Risky Business

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

https://risky.biz/

subscribe
share


 
 

recommended podcasts


Collections with this podcast

      Risky Business #483 -- Internet censorship in Iran, China


      On this week’s show we chat with Collin Anderson about Iranian internet censorship, as well as how sanctions on Iran led Google to block app engine access within Iran. That’s a problem for Signal users there, because when the primary Signal servers are blocked, the software falls back to a domain-fronting approach that uses… drum roll please.. Google App Engine. That’s a pretty wide ranging discussion of ‘net censorship in Iran and ‘net censorship generally and that’s comin...


      share





      n/a
       

      Risky Business #482 -- Meltdown and Spectre coverage without the flappy arms


      On this week’s show Matt “pwnallthethings” Tait joins the show to walk us through the so-called Meltdown and Spectre bugs. Most of the coverage of the flaws has either been massively hyped or detail-free, and Matt pops by to untangle the whole mess. He does a great job of it, too. This week’s show is brought to you by Cylance. CTO Rahul Kashyap will be along in the sponsor chair to talk about why so many AV packages were causing Windows boxes to BSOD when Microsoft pushed it...


      share





      n/a
       

      Risky Business #481 -- Inside the Anthem breach with someone who was there


      This is the last show for the year, Risky Business will return on January 10th 2018. In this week’s feature Stephen Moore joins us. He was formerly the Staff Vice President of Cyber Security Analytics at Anthem, the healthcare company that was spectacularly owned by a Chinese APT crew in 2015. Instead of us all just saying “lol they got owned, they’re idiots,” I thought it would be a good idea to actually talk to someone who was there. As you’ll hear, Anthem’s team knew the...


      share





      n/a
       2017-12-13

      Risky Biz Soap Box: Bromium on custom microvirtualization for legacy apps


      Today’s Soap Box is brought to you by Bromium. Bromium makes a security suite that wraps key applications in microvisors. It’s a way to get app-specific, hardware-based virtualisation. Historically Bromium has wrapped things like browsers and the office suite into these microvisors. Bromium has also found a lot of success in selling to organisations that have to run out-of-date browsers and Java. Wrapping an old browser in Bromium actually does make it safe to use. Well, n...


      share





      n/a
       2017-12-11

      Risky Business #480 -- Uber, Kaspersky woes continue


      On this week’s show we’ll be having a look at the latest OWASP top 10. As many of you would know, the new list is out. A couple of items have been dropped and a couple of items have been introduced. But we’re really using this new top 10 as an excuse to have a broader chat about the top 10 and the OWASP mission more generally. As you’ll hear, everyone seems to agree the list is a good thing, but maybe OWASP needs to sharpen its communication strategy a little to make itself ...


      share





      n/a
       2017-12-06

      Snake Oilers #4: Dino Dai Zovi, Chris McNab and Sylvain Gil


      We’ll be hearing from three vendors in this edition of Oilers. Dino Dai Zovi will be along first up to talk about his startup, Capsule8, which looks very promising indeed. After we’ve heard from Dino we’ll be chatting with Chris McNab. He used to run incident response for iSec Partners and later NCC Group, but these days he runs AlphaSOC, a company he founded. They’re a very simply play – they do DNS and IP analytics. They offer that as a Splunk application or via an API, a...


      share





      n/a
       2017-12-04

      Risky Business #479 -- Oh, Uber. Oh, Apple.


      On this week’s show we’re speaking with Susan Hennessey, a Fellow in National Security in Governance Studies at the Brookings Institution and managing editor of Lawfare. We’re talking to her about cross-border law enforcement in the Internet age. We hear a lot of people in the infosec community expressing some discomfort with the FBI’s use of Network Investigative Techniques designed to de-cloak Tor users. Susan pops by to explain why the FBI and other law enforcement bodies...


      share





      n/a
       2017-11-29

      Risky Business #478 -- Why a "Digital Geneva Convention" won't work


      On this week’s show we check in with Mara Tam. She’ll be telling us why the idea of a so-called “Digital Geneva Convention” is silly. Then, after that, Rich Smith of Duo Security will be in the sponsor chair. You may have heard about some recent research Duo Labs did into Apple EFI patches basically not working/sticking. Rich walks us through that research, why Duo did it, how they did it, and what it can tell us. It might be Mac research but the real worry, as you’ll hear,...


      share





      n/a
       2017-11-15

      Risky Business #477 -- US mulls charges against Russian officials involved in DNC hack


      There’s no feature interview in this week’s edition, just a slightly longer news session with Adam Boileau, then it’s straight into this week’s sponsor interview. Adam and I will be speaking about: Charges against Russian officials involved in the DNC hack Confirmation of Russian involvement in Ukraine artillery targeting app Attribution claims in Bad Rabbit campaign “Hack Back” bill is picking up steam 1 million installations of counterfeit WhatsApp clone A pr...


      share





      n/a
       2017-11-08

      Snake Oilers #3: Bot prevention and distributed "crypto magic" credit card storage


      In this edition of Snake Oilers we’re taking a look at two Australian companies and their solutions: Kasada and Haventec. Kasada’s product is a simple one – it’s bot prevention using proof of work and a couple of other things, and Haventech’s solution is a bit more out there. They’ve got a couple of products. One uses device fingerprinting plus a secret for authentication, but they’ve actually come up with something else that’ll be really interesting to people in the paymen...


      share





      n/a
       2017-11-06