September 22, 2016

Risky Business #428 -- Cross-platform Tor Browser pwnership with Ryan Duff

Listen Later

53 minutes

On this week’s show we’ll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That’s a really, really interesting chat with Ryan Duff, coming up after the news.

This week’s show is brought to you by Hewlett Packard Enterprise Fortify! Of course HPE Fortify makes both static and dynamic analysis tools to help their customers weed out bugs in their software… but what are the relative strengths of static versus dynamic? Where should you use these tools? As this week’s sponsor guest Michael Farnum explains, the trend these days is to not only use both, but move them both as far to the left as possible in the development cycle. That’s this week’s sponsor interview, coming up a bit later.

Mark Piper is this week’s news guest.

Oh, and do add Patrick on Twitter if that’s your thing.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Risky Business

By Patrick Gray

4.6

364364 ratings

September 22, 2016

Risky Business #428 -- Cross-platform Tor Browser pwnership with Ryan Duff

Listen Later

53 minutes

On this week’s show we’ll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That’s a really, really interesting chat with Ryan Duff, coming up after the news.

This week’s show is brought to you by Hewlett Packard Enterprise Fortify! Of course HPE Fortify makes both static and dynamic analysis tools to help their customers weed out bugs in their software… but what are the relative strengths of static versus dynamic? Where should you use these tools? As this week’s sponsor guest Michael Farnum explains, the trend these days is to not only use both, but move them both as far to the left as possible in the development cycle. That’s this week’s sponsor interview, coming up a bit later.

Mark Piper is this week’s news guest.

Oh, and do add Patrick on Twitter if that’s your thing.

...more

More shows like Risky Business

Hacked by Hacked

Hacked

187 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,002 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

371 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

652 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,022 Listeners

Smashing Security by Graham Cluley

Smashing Security

321 Listeners

Click Here by Recorded Future News

Click Here

415 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,013 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

177 Listeners

Hacking Humans by N2K Networks

Hacking Humans

315 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

136 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

46 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

171 Listeners