Risky Business

Subscribe via RSS/Podcatcher:

Sponsors:

Hosted by:

Supported by:

Risky Business #93 — 2008: The Year That Was

This week’s edition of Risky Business is a bit different — we take a look back over the big stories of 2008 and highlight the best work we saw over the last 12 months.

You’ll laugh, you’ll cry… you’ll hurl.

This is the final Risky Business for the year, with normal programming returning in February. The final edition of Risky Business for the year is brought to you by Tenable Network Security, makers of fine information security software.

So in addition to this week’s 20-minute year-in-review special, this week’s podcast also includes an interview with Tenable’s CSO, Marcus Ranum, in the final sponsor segment for the year.

This week Marcus and Patrick discuss the woeful state of Internet browser security.

NOTE: There is talk in that segment of a Firefox 0day that could have amounted to nothing. Well, it did — turns out it was a null pointer dereference bug, which means it’s probably not exploitable… unless you’re Mark Dowd.

A big merry Christmas and thank you to all listeners who helped make Risky Business a success in 2008!

 Standard Podcast [32:29m]: Play Now | Play in Popup | Download

Risky Business #92 — Gordon “Fyodor” Lyon

This week’s edition of Risky Business is brought to you by RSA Security and hosted, as always, by Vigabyte Virtual hosting.

On this week’s show:

• ZDNet Australia’s outgoing editor Munir Kotadia joins us to discuss the week’s news
• nmap creator Gordon “Fyodor” Lyon discusses his new book
• RSA Security’s Greg Singh joins the show to discuss AFP agent Nigel Phair’s Consumer Trust and Confidence Online Survey.

We’ve also got some information on this week’s show for Mac users who also use PGP for mail.app… if you’re having trouble since installing your 10.5.6 OS X update, it’s not just you!

 Standard Podcast [31:50m]: Play Now | Play in Popup | Download

Risky Business #91 — Mitigating the IE 0day, plus e-discovery with Adam Daniel

This week’s edition of Risky Business is brought to you by Check Point Software.

In this week’s show we take a look at two burning issues: The Internet Explorer 0day that’s doing the rounds, and we also talk about e-discovery with Adam Daniel from Deloitte Forensic Data.

Adam explains why e-discovery solutions are all the rage, how they work, and why they’re required.

Check Point’s Steve MacDonald stops by for this week’s sponsor interview — a discussion around this disastrous, unpatched IE bug that’s very much being exploited in the wild.

As always, ZDNet Australia’s editor Munir Kotadia pops in for a chat about this week’s news.

 Standard Podcast [33:11m]: Play Now | Play in Popup | Download

Risky Business #90 — Ruxcon wrap with guest Mark Dowd

This week’s edition of Risky Business is brought to you by Microsoft.

On this week’s show we’ll wrap Ruxcon, Sydney’s technical security conference. It was held over the weekend, and there were some cracking presentations. Security researcher Mark Dowd joins us with his impressions of the conference presentations.

We’ll also check in with Munir Kotadia with a look at the last week’s news headlines, and in this week’s sponsor interview Microsoft’s Julita Atalla joins us to discuss the company’s plans to release free antivirus software.

 Standard Podcast [46:30m]: Play Now | Play in Popup | Download

Risky Business #89 — Xen and the art of VM manipulation

This week’s edition of Risky Business is brought to you by Tenable Network Security and hosted by Vigabyte virtual hosting.

This week we take a look at VM security with financial services company CSO Adam Pointon and Assurance.com.au’s Neal Wise. The fellas say a recently disclosed flaw in the Citrix Xen hypervisor software should give us all pause. There are some exceptionally crappy virtualisation setups going up left right and centre, Adam and Neal say, and it’s only a matter of time before bad practice comes back to bite everyone on the ass.

We’ll also check in with Symantec’s Tom Powledge, the head of the company’s consumer products division. Powledge joins us to discuss Microsoft’s decision to give away free anti-virus. He’s far from convinced it’ll have a negative impact on Symantec’s business.

Tenable Network Security CSO Marcus Ranum also drops in for this week’s sponsor interview. We spoke to Marcus about his keynote speech from the Hack in The Box conference in Malaysia.

ZDNet Australia’s editor, Munir Kotadia, also stops in for a chuckle over the week’s news headlines.

 Standard Podcast [38:48m]: Play Now | Play in Popup | Download

Risky Business #88 — Munir Kotadia returns and Kimberly Zenz talks McColo

This week’s edition of Risky Business is sponsored by Check Point Software Technologies and hosted, as always, by Vigabyte virtual hosting.

On this week’s show we’re taking a fresh look at “bulletproof” hosting services. Just last week a California-based hosting company, McColo, was de-peered by its upstream providers for hosting bot net command and control servers.

The result? A 65-75 percent reduction in global spam levels.

We’ll talk to iDefense Senior Threat Analyst Kimberly Zenz about the closure of McColo and what the lasting effect — if there is one — will be.

This week also sees the triumphant return of Munir Kotadia from ZDNet Australia. Munir drops in to discuss the week’s security news.

And Check Point’s Engineering Services Manager, Steve MacDonald, pops in for this week’s sponsor interview — the topic is capacity planning.

 Standard Podcast [36:52m]: Play Now | Play in Popup | Download

Risky Business #87 — WPA security issues in depth

This week’s edition of Risky Business is brought to you by a tiny little company called Microsoft, and we’ll be taking an in-depth look at some widely reported security issues with WPA TKIP.

While reports of the death of WPA have been greatly exaggerated, the issues discovered by Erik Tews and Martin Beck are certainly worth a closer look. Can the new capability of attackers to inject seven packets into your WPA network lead to a total compromise? Will this research open the floodgates and lead to more serious issues being uncovered?

Assurance.com.au’s Neal Wise joins us to discuss. Neal is a real WiFi nut and he’s been up to his armpits in this stuff since the reports first surfaced.

We’ll also check in with Adam Boileau for a chat about the last week’s news headlines: Did you read about Google’s incredibly daft Android security lapse yet? Holy smokes!

Microsoft’s Peter Watson will also swing by for this week’s sponsor interview. This week we chat to Peter about the security of cloud computing.

 Standard Podcast [30:15m]: Play Now | Play in Popup | Download

Risky Business #86 — Ranumgate, cloud computing and smart cards everywhere!

This week’s edition of Risky Business is sponsored by RSA Security and hosted by Vigabyte virtual hosting.

In this week’s podcast we take a look at cloud computing, which is all the rage all of a sudden. Andrew Walls from Gartner stops by to cut through the hype and talk about what cloud services could mean for the average CSO.

One-time CANVAS developer and freelance security consultant Adam Boileau pops by to discuss the news and respond to the controversy over last week’s Risky Business interview with Marcus Ranum.

If you haven’t heard, Marcus really had a go at exploit tools like CANVAS and CORE Impact. It really annoyed a lot of listeners, and this week we revisit the topic.

ISP engineer Mark Newton also stops by to talk about the proposed “great firewall of Australia,” and RSA’s Greg Singh joins us to discuss the sudden swell in uptake of smart card technology.

NOTE: At one point you’ll hear me refer to Mark Newton as Matthew Newton. The mistake was mine… sorry, Mark!

 Standard Podcast [54:29m]: Play Now | Play in Popup | Download

Risky Business #85 — H D Moore talks Metasploit 3.2, IPv6

This week’s edition of Risky Business is brought to you by Tenable Network Security and hosted, as always, by Vigabyte virtual hosting.

On this week’s show H D Moore, creator of the Metasploit framework, pops in for a chat. He joins us to discuss changes to Metasploit’s license, as well as the features you’ll find in the new, upcoming version of the software. (3.2) He’ll also discuss his Uninformed.org journal article on the usefulness of IPv6 in pen tests.

Also this week:

• Kiwicon organiser and freelance security nut Adam Boileau joins us with the week’s news.
• Microsoft Australia’s Chief Security Advisor Peter Watson admits the communication strategy around last week’s out of band patch was less than ideal.
• Tenable Network Security’s CSO Marcus Ranum joins the show in this week’s sponsor interview.

Don’t forget to register for Ruxcon! It’s coming up!

 Standard Podcast [51:14m]: Play Now | Play in Popup | Download

Risky Business #84 — Ruxcon is BACK

This week’s Risky Business is brought to you by Check Point Software and hosted by Vigabyte virtual hosting.

On this week’s show we’re going to preview Ruxcon, Australia’s premier IT security conference. It dropped off the earth last year, but it’s back in 2008 and bigger than ever.

We’ll also find out why Macquarie Telecom had egg on its face last week, and catch up with Check Point’s Steve MacDonald in this week’s sponsor interview.

On this week’s show:

• Adam Boileau joins host Patrick Gray to discuss the week’s news
• Denis Rowe, National Marketing Manager for Macquarie Telecom issues a mea culpa
• Ruxcon organiser Chris Spencer joins Risky Business to preview November’s conference
• Forensics expert Adam Daniel joins us to preview his talk at Ruxcon
• Penetration tester Fionnbharr Davies talks enterprise security
• Check Point’s Steve MacDonald talks about the World Bank hack in this week’s sponsor interview
 Standard Podcast [41:05m]: Play Now | Play in Popup | Download

Posted in Uncategorized | Top Of Page | Leave a Comment »

Next Page »