Risky Business #179 -- Turning black boxes clear

How your versioning system could be leaking source...
03 Dec 2010 » Risky Business

On this week's show we're taking a look at a nifty little presentation by Mark Piper delivered to the recent Kiwicon conference.

Pipes is a pentester, and he's figured that around 4% of websites, globally, leak source code because they're allowing metadata from their code versioning and revision control systems to wind up on their production boxes.

Sometimes that means you can obtain source code when you're doing a black box pentest, or even if you're trying to pwn Facebook or Twitter on your own time.

Also this week, Adam Boileau joins us to discuss the week's news and Microsoft's Katie Moussouris joins us to discuss her role in drafting the ISO standard for vulnerability disclosure. That's this week's sponsor interview.