Risky Business

In this week's feature interview we're getting an update on some research we looked at last year. Loukas of Assurance.com.au in Melbourne had been playing around with some "evil maid" EFI hacks on Macs, but he's done some more work on them and presented his findings at BlackHat in July. He joins the show to discuss his latest EFI work. See this week's show notes for links to his slide deck and paper, as well as links to this week's news. read more [1] [1] http://risky.biz/RB251

On this week's show we chat with Recurity Labs' Felix "FX" Lindner and Greg Kopf in the feature segment. These guys recently shredded some Huawei equipment. They owned it hard and turned it into a DEFCON talk [pdf] . They'll be along a bit later on to tell us why hacking away at Huawei kit made them feel nostalgic. read more [1] [1] http://risky.biz/RB250

On this week's show we chat with Microsoft's Katie Moussouris about the company's BlueHat prize. How successful was the prize, and did it get Microsoft value for money in terms of quality entries? Katie took some time out from her maternity leave to join the show. This week's show is brought to you by Tenable Network Security . In this week's sponsor interview with Tenable founder and CEO Ron Gula we get a bit philosophical. Has it become culturally acceptable in the business world to get owned? read more [1] [1] http://risky.biz/RB249

I've been busy preparing my debate speech for tomorrow's Splendour in the Grass music festival, so this week's show is a shorter one than usual; there's no feature interview. read more [1] [1] http://risky.biz/RB248

On this week's show the NSA's former Technical Director of Information Assurance, Brian Snow, joins the program to warn us that recent advancements in quantum computing could invalidate all of our cryptographic systems within 15 years. So we'd better get cracking on finding alternatives! read more [1] [1] http://risky.biz/RB247

On this week's edition of the show we catch up with Mark Dowd of Azimuth security for a bit of a chat about Apple's upcoming iOS 6 operating system and its security features. We also wind up chatting about Apple's approach to OS security in general and the whole signed code appstore thing, it's fun stuff! This week's show is brought to you by Tenable Network Security -- the most long term and loyal supporter of this podcast. read more [1] [1] http://risky.biz/RB246

In this week's podcast we're chatting with Jonathan Cran of Pwnie Express. Pwnie Express makes dropboxes that were designed to be used by pentesters. Funnily enough people have actually found all sorts of non-illicit uses for them. In this week's sponsor interview we chat with HackLabs' penetration tester Jody Melbourne to ask if there's a future for hacktivists after SQLi bugs are a thing of the past. In this week's news segment with Adam Boileau we discuss the following items: read more [1] [1] http://risky.biz/RB245

There's a lot of really interesting news this week. Adam Boileau is back on deck at the top of the show to discuss shitty security at the Ecuadorian embassy in London, the new tool DroidSheep, DARPA's (DERPA? Lol.) attempts at securing the architectural mess that is Android, dudes going to prison, other dudes getting away with stuff and much, much more! read more [1] [1] http://risky.biz/RB244

In this week's news segment we cover Julian Assange's attempt at martyrdom in style, claims of a Twitter outage, the cracking of 923-bit pairing-based encryption in Japan, the blackmailing of an American firm by hackers, Face.com's tragic fail, The Washington Post's stunning (not) revelation that Flame was the work of the US and Israel, AutoCAD worms, bug bounties and more! Insomnia Security's Mark Piper tackles all that at the top of the show. He's filling in for Adam Boileau. read more [1] [1] http://risky.biz/RB243

On this week's show we chat with Rapid7's H D Moore about massive recon in both the IPv4 and IPv6 worlds. He's been busy basically banner grabbing the entire Internet and he's found some really, really weird stuff out there. There are some very interesting nuggets in that interview. Check it out. read more [1] [1] http://risky.biz/netcasts/risky-business/risky-business-242-massive-recon-hd-moore

On this week's show we'll be chatting with Forbes' London bureau chief Parmy Olson. Parmy did a great job of covering the whole LulzSec fiasco last year for Forbes, but she's gone one better and written a book about the whole thing. It's called /We Are Anonymous: Inside the hacker world of LulzSec/ and you know what? It's pretty good! Actually, it's really, really good. I'm about a third of the way through a review copy. Parmy will joins us to talk about what it was like to stitch a story like this together. read more [1] [1] http://risky.biz/netcasts/risky-business/risky-business-241-parmy-olson-discusses-her-book-lulzsec

On this week's show we're taking a look at some research out of Cambridge University that's drawn a lot of attention. It involves a claim that researchers found a hardware back door on a Chinese-made FPGA (Field Programmable Gate Array). That FPGA is apparently used in military hardware. You can find links to the draft paper and a write-up here . So was this "back door" put there by super-secret Chinese cyber-warriors? Or is it something much less interesting like an undocumented debugging interface? read more [1] [1] http://risky.biz/netcasts/risky-business/risky-business-240-fpga-back-doors

This week's feature audio is an excerpt from an AusCERT presentation I recorded last week. The talk, by Brad Barker of the HALO Corporation, discusses the Zeta drug cartel's use of technology and social media. HALO Corporation does everything from intelligence support to kidnap and ransom consulting. Barker has an interesting analysis of how civilian technology is altering methods of operation and the wider battlefield. It's good stuff. read more [1] [1] http://risky.biz/netcasts/risky-business/risky-business-239-zetas-cartel-and-social-media

In this week's show we take a look at the big burning issue of BYOD. Neal Wise of Assurance.com.au joins us to discuss some common approaches. Neal says one reason companies are starting to address the issue is because staff are already bringing devices in and connecting them to corporate resources regardless of company policy. In other words it's happening whether you like it or not. read more [1] [1] http://risky.biz/netcasts/risky-business/risky-business-238-byod-here-whether-you-it-or-not

On this week's show we're taking a look at basic opsec with an incident responder friend of ours. We'll be talking about some sensible strategies people can use when they're up to illegal stuff on the Internets, because, you know, watching all these guys getting busted for owning FBI websites from their own IPs is getting boring. This is useful stuff to understand on the defensive side, too. Plus Adam Boileau joins the show with his take on the week's news.