Risky Business-logo

Risky Business

Technology Podcasts >

The Risky Business podcast has been published weekly since 2007. It covers information/cyber security.

The Risky Business podcast has been published weekly since 2007. It covers information/cyber security.
More Information


United States


The Risky Business podcast has been published weekly since 2007. It covers information/cyber security.




Risky Business #490 -- North Korea, "cyber norms" and diplomacy

On this week’s show we’re taking a look at how an acceleration in 24-carat bonkers state-sponsored hacking is leading to calls at senior levels of government for some actual norms to be established. We’ve got Russia hacking the planet with NotPetya, North Korea owning central banks and cryptocurrency exchanges, China owning the CCleaner supply chain and… well.. it’s all getting a bit much. So in this week’s feature segment we’re going to zero in on one norm-breaking country, North Korea....


Risky Business #489 -- (Deep) Fake News

On this week’s show we’re chatting with Professor of Law at the University of Maryland Danielle Citron about an article she co-authored on so-called “deep fake” videos. Citron and Bobby Chesney wrote a fascinating piece about the privacy and national security implications of this latest trend and we’ll be talking to her about that a little bit later on. In this week’s sponsor interview we’re chatting with Julian Fay, CTO of this week’s sponsor Senetas. We talk to him about how encryption...


Risky Biz Soap Box: Google Chronicle co-founder Mike Wiacek talks Virus Total Intelligence

This isn’t the regular weekly show, Soap Box is the podcast where vendors pay to appear to talk about big picture stuff, or really anything they want. Unless you’ve been living under a rock lately you’d know that Google announced the spinoff of an enterprise information security company. They’ve named it Chronicle, but beyond that it’s all a bit mysterious. Unlike other startups that stay super stealth until they launch their product, Google basically realised that as it already has its...


Risky Business #488 -- Stop users recycling passwords with the pwned passwords API

On this week’s show we’ll chat with Troy Hunt of Have I Been Pwned. He’s released version two of his pwned password service and API. Basically it lets websites check to see if a user’s password is one that he has in his dataset. Version two allows this process to happen without users having to send over a complete password hash to HIBP. It’s making some waves already. It’s a genuinely interesting, free service. In this week’s sponsor interview we chat with Trail of Bits security engineer...


Risky Biz Soap Box: Bucgrowd CTO Casey Ellis on bounty innovation, PII norms and defensive bounties

This edition of Soap Box is brought to you by Bugcrowd. So the next 40 minutes or so is a conversation between Bugcrowd CTO and founder Casey Ellis and I. As most of you would know, Bugcrowd runs outsourced bug bounty programs for a wide variety of organisations, from Silicon Valley megabrands to financial services to development-heavy SMEs, Bugcrowd is there. And what a time it is for the bug bounty business. There’s a lot of attention on the bug bounty concept at the moment – we even...


Risky Business #487 -- Guest Katie Moussouris on her recent Senate Subcommittee testimony

On this week’s show we’re going to chat with Katie Moussouris about her testimony before a Senate Subcommittee last week. She fronted a session on Consumer Protection, Product Safety, Insurance, and Data Security titled, “Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers. We’ll hear from her on how all that went and what she hopes the US government learned from the committee panel. Also this week we’ll be hearing from Mark Maunder of...


Risky Business #486 -- Locking down AWS permissions with RepoKid

On this week’s show we’re chatting with Travis McPeak at Netflix about a took they’ve developed called RepoKid. It automatically strips unused AWS permissions, which I’m guessing a lot of you will find quite useful. We’ll also chat with Dan Kuykendall in this week’s sponsor interview. Dan works for Rapid7, and they’ve been doing some interesting stuff with their agents, basically tweaking them to give better visibility of application security issues and exploitation attempts. T hat...


Risky Business #485 -- Infosec startups overfunded, good exits unlikely

On this week’s show we’re checking in with Kelly Shortridge and the topic is zombies. Not the botnet kind, the heavily-VC-backed kind. A recent report from the Reuters news agency highlighted the amount of VC pouring into the so-called “cyber” industry vs the amount of money actually coming out of it in the form of profitable exits isn’t matching up. The industry is filling up with so-called zombie companies – they’ll never exit, but they’re not going to completely die, either. As it...


Risky Business #484 -- What's up with the new 702?

On this week’s show we’ll be taking a look at the freshly re-authorised section 702 of the FISA act. As you’ll soon hear, the updated section now allows the FBI to search data captured under 702 programs for evidence against US citizens in a bunch of circumstances, including, drum roll please, during investigations with a cyber security tilt. The co-founder of the Lawfare blog, law professor and Associate Dean for Academic Affairs at the University of Texas Ausin, Bobby Chesney, will be...


Risky Business #483 -- Internet censorship in Iran, China

On this week’s show we chat with Collin Anderson about Iranian internet censorship, as well as how sanctions on Iran led Google to block app engine access within Iran. That’s a problem for Signal users there, because when the primary Signal servers are blocked, the software falls back to a domain-fronting approach that uses… drum roll please.. Google App Engine. That’s a pretty wide ranging discussion of ‘net censorship in Iran and ‘net censorship generally and that’s coming up after the...


Risky Business #482 -- Meltdown and Spectre coverage without the flappy arms

On this week’s show Matt “pwnallthethings” Tait joins the show to walk us through the so-called Meltdown and Spectre bugs. Most of the coverage of the flaws has either been massively hyped or detail-free, and Matt pops by to untangle the whole mess. He does a great job of it, too. This week’s show is brought to you by Cylance. CTO Rahul Kashyap will be along in the sponsor chair to talk about why so many AV packages were causing Windows boxes to BSOD when Microsoft pushed its Meltdown...


Risky Business #481 -- Inside the Anthem breach with someone who was there

This is the last show for the year, Risky Business will return on January 10th 2018. In this week’s feature Stephen Moore joins us. He was formerly the Staff Vice President of Cyber Security Analytics at Anthem, the healthcare company that was spectacularly owned by a Chinese APT crew in 2015. Instead of us all just saying “lol they got owned, they’re idiots,” I thought it would be a good idea to actually talk to someone who was there. As you’ll hear, Anthem’s team knew they were being...


Risky Biz Soap Box: Bromium on custom microvirtualization for legacy apps

Today’s Soap Box is brought to you by Bromium. Bromium makes a security suite that wraps key applications in microvisors. It’s a way to get app-specific, hardware-based virtualisation. Historically Bromium has wrapped things like browsers and the office suite into these microvisors. Bromium has also found a lot of success in selling to organisations that have to run out-of-date browsers and Java. Wrapping an old browser in Bromium actually does make it safe to use. Well, now they’ve...


Risky Business #480 -- Uber, Kaspersky woes continue

On this week’s show we’ll be having a look at the latest OWASP top 10. As many of you would know, the new list is out. A couple of items have been dropped and a couple of items have been introduced. But we’re really using this new top 10 as an excuse to have a broader chat about the top 10 and the OWASP mission more generally. As you’ll hear, everyone seems to agree the list is a good thing, but maybe OWASP needs to sharpen its communication strategy a little to make itself more...


Snake Oilers #4: Dino Dai Zovi, Chris McNab and Sylvain Gil

We’ll be hearing from three vendors in this edition of Oilers. Dino Dai Zovi will be along first up to talk about his startup, Capsule8, which looks very promising indeed. After we’ve heard from Dino we’ll be chatting with Chris McNab. He used to run incident response for iSec Partners and later NCC Group, but these days he runs AlphaSOC, a company he founded. They’re a very simply play – they do DNS and IP analytics. They offer that as a Splunk application or via an API, and you would...


Risky Business #479 -- Oh, Uber. Oh, Apple.

On this week’s show we’re speaking with Susan Hennessey, a Fellow in National Security in Governance Studies at the Brookings Institution and managing editor of Lawfare. We’re talking to her about cross-border law enforcement in the Internet age. We hear a lot of people in the infosec community expressing some discomfort with the FBI’s use of Network Investigative Techniques designed to de-cloak Tor users. Susan pops by to explain why the FBI and other law enforcement bodies aren’t...


Risky Business #478 -- Why a "Digital Geneva Convention" won't work

On this week’s show we check in with Mara Tam. She’ll be telling us why the idea of a so-called “Digital Geneva Convention” is silly. Then, after that, Rich Smith of Duo Security will be in the sponsor chair. You may have heard about some recent research Duo Labs did into Apple EFI patches basically not working/sticking. Rich walks us through that research, why Duo did it, how they did it, and what it can tell us. It might be Mac research but the real worry, as you’ll hear, is around...


Risky Business #477 -- US mulls charges against Russian officials involved in DNC hack

There’s no feature interview in this week’s edition, just a slightly longer news session with Adam Boileau, then it’s straight into this week’s sponsor interview. Adam and I will be speaking about: Marco Slaviero is this week’s sponsor guest. He’ll be along with a radical marketing approach: He’ll be telling us what Canaries can’t do! But you know what? It’s a useful thought exercise. He’ll also update us on the latest stuff they’re doing in the cloud. They’ve got some new VMWare virtual...


Snake Oilers #3: Bot prevention and distributed "crypto magic" credit card storage

In this edition of Snake Oilers we’re taking a look at two Australian companies and their solutions: Kasada and Haventec. Kasada’s product is a simple one – it’s bot prevention using proof of work and a couple of other things, and Haventech’s solution is a bit more out there. They’ve got a couple of products. One uses device fingerprinting plus a secret for authentication, but they’ve actually come up with something else that’ll be really interesting to people in the payment card...


Risky Business #476 -- Zeynep Tufekci on machine learning and disinformation

On this week’s show we’re chatting with Zeynep Tufekci about how machine learning accelerates the dissemination of crazy s–t, basically. Zeynep’s September TED talk titled “We’re building a dystopia just to make people click on ads” is a must watch and has been doing the rounds on infosec Twitter over the last couple of weeks. She joins us this week to talk through what we might be able to do about the tendency of online platforms to send people down pretty warped rabbit holes. That’s a...


See More