Risky Business Patrick Gray
-
- ニュース
-
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
-
Risky Business #745 – Tales from the PANageddon
On this week’s show Patrick and Adam discuss the week’s security news, including:
Palo Alto’s firewalls have a ../ bad day
Sisense’s bucket full of creds gets kicked over
United Healthcare draws the ire of congress
FISA 702 reauthorisation finally moves forward
Apple warns about “mercenary exploitation” but what’s the India link?
And much, much, more
This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches. -
Risky Business #744 -- Ransomware upstarts jostle in Lockbit's absence
On this week’s show Patrick and Adam discuss the week’s security news, including:
Ransomware: down but not out
Zero day prices on the rise…
… and what it means for enterprise software
Geopolitical conflict comes to computers in Palau
Ukraine cyber chief Illia Vitiuk suspended
More x86 microarchitectural bad times
And much much more
Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”. -
Snake Oilers: Kodex, ClearVector and Censys
In this edition of Snake Oilers you’ll hear pitches from three companies:
Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.)
ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte
Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2 -
Risky Business #743 -- A chat about the xz backdoor with the guy who found it
On this week’s show Patrick and Adam discuss the week’s security news, including:
The SSH backdoor that dreams (or nightmares) are made of
Microsoft gets a solid spanking from the CSRB
Ukraine uses an old Russian WinRAR bug to hack Russia
Push-notifications and social-engineering combined-arms vs Apple
And much, much more.
We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.
This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs. -
Risky Business #742 -- China bans AMD and Intel, pivots to Linux on the desktop
On this week’s show Patrick and Adam discuss the week’s security news, including:
FVEY protests China’s widespread hacking of western politicians
China bans western CPUs, Windows and databases
Apple’s leaky M-chip prefetcher
Nigeria holds ex-IRS investigator hostage in Binance stoush
Researchers bring Rowhammer to AMD Zen and DDR5
And much, much more.
This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says. -
Risky Biz Soap Box: Why Azure vulns should get CVEs
In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.
カスタマーレビュー
Rob Joyce Interview: So good I listened to it twice
Tempted to write “that’s it; that’s the review.”
But I’ll hit some of the highlights. Joyce is both a highly skilled, technocratic leading bureaucrat, and his own best press secretary. I’m eclectic (dilettante, if you prefer)—I like to get the big picture. This was a new angle on the government response to cyber threats, really opens up a whole vista. It was fascinating to see Joyce and Gray fence about calling out various friendly actors. No FUD, just a flat (but polite) “nope, not goin’ there”. (Well one thing: a couple of times I got the feeling that Joyce has more of the story, and obviously he might, but it’s “you know if I tell you I gotta kill you” stuff. Of course, maybe there isn’t, and I got taken.😎)
Listen to it once. You won’t regret a waste of time, it’s a bravura performance!