September 22, 2016

Risky Business #428 -- Cross-platform Tor Browser pwnership with Ryan Duff

Listen Later

53 minutes

On this week’s show we’ll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That’s a really, really interesting chat with Ryan Duff, coming up after the news.

This week’s show is brought to you by Hewlett Packard Enterprise Fortify! Of course HPE Fortify makes both static and dynamic analysis tools to help their customers weed out bugs in their software… but what are the relative strengths of static versus dynamic? Where should you use these tools? As this week’s sponsor guest Michael Farnum explains, the trend these days is to not only use both, but move them both as far to the left as possible in the development cycle. That’s this week’s sponsor interview, coming up a bit later.

Mark Piper is this week’s news guest.

Oh, and do add Patrick on Twitter if that’s your thing.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

358358 ratings

September 22, 2016

Risky Business #428 -- Cross-platform Tor Browser pwnership with Ryan Duff

Listen Later

53 minutes

On this week’s show we’ll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That’s a really, really interesting chat with Ryan Duff, coming up after the news.

This week’s show is brought to you by Hewlett Packard Enterprise Fortify! Of course HPE Fortify makes both static and dynamic analysis tools to help their customers weed out bugs in their software… but what are the relative strengths of static versus dynamic? Where should you use these tools? As this week’s sponsor guest Michael Farnum explains, the trend these days is to not only use both, but move them both as far to the left as possible in the development cycle. That’s this week’s sponsor interview, coming up a bit later.

Mark Piper is this week’s news guest.

Oh, and do add Patrick on Twitter if that’s your thing.

...more

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,979 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

636 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

366 Listeners

Hacked by Hacked

Hacked

183 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,009 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Click Here by Recorded Future News

Click Here

414 Listeners

Malicious Life by Malicious Life

Malicious Life

925 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,909 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

166 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners