Risky Business #422 -- #CensusFail, news with Adam and MOAR

You can't make this stuff up.
11 Aug 2016 » Risky Business

On this week's show we talk about the week's security news with Adam Boileau and I spill on what my sources have told me about #censusfail.

This week's show is brought to you by Canary.tools. Canary is a fantastic bit of kit -- it's essentially an easily configurable, compact honeypot you can just drop on your network like a dropbox to detect attacks. No begging the data centre people for rack space, just drop it and go. We'll be talking to Canary.tools head honcho Haroon Meer this week about the disconnect between what some startups are pitching to venture capitalists versus what users actually need.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Census Australia 2016 fail: ABS says website was hacked
http://www.news.com.au/technology/census-fail-abs-spent-nearly-500000-on...

Patrick Gray on Twitter: "Analysis from trusted source of trusted source. Someone's getting fired. I'm a fucking journo and I'm not this dumb: https://t.co/gyQajFDQcQ"
https://twitter.com/riskybusiness/status/763189895292555264

'Angry, bitterly disappointed': Malcolm Turnbull lashes ABS for census failures
http://www.theage.com.au/federal-politics/political-news/angry-bitterly-...

Starting this fall, Apple will pay up to $200,000 for iOS and iCloud bugs | Ars Technica
http://arstechnica.com/apple/2016/08/starting-this-fall-apple-will-pay-u...

Zero-Day Hunters Will Pay Over Twice as Much as Apple's New Bug Bounty Programme | Motherboard
http://motherboard.vice.com/read/zero-day-hunters-will-pay-over-twice-as...

Linux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks | Ars Technica
http://arstechnica.com/security/2016/08/linux-bug-leaves-usa-today-other...

Researchers crack open unusually advanced malware that hid for 5 years | Ars Technica
http://arstechnica.com/security/2016/08/researchers-crack-open-unusually...

Data Breach At Oracle's MICROS Point-of-Sale Division - Krebs on Security
http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-o...

Apple, Intel, Google Employee Accounts Exposed in Data Breach of Developer Forum | Motherboard
http://motherboard.vice.com/read/apple-intel-google-employee-accounts-ex...

Copperhead OS: The startup that wants to solve Android's woeful security | Ars Technica
http://arstechnica.com/security/2016/08/copperhead-os-fix-android-security/

Major Qualcomm chip security flaws expose 900M Android users | Ars Technica
http://arstechnica.com/security/2016/08/qualcomm-chip-flaws-expose-900-m...

Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels | Motherboard
http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-t...

Hackers Make the First-Ever Ransomware for Smart Thermostats | Motherboard
http://motherboard.vice.com/read/internet-of-things-ransomware-smart-the...

Afraid of the Dark? Too Bad, Your Smart Bulbs Can Be Hacked | Motherboard
http://motherboard.vice.com/read/hackers-could-take-control-of-your-smar...

Good news-the robocalling scourge may not be unstoppable after all | Ars Technica
http://arstechnica.com/security/2016/08/good-news-the-robocalling-scourg...

IPv6 router bug: Juniper spins out hotfix to thwart DDoS attacks | Ars Technica
http://arstechnica.com/security/2016/08/ipv6-router-bug-juniper-cisco-dd...

PLC Blaster Worm Targets Industrial Control PLCs | Threatpost | The first stop for security news
https://threatpost.com/plc-blaster-worm-targets-industrial-control-syste...

Secure Golden Key Boot: (MS16-094 / CVE-2016-3287, and MS16-100 / CVE-2016-3320)
https://rol.im/securegoldenkeyboot/

Flip Feng Shui - VUSec
https://www.vusec.net/projects/flip-feng-shui/

FreeBSD \xb7 GitHub
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f