DiscoverRisky Business
Risky Business
Claim Ownership

Risky Business

Author: Patrick Gray

Subscribed: 9,293Played: 127,667
Share

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
254 Episodes
Reverse
This edition of the show is brought to you with the assistance the Hewlett Foundation, which awarded us a grant so we could do these policy-focussed podcasts. Malcolm Bligh Turnbull served as a member of Parliament from 2004 until 2018, and as Prime Minister from September 2015 until August 2018. But he has been a public figure in Australia for decades. He’s an Oxford-educated lawyer who studied there under a Rhodes scholarship, he’s worked as a journalist, as the personal lawyer to Australian media baron Kerry Packer and was a leader of the ultimately unsuccessful campaign to make Australia a republic in the 1990s. He can also list a number of achievements in the business world. In 1994 he invested half a million dollars into Australian ISP Ozemail, selling his stake to Worldcom in 1999 for $57m. As you’ll hear, now he’s returned to private life Turnbull is investing in technology again. He joined the show to talk about cybersecurity in government, Huawei, the 2016 hack-and-leak operation against the DNC – which took place while he was PM – and more.
As regular listeners know, these Soap Box podcasts are wholly sponsored. That means everyone you hear in a Soap Box podcast, paid to be here. But that’s ok, because we manage to book very interesting guests into these things, like today’s guest, Sami Laine. Officially he’s Okta’s director of technology strategy – but informally he describes his role as being more like a principal security architect. He joins us to talk about identity as the new perimeter and the massive leap we’ve towards a zero trust future through 2020.
On this week’s show Patrick and Adam discuss the week’s security news, including: Russia, China, Iran having a red hot go at US political orgs Crowdstrike drops report, telcos having a bad time MSS owning US government with dumb bugs DoJ indicts Iranian script kiddie because reasons Proposed TikTok-Oracle deal barely makes sense The mother of all Microsoft auth bugs, wow Much, much more… This week’s show is brought to you by Senetas. And we’ve got two sponsor guests for you this week: Senetas CTO Julian Fay will join us, as will Peter Farrely of AUCloud. Senetas uses AUCloud as a partner for its Suredrop file sharing and collaboration platform here in Oz, and Pete is joining us this week to talk through the new Cloud Assessment and Authorisation Framework published by the ACSC. If you work in Australian government IT and security, this one’s for you! Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: Why integrity and availability are key to developing a COVID vaccine China closing the “cyber gap” with USA ASPI publishes research on TikTok, WeChat censorship Belarusian “news app” was tracking activists Julian Assange back in court to fight extradition Much, much more This week’s show is brought to you by Proofpoint, and this week’s sponsor guest is Proofpoint’s senior director of threat research Sherrod DeGrippo. She’ll be telling us about the emergence of some new mid-tier ransomware crews that are targeting people who speak Russian, which is kind of unusual. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
This is a sponsored podcast. Today we’re chatting with a very special guest, Haroon Meer. Haroon is the founder of Thinkst Canary. Some call it a deception company, but he doesn’t, as you’ll hear. He says Canary is a detection company and the distinction is important. In this interview we talk about where Canary came from and recap the last 20 years of Haroon’s security career. We go all the way back to his Sensepost days in 2001, right through to him working for actual royalty in Doha, with a brief detour through him creating an anonymous whistleblower platform for a major broadcaster. You may have heard of Haroon and not known why. This podcast explains why.
On this week’s show Patrick and Alex discuss the week’s security news, including: NZ stock exchange felled by DDoS attack DNI cancels in-person election security briefings for Democats Russians didn’t hack Michigan voter data Sendgrid having a bad time of its own making US to doxes historical DPRK crypto laundering infrastructure, processes This week’s sponsor interview is with VMRay co-founder and sandbox guru Carsten Willems. Carsten is joining us to talk product this week – VMRay has brought out a stack of new integrations for its sandbox product, you can now connect it to a lot of your existing enterprise kit. He’ll pop in to tell us more. Links to everything that we discussed are below and you can follow Patrickor Alex on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: Former Uber CSO Joe Sullivan charged with obstruction of justice Whitehouse to concede WeChat carveouts for US operations in China A bunch of news that sounds like it’s from 1997 This week’s sponsor interview is with Bugcrowd’s CTO Casey Ellis. He’s joining us to talk about some US election-related vulnerability disclosure programs that have kicked off in the USA. Voting machine maker ES&S has launched one as has the state of Ohio. Links to everything that we discussed are below and you can follow Patrickor Adam on Twitter if that’s your thing.
On this week’s show Patrick, Adam and Sherrod DeGrippo discuss the week’s security news, including: NSA and FBI doxx GRU malware. Lol. Malicious Azure app snags SANS staffer Oracle to acquire TikTok? Trump weighs Snowden pardon Much, much more This week’s show is brought to you by Airlock Digital. They make allowlist/safelist software that is actually manageable at scale! David Cottingham, an Airlock co-founder, joins the show this week to talk through a few product updates. Links to everything that we discussed are below and you can follow Patrick, Sherrod or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: WeChat joins TikTok in the naughty corner TLS 1.3 with ESNI will have a massive impact on censorship AND security Belarus goes dark after dodgy election Capital One fined $80m Much, much more We’ll be hearing from Dan Guido of Trail of Bits in this week’s sponsor interview. They’ve developed a generic macOS EDR package that you, dear vendor, should absolutely license from them. Dan joins us to explain why. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: Trump’s war on TikTok (featuring guest Alex Stamos) Twitter hackers caught. Pretty embarrassing stuff, really. NSO implants target Easter Bunny Garmin may need a good OFAC lawyer (featuring comment from Dmitri Alperovitch) Blackberry cracked after five years leads to multiple arrests in Australia Much, much more Matt Cauthorn of ExtraHop Networks is this week’s news guest. He’ll join us to talk about how the pivot to work from home has changed incident response workflows. The tl;dr is the north-south traffic might look a bit different these days but the east-west shenanigans are still the same. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Soap Box is the wholly sponsored podcast series we do here at Risky.Biz. That means everyone you hear on this podcast paid to be here. In this podcast you’re going to hear my latest interview with Jerrod Chong, Yubico’s Chief Solutions Officer. Hardware security keys like Yubikeys have come a long way, even over the last couple of years. The biggest change is that the support for hardware keys is borderline ubiquitous now. FIDO2 support is in all the major browsers. You can even use Yubikeys with Google apps on an iPhone. The plumbing is here, it’s arrived. But there are still some hurdles to overcome before the full potential of hardware security keys will be unlocked. One issue is that if you’re operating an at-scale service, you’re still stuck with the same old problems around account recovery. The process problems. So in this interview I talk with Jerrod about how far things have come and where they might go next.
On this week’s show Patrick and Adam discuss the week’s security news, including: Two Chinese nationals charged with freelancing for MSS Russia, China hacking COVID-19 research The world dodged a bullet on the Windows DNS bug Twitter blue tick pwnapalooza Much, much more. This week’s show is brought to you by Corelight. The company’s Chief Product Officer, Brian Dye, will be along for a chat a bit later on. We look at how adopting a zero trust model, sadly, doesn’t mean you can just ignore your network completely, as much as that would be nice. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Normally these Soap Box podcasts – which are wholly sponsored – feature vendors trying to sell you stuff. But this time we’re doing something different: This podcast is an interview with two senior Facebook staffers: Pedro Canahuati, VP of Engineering Chris Bream, Security Engineering Director. Why is facebook’s security engineering group sponsoring a Soap Box episode of Risky Biz? They figure lifting the veil a bit on how things are done over there will be good for them. They’re always hiring, right? Enjoy! (A reminder – there will be no weekly show this week or next. The weekly Risky Biz news podcast returns on July 29.)
On this week’s show Patrick and Adam discuss the week’s security news, including: The latest on the EncroChat hack-related arrests Details about the fresh F5 and Citrix bugs Natanz go boom Paying Wastedlocker ransoms violates Treasury sanctions North Korea embraces Magecart (lol) Much, much more… This week’s show is brought to you by Cmd Security. They make a very useful Linux security agent. Essentially they add an additional layer of control to your Linux systems: you can restrict user actions, even for root. Instead of having one of their own staff on to the show this week they’ve nominated a customer. HPE is a Cmd user, they actually heard about it on the podcast and wound up buying it. So HPE ITOC engineering lead Adam Cardillo and his colleague Curtis Simpson – the ITOC CISO – will both join us in this week’s sponsor interview to talk about how they’re using the software. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
This edition of the Soap Box podcast is brought to you by Proofpoint. Today’s guest is Proofpoint’s EVP of Cybersecurity Strategy, Ryan Kalember, and the topic is business email compromise, or BEC. BEC is a big deal, generating billions of dollars in losses every year across basically all industry verticals and levels of government. Until recently, there haven’t been many technical controls that help to mitigate it. Trying to get on top of this issue is very much in Ryan Kalember’s job description. BEC is a diabolical problem, and as a company with a specialty in email security, Proofpoint is really expected to help clients get on top of it. In this conversation you’ll hear us talk a bunch about the problem and Proofpoint’s approach to trying to minimise BEC.
On this week’s show Patrick and Adam discuss the week’s security news, including: Inside the new American “e2ee busting” bill Julian Assange hit with (another) superseding indictment Trustwave uncovers sneaky Chinese accounting software backdoor Much, much more… This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: Australia “under attack” - a wrap Microsoft releases more security protections for E5 customers US to introduce “anti encryption” bill Shady encrypted phone company owned by the cops NSA to offer filtered DNS services to defence industry MORE This week’s sponsor is Kasada. They offer a service that eliminates synthetic/bot traffic from the web. Former Australian Prime Minister Malcolm Turnbull is an investor and has joined Kasada’s board. Kasada’s CEO Pascal Podvin is this week’s sponsor guest. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
This podcast is brought to you by the Cyber Initiative at the Hewlett Foundation. They gave us a grant so we can do these podcast interviews that have relevance to cyber policy, so big thanks to the Cyber Initiative at the Hewlett Foundation for funding this work. Today we’re chatting with Citizen Lab Senior Researcher John Scott-Railton about the work they did investigating the Indian hacker-for-hire firm BellTrox. For those of you who didn’t catch the news, The Citizen Lab, which operates out of the Munk School of Global Affairs at the University of Toronto, dropped a huge report a couple of weeks back that lays Belltrox’s operations bare. As you’ll hear this company attempted to hack tens of thousands of email accounts belonging to everyone from government officials to hedge fund managers and activists.
On this week’s show Patrick and Adam discuss the week’s security news, including: Facebook commissioned custom 0day to de-cloak child sex predator IP stack bugs to plague IoT, ICS for years Sandworm was doxxed by the NSA and hardly anyone noticed Congress demands answers on 2015 Juniper NetScreen back door investigation Amazon, Microsoft join moratorium on sale of facial recognition to police Much, much more This week’s show is brought to you by Signal Sciences. And instead of having one of their staff on the show, they nominated one of their customers to appear instead. So in this week’s sponsored segment we’re going to hear from Keith Hoodlet. Keith is currently the Senior Manager of Application Experience at Thermo Fisher Scientific, a $137 billion company. He built their appsec program and he’ll be along later on to talk through all of that. It’s a rapid-fire interview about how he was able to get started and make a dent quickly. Keith used to co-host the Application Security Weekly podcast and he’s worked for Bugcrowd and Veracode. He’s a cool guy, it’s a great interview, make sure you stick around for that one. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: Full scale of Indian hacker-for-hire firm revealed IBM exits facial recognition Contact tracing apps flop Much, much more This week’s show is brought to you by AttackIQ. AttackIQ’s Chris Kennedy will be along in this week’s sponsor interview to talk about how for some organisations threat intelligence has moved from a nice-to-have to being central to blue team efforts. As you’ll hear he says MITRE ATT&CK makes threat intel actionable, and some orgs playing on hard mode are really kicking some goals that way. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
loading
Comments 
Download from Google Play
Download from App Store