

On this week's show I'll being playing an excerpt from a panel discussion that took place at Kiwicon -- the session was called Three Guys with Ponytails Talk Security. The three guys are PGP Corporation co-founder Jon Callas, nCipher co-founder Nicko van Someren and the University of Auckland's Peter Gutmann. read more [1] [1] http://risky.biz/RB264

In this week's feature interview we're chatting with the Assistant Commissioner of the Australian Federal Police, Neil Gaughan. He's the national manager of High Tech Crime Operations and he's joining us to discuss the ongoing national security review. As a part of that review the government is introducing laws that will force ISPs and other Carriage Service Providers (CSPs) to store information on Australian citizens for two years. It sounds scary, but as you'll hear the data covered by the proposed new law is actually pretty mundane stuff like DHCP and SIP logs. read more [1] [1] http://risky.biz/RB263

On this week's show we're chatting with renowned megabrain Peter Gutmann about a paper on side channel attacks against crypto keys in virtualised environments. It's really complicated stuff, but very, very interesting. Peter didn't do this research or write the paper, but I always like getting his take on this stuff because... well... he's really smart and he doesn't overhype stuff. That's after the news. This week's show is brought to you by a new sponsor! NCC Group! Yay! read more [1] [1] http://risky.biz/RB262

We've got a great feature interview in this week's show with a computer science undergrad in the US who worked on a paper dealing with GPS security. You'll find out how you can melt down power lines with GPS haxx! Fun for the whole family! This week's show is sponsored by Tenable Network Security. We'll be having Tenable product manager Jack Daniel on the line to talk about the death of periodical vulnerbility scanning. Apparently continuous scanning is all the rage these days! read more [1] [1] http://risky.biz/RB261

This week's show is brought to you by our benevolent overlords at Adobe! And this week's sponsor interview is a must listen. Adobe's director of product security and privacy Brad Arkin joins us to discuss the breach at Adobe HQ that lead to malicious binaries being signed as valid by their code signing boxes. read more [1] [1] http://risky.biz/RB260

This week's show is being produced entirely on the ground at the Ruxcon Breakpoint security conference in my old home town of Melbourne Australia! And it's a shorter show than usual because I'm pretty busy down here producing a bunch of podcasts as a part of some joint coverage I'm doing for both Risky.Biz and The Register. If you want to check out some audio and blog posts from Breakpoint, head to http://risky.biz/breakpoint [1]. read more [2] [1] http://risky.biz/breakpoint [2] http://risky.biz/RB259

On this week's show we're chatting with Kevin Mitnick! Arguably the world's best known hacker, Kevin used to be a very naughty boy, and that saw him sent to prison a few times... but since his most recent release over 12 years ago he's established himself as a security consultant, author and globetrotting public speaker. We're chatting to him about the fundamentals of identity verification. How can you be sure that person on the phone requesting a password reset really is your customer? Can you rely solely on static identity information in this day and age? read more [1] [1] http://risky.biz/RB258

On this week's show we're taking a look at Windows 8 with Alex Ionescu. Alex works for Crowdstrike, he's a genuine expert in Windows internals and he says exploit writing and persistence when it comes to owning windows boxes is about to get a whole lot harder. That's after the news. read more [1] [1] http://risky.biz/RB257

On this week's show we're taking a look at public transport ticketing security. Some clever fellows from the US of A have figured out how to reset their RFID tickets with a nifty little app for NFC-enabled smartphones. All this due to some positively boneheaded mistakes made during the initial rollout of some ticketing systems. That interview is with Corey Benninger of Intrepidus Group. read more [1] [1] http://risky.biz/RB256

This week's show is a shorter one than usual -- we've just got the news segment with Adam and a sponsor interview. This week's show is sponsored by our benevolent overlords at Adobe! Big thanks to them. And we've got a fascinating chat in this week's show with Adobe's Steve Gotwalls about auto updaters. How have they been architected? What do the update mechanisms look like? Are the update packages served via https or http? Can you cache them at your border? Should enterprise networks swallow updates without doing independent QA? read more [1] [1] http://risky.biz/RB255

This week's feature interview is with Wayne Ronaldson. Wayne's a security consultant with a company here called CQR , but he's cobbled together a fascinating little side project called Exploitable Labs . read more [1] [1] http://risky.biz/RB254

On this week's show we're taking a look at the new release of the data mining and network footprinting tool Maltego . it's called Radium and the focus is very much on automation. One click network footprinting for the win! Maltego creator Roelof Temmingh will be along in this week's feature interview to walk us through the new features. There's some interesting stuff in that interview about network information leaks. All your internal IP ranges R belong to Roelof! read more [1] [1] http://risky.biz/RB253

On this week's show we're talking to Rapid7's HD Moore about recent attacks against the Saudi Aramco oil company that saw 30,000 of 40,000 machines rendered inoperable for around 10 days. It's the single most destructive attack I've ever heard of. This week's show is brought to you by Insomnia Security. You might know this week's sponsor guest -- it's out news buddy Adam Boileau, aka Metlstorm. read more [1] [1] http://risky.biz/RB252