Patrick Gray speaks to Yubico’s Jerrod Chong about how organisations can better verify the identities of users when performing MFA resets. In other words, how to not get MGM’d.

He also talks about the chain-of-trust issues inherent to synchronisable passkey implementations.

Risky Biz Soap Box: Preventing MFA reset attacks

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

On this week’s show Patrick and Adam discuss the week’s security news, including:


  Microsoft reassures* us that they take security very seriously*
  Cisco ASA firewalls get sneakily backdoored, but no one’s quite sure how
  Change Healthcare was 1FA Citrix all along
  The FTC, FCC and other government sticks get waved at tech
  Lizard Squad Finn who hacked the Vastaamo therapy chain gets sentenced
  And much, much more.


This week’s sponsor is Zero Networks, who make a network micro-segmentation product that is actually usable. Zero Networks CEO Benny Lakunishok joins us to talk through why firewalling everything everywhere is finally workable.

*  You’ll forgive us for being… a tad sceptical.

Risky Business #746 – Microsoft takes your security seriously*

In this edition of Snake Oilers we’ll be hearing from:


  Push Security: A browser plugin-based security company that combats identity-based attacks. (Much more compelling that it sounds in this description.)
  Knocknoc: The tool Risky Business uses to protect our own applications and services. (Restrict network/port access to users who are authenticated via SSO.)
  iVerify: Mobile security and threat hunting for iOS and Android. (Caught Pegasus in the wild!)

Snake Oilers: Push Security, Knocknoc and iVerify

In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology.

China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over.

Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?

Special Edition: Chris Krebs, Alex Stamos and Patrick Gray

On this week’s show Patrick and Adam discuss the week’s security news, including:


  Palo Alto’s firewalls have a ../ bad day
  Sisense’s bucket full of creds gets kicked over
  United Healthcare draws the ire of congress
  FISA 702 reauthorisation finally moves forward
  Apple warns about “mercenary exploitation” but what’s the India link?
  And much, much, more


This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.

Risky Business #745 – Tales from the PANageddon

On this week’s show Patrick and Adam discuss the week’s security news, including:


  Ransomware: down but not out
  Zero day prices on the rise…
  … and what it means for enterprise software
  Geopolitical conflict comes to computers in Palau
  Ukraine cyber chief Illia Vitiuk suspended
  More x86 microarchitectural bad times
  And much much more


Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.

Risky Biz Soap Box: Preventing MFA reset attacks

Download our free app to listen on your phone