Risky Business Podcast
August 23, 2013
Risky Business #293 -- Phishing for (whitehat) fun and profit
Presented by
CEO and Publisher
Technology Editor
This week's feature guest is Haroon Meer of Thinkst Applied Research. He's launched an awesome new site called Phish5.com that allows sysadmins and security consultants to automate phishing campaigns against their own networks and clients.
It's a brilliant idea and well executed.
This week's show is brought to you by the fine folks at Microsoft, and we chat with Microsoft's Jerry Bryant later on about the expansion of the company's MAPP program. If you're an incident responder you really want to hear about this -- you can now submit suspect samples to Microsoft and they'll inspect them for 0day. World-class triage at your fingertips.
Show notes
The following stories were discussed in episode 293 of the Risky Business podcast.
Bradley Manning Sentenced to 35 Years in Prison | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/bradley-manning-sentenced/
BBC News - Bradley Manning: 'I am a woman named Chelsea'
http://www.bbc.co.uk/news/world-us-canada-23798253
Julian Assange's WikiLeaks Party running mate Leslie Cannold quits
http://www.theage.com.au/federal-politics/federal-election-2013/julian-a...
Statement of Resignation from Wikileaks Party National Council at Dan's blog
http://danielmathews.info/blog/2013/08/statement-of-resignation-from-wik...
Security Community Raises Money for Researcher Snubbed by Facebook Bounty Program | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/researcher-denied-facebook-bounty/
Twitter OAuth Data Leaked From Third-Party App | Threatpost
http://threatpost.com/twitter-oauth-data-leaked-from-third-party-app/102035
NSA Broke Privacy Rules Thousands of Times, Contrary to Official Claims | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nsa-violated-privacy-rules/
Declassified 2011 FISC Opinion Shows Court Found Some NSA Surveillance Unconstitutional | Threatpost
http://threatpost.com/declassified-2011-fisc-opinion-shows-court-found-s...
China eyes IBM, Oracle, EMC over possible security issues | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57598827-83/china-eyes-ibm-oracle-emc-o...
U.K. Ordered Guardian to Destroy Snowden Files Because Its Servers Weren't Secure | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/guardian-snowden-files-destroyed/
FDA Issues Recommendations on the Security of Wireless Medical Devices | Threatpost
http://threatpost.com/fda-issues-recommendations-on-the-security-of-wire...
NSA and Intelligence Community turn to Tumblr -- weird but true | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599622-83/nsa-and-intelligence-commun...
Scanning the Internet in 45 Minutes | Threatpost
http://threatpost.com/scanning-the-internet-in-45-minutes/102025
Nasdaq Stock Exchange Goes Dark After Tech Glitch | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nasdaq-outage/
IP Cloaking Violates Computer Fraud and Abuse Act, Judge Rules | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/ip-cloaking-cfaa/
Prison Computer 'Glitch' Blamed for Opening Cell Doors in Maximum-Security Wing | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/computer-prison-door-mishap/
Cybercrooks use DDoS attacks to mask theft of banks' millions | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599646-83/cybercrooks-use-ddos-attack...
How Not to DDoS Your Former Employer - Krebs on Security
http://krebsonsecurity.com/2013/08/how-not-to-ddos-your-former-employer/
Joburg billing leak not a hack: whistle blower
http://businesstech.co.za/news/government/44593/joburg-billing-leak-not-...
Google, Mozilla Considering Limiting Certificate Validity to 60 Months | Threatpost
http://threatpost.com/google-mozilla-considering-limiting-certificate-va...
League of Legends is hacked, with crucial user info accessed | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599450-83/league-of-legends-is-hacked...
Google Chrome 29 Fixes 25 Vulnerabilities | Threatpost
http://threatpost.com/google-chrome-29-fixes-25-vulnerabilities/102038
Microsoft Reissues MS13-066 Windows Server Patch | Threatpost
http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/1...
Jumping Out of IE's Sandbox With One Click | Threatpost
http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054
Cisco Patches DoS, Buffer Overflow Vulnerabilities in UCM | Threatpost
http://threatpost.com/cisco-patches-dos-buffer-overflow-vulnerabilities-...
IT Security News, Security Product Reviews and Opinion - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/
Phish5 - Phish your company in five easy steps
https://phish5.com/
Microsoft Extends MAPP To Incident Responders And Offers Free Online
http://www.darkreading.com/vulnerability/microsoft-extends-mapp-to-incid...
The Bombay Royale
http://thebombayroyale.com/index.html
The notes are really good. If you can read it, then that would be better. - Roger Stanton