Risky Business Podcast
September 14, 2012
Risky Business #254 -- Does your pentester team know what it's doing?
Presented by
CEO and Publisher
Technology Editor
This week's feature interview is with Wayne Ronaldson. Wayne's a security consultant with a company here called CQR, but he's cobbled together a fascinating little side project called Exploitable Labs.
In essence, Exploitable Labs is an online capture the flag environment. Participants connect to it, then go about finding various types of vulnerabilities -- in Web applications, servers and network devices. At the end of the exercise, the system spits out a report that can tell the participant where they're hot and where they're not.
Wayne designed the service to be used by people who hire penetration testers -- it's not a certification like CREST, it's an evaluation. It's an interesting idea!
Adam Boileau, as always, joins the show for a chat about the news headlines.
Show notes
Pirate Bay Co-Founder Arrested at Airport on Hacking Charges | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/09/pirate-bay-airport-arrest/
Apple Device IDs Leaked by Anonymous Traced to App Developer Blue Toad | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/09/udid-leak-traced-to-blue-toad/
Sleuths Trace New Zero-Day Attacks to Hackers Who Hit Google | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/09/google-hacker-gang-returns/all/
Report: Half of Android devices have unpatched holes | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57512467-83/report-half-of-android-devi...
Microsoft finds malware hidden in new computers in China | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57512703-83/microsoft-finds-malware-hid...
Phony Al-Jazeera text messages sent by pro-Syrian gov't hackers | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57509104-83/phony-al-jazeera-text-messa...
Microsoft axes many of its Forefront enterprise security products | ZDNet
http://www.zdnet.com/microsoft-axes-many-of-its-forefront-enterprise-sec...
Careful Who You Friend: Taliban Posing as 'Attractive Women' Online | Danger Room | Wired.com
http://www.wired.com/dangerroom/2012/09/taliban-facebook/
Microsoft Carries out Nitol Botnet Takedown | threatpost
http://threatpost.com/en_us/blogs/microsoft-carries-out-nitol-botnet-tak...
Apple Fixes Huge Number of Flaws With iTunes 10.7 | threatpost
http://threatpost.com/en_us/blogs/apple-fixes-huge-number-flaws-itunes-1...
CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions | threatpost
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tl...
Go Daddy CEO Denies Hackers Behind Major Outage | threatpost
http://threatpost.com/en_us/blogs/go-daddy-ceo-disputes-hack-behind-majo...
Etsy handcrafts rewards for security bug hunters | ZDNet
http://www.zdnet.com/au/etsy-handcrafts-rewards-for-security-bug-hunters...
Google Adds Online Malware Scanner VirusTotal To Security Lineup | threatpost
http://threatpost.com/en_us/blogs/google-adds-online-malware-scanner-vir...
Red Hat Security Advisory 2012-1259-01 \u2248 Packet Storm
http://packetstormsecurity.org/files/116469
No Right Turn: Hacking the Budget
http://norightturn.blogspot.co.nz/2012/09/hacking-budget.html
BitFloor breached, hacker makes off with $250,000 in BitCoins - TechSpot News
http://www.techspot.com/news/50043-bitfloor-breached-hacker-makes-off-wi...
ssl - CRIME - How to beat the BEAST successor? - IT Security
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-...
Exploitable Labs
http://exploitablelabs.com/
PentesterLab.com
https://pentesterlab.com/
My interview with Gotye:
http://media.risky.biz/fots.mp3
The hackers are having their way right now. I guess that is going to be pretty right? - Roger Stanton St. Mary's College
Now I am able to take the next phase in my profession and after working security for quite a few years, I would
love to improve up on my current knowledge and gain a few new ones.
Where's the best place to get started on I wonder?
