Risky Business #259 -- MSDfail, Brett Moore and moooore!

From location at the Ruxcon Breakpoint conference in Melbourne…
20 Oct 2012 » Risky Business

This week's show is being produced entirely on the ground at the Ruxcon Breakpoint security conference in my old home town of Melbourne Australia! And it's a shorter show than usual because I'm pretty busy down here producing a bunch of podcasts as a part of some joint coverage I'm doing for both Risky.Biz and The Register. If you want to check out some audio and blog posts from Breakpoint, head to http://risky.biz/breakpoint. They're not up yet, but you'll soon find some interviews with people like Barnaby Jack and Joshua Drake (jduck) there\u2026 or you can subscribe to the RB2 podcast feed at http://risky.biz/feeds if you want that content automagically.

In this week's sponsor interview we're chatting with Insomnia Security founder Brett Moore. Thanks to Insomnia security for all its support of this podcast. If you're a CSO in New Zealand and you've never had a pen test from these guys you're doing it wrong.

It's a company founded by Brett Moore and staffed by the likes of our regular news co-host Adam Boileau and his sometime fill in Mark Piper, as well as a few other guys. Brett joins us to recap Breakpoint and tell us what he thinks of the epic MSDfail in NZ. Why do organisations commission expert advice if they're just going to ignore it?

Show notes

MSD admits not acting on early system breach alerts... | Stuff.co.nz

Russian Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet | Threat Level | Wired.com

Second LulzSec member pleads out in Sony Pictures attack - SC Magazine

Pentagon Hacker McKinnon Wins 10-Year Extradition Battle | Threat Level | Wired.com

State-Sponsored Malware 'Flame' Has Smaller, More Devious Cousin | Threat Level | Wired.com

WikiLeaks Goes Behind Paywall, Anonymous Cries Foul | Threat Level | Wired.com

Cyberthieves steal $400,000 from Bank of America | Security & Privacy - CNET News

Hackers target Fairfax holiday site Stayz, altering bank details on listings | News.com.au

Roxon issues discussion paper on mandatory data breach laws - Risk - SC Magazine Australia - Secure Business Intelligence

Zero-day attacks last much longer than most would believe - SC Magazine

Pacemakers, defibrillators open to attack \u2022 The Register

Information Disclosure Zero-Day Discovered in Novell ZENworks | threatpost

Oracle Patch Update to Include 109 Patches | threatpost

Oracle Leaves Fix for Java SE Zero Day Until February Patch Update | threatpost

Adobe Extends Security of Reader and Acrobat With Better Sandbox, Force ASLR | threatpost

Exploit Code Released Targeting Firefox 16 Vulnerability | threatpost

The Cactus Channel - Official Site


The breach in the system is always there. We need to get used to it sometimes. - Mission Maids