Risky Business #269 -- Dave Aitel on the end of clientsides

Where to for infosec when clientsides become rare?
15 Feb 2013 » Risky Business

On this week's show we have a chat with industry stalwart Dave Aitel of Immunity Inc.

Dave joins us to chat about a few things -- like what it will be like when clientside memory corruption exploits become as rare as server side corruption exploits are now. How will that change the security discipline? We also have a chat about El Jefe and sneaky ways of handling command and control.

This week's show is brought to you by NCC Group, the global information security firm. NCC Group's Asia Pacific General Manager and BeEF project creator Wade Alcorn joins us in this week's sponsor slot to chat about recent Ruby on Rails bugs. It's been patched three times in the last month! But how much of a problem is that for you?

Is Ruby on Rails being used for serious business? Should it be?

You can find Patrick on Twitter here and Adam here.

Show notes

Security Firm Bit9 Hacked, Used to Spread Malware - Krebs on Security
http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spr...

Microsoft Report Examines Socio-Economic Relationships to Malware Infections | threatpost
http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-econom...

Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives | threatpost
http://threatpost.com/en_us/blogs/cybersecurity-executive-order-short-ac...

White House Must Respond to Petition Seeking Swartz Prosecutor's Firing | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/swartz-prosecutor-petition/

DHS Watchdog OKs 'Suspicionless' Seizure of Electronic Devices Along Border | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/

Malware Intelligence Lab from FireEye - Research & Analysis of Zero-Day & Advanced Targeted Threats:In Turn, It's PDF Time
http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html

Emergency Adobe Flash Player Patches Fix Pair of Zero Days | threatpost
http://threatpost.com/en_us/blogs/emergency-adobe-flash-player-patched-f...

Microsoft's next Patch Tuesday to fix 57 security bugs | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57568412-83/microsofts-next-patch-tuesd...

Hackers can easily breach Emergency Alert Systems | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569322-83/hackers-can-easily-breach-e...

Ransomware cybercrime ring dismantled in Europe | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569321-83/ransomware-cybercrime-ring-...

Old OS X malware used in increased attacks against Uyghur groups | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569252-83/old-os-x-malware-used-in-in...

Anonymous fails to shut down live streams of Obama address | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569098-83/anonymous-fails-to-shut-dow...

Gmail of journalists in Myanmar said to be hacked | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57568840-83/gmail-of-journalists-in-mya...

Audacious Hack Exposes Bush Family Pix, E-Mail | The Smoking Gun
http://www.thesmokinggun.com/documents/bush-family-hacked-589132

Telecom NZ says 22,500 Xtra email accounts hacked - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/333169,telecom-nz-says-22500-xtra-emai...

Yahoo! Pushing Java Version Released in 2008 - Krebs on Security
http://krebsonsecurity.com/2013/02/yahoo-pushing-java-version-released-i...

Mega security bugs detailed - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331952,mega-security-bugs-detailed.aspx

Australian Tax System Breached By Criminals
http://www.smh.com.au/it-pro/security-it/criminals-breach-australian-tax...

CERT Australia rebuffs ex-staff criticism - Networks - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331618,cert-australia-rebuffs-ex-staff...

Theoretical Lucky Thirteen TLS Attacks Could Turn Practical | threatpost
http://threatpost.com/en_us/blogs/theoretical-lucky-thirteen-tls-attacks...

VMware Fixes Privilege Escalation Vulnerability | threatpost
http://threatpost.com/en_us/blogs/vmware-fixes-privilege-escalation-vuln...

Ballot-stuffing bot hits News Ltd polls - Web/client - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/331994,ballot-stuffing-bot-hits-news-l...

The Ubermotive Guide to Media Influence |
http://www.ubermotive.com/?p=68

Media Watch: News gets gamed (11/02/2013)
http://www.abc.net.au/mediawatch/transcripts/s3688053.htm?site=westernvic

Anonymous intends to block Webcasts of State of the Union | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57569044-83/anonymous-intends-to-block-...

IMMUNITY : Knowing You're Secure
http://www.immunityinc.com/products-eljefe.shtml

IMMUNITY : Knowing You're Secure
http://www.immunityinc.com/products-swarm.shtml

JaFFer Music, Lyrics, Songs, and Videos
http://www.reverbnation.com/jafferband

BeEF - The Browser Exploitation Framework Project
http://beefproject.com/

Information Security, Escrow & Other Solutions - NCC Group
http://www.nccgroup.com/

,

This week's show should not be missed. i am definite for the real thing that we will learn on this show. looking forward to it. - Flemings Ultimate Garage

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: