Risky Business #250 -- Hack it like it's 1999

Getting nostalgic with Huawei stack-based overflows...
14 Aug 2012 » Risky Business

On this week's show we chat with Recurity Labs' Felix "FX" Lindner and Greg Kopf in the feature segment.

These guys recently shredded some Huawei equipment. They owned it hard and turned it into a DEFCON talk [pdf]. They'll be along a bit later on to tell us why hacking away at Huawei kit made them feel nostalgic.

This week's show is brought to you by the fine folks at Australian pentesting firm HackLabs, so I hope you'll keep them in mind next time you're firing off those RFPs!

HackLabs founder and main man Chris Gatford joins us in this week's sponsor slot to discuss the extremely clever social engineering attack against accounts belonging to technology journalist Mat Honan. he got owned pretty hard. No clientsides, no exploits, no bruteforcing. Just a few phone calls.

Show notes

http://phenoelit.org/stuff/Huawei_DEFCON_XX.pdf

THIS WEEK'S NEWS ITEMS:

Stratfor emails reveal secret, widespread TrapWire surveillance system - RT
http://rt.com/usa/news/stratfor-trapwire-abraxas-wikileaks-313/

Is TrapWire surveillance really spying on Americans? - Technolog on NBCNews.com
http://www.technolog.msnbc.msn.com/technology/technolog/trapwire-surveil...

New Gauss Malware, Descended From Flame and Stuxnet, Found On Thousands of PCs in Middle East | threatpost
http://threatpost.com/en_us/blogs/new-gauss-malware-descended-flame-and-...

Amazon addresses security exploit after journalist hack | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57488759-83/amazon-addresses-security-e...

Apple responds to journalist's iCloud hack | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57487873-83/apple-responds-to-journalis...

One way to make passwords obsolete -- just keep typing | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57492355-83/one-way-to-make-passwords-o...

DOJ Won't Ask Supreme Court to Review Hacking Case | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/08/computer-fraud-supreme-court/

Goldman Sachs Programmer Back in Court on New Charges | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/08/sergey-aleynikov-new-charges/

FTC Dings Google $22.5M in Safari Cookie Flap | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/08/ftc-google-cookie/

Microsoft Releases Attack Surface Analyzer Tool | threatpost
http://threatpost.com/en_us/blogs/microsoft-releases-attack-surface-anal...

#684121 - libotr2: Buffer overflows in libotr - Debian Bug report logs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121

Anonymous targets ASIO, government websites | ZDNet
http://www.zdnet.com/au/anonymous-targets-asio-government-websites-70000...

Oracle Warns Users About Privilege Escalation Bug in Database Server | threatpost
http://threatpost.com/en_us/blogs/oracle-warns-users-about-privilege-esc...

,

The secret is already out there. You don't need to become so sensitive about that one. - James Cullem

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: