Risky Business #293 -- Phishing for (whitehat) fun and profit

Haroon Meer launches Phish5...
23 Aug 2013 » Risky Business

This week's feature guest is Haroon Meer of Thinkst Applied Research. He's launched an awesome new site called Phish5.com that allows sysadmins and security consultants to automate phishing campaigns against their own networks and clients.

It's a brilliant idea and well executed.

This week's show is brought to you by the fine folks at Microsoft, and we chat with Microsoft's Jerry Bryant later on about the expansion of the company's MAPP program. If you're an incident responder you really want to hear about this -- you can now submit suspect samples to Microsoft and they'll inspect them for 0day. World-class triage at your fingertips.

Show notes

The following stories were discussed in episode 293 of the Risky Business podcast.

Bradley Manning Sentenced to 35 Years in Prison | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/bradley-manning-sentenced/

BBC News - Bradley Manning: 'I am a woman named Chelsea'
http://www.bbc.co.uk/news/world-us-canada-23798253

Julian Assange's WikiLeaks Party running mate Leslie Cannold quits
http://www.theage.com.au/federal-politics/federal-election-2013/julian-a...

Statement of Resignation from Wikileaks Party National Council at Dan's blog
http://danielmathews.info/blog/2013/08/statement-of-resignation-from-wik...

Security Community Raises Money for Researcher Snubbed by Facebook Bounty Program | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/researcher-denied-facebook-bounty/

Twitter OAuth Data Leaked From Third-Party App | Threatpost
http://threatpost.com/twitter-oauth-data-leaked-from-third-party-app/102035

NSA Broke Privacy Rules Thousands of Times, Contrary to Official Claims | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nsa-violated-privacy-rules/

Declassified 2011 FISC Opinion Shows Court Found Some NSA Surveillance Unconstitutional | Threatpost
http://threatpost.com/declassified-2011-fisc-opinion-shows-court-found-s...

China eyes IBM, Oracle, EMC over possible security issues | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57598827-83/china-eyes-ibm-oracle-emc-o...

U.K. Ordered Guardian to Destroy Snowden Files Because Its Servers Weren't Secure | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/guardian-snowden-files-destroyed/

FDA Issues Recommendations on the Security of Wireless Medical Devices | Threatpost
http://threatpost.com/fda-issues-recommendations-on-the-security-of-wire...

NSA and Intelligence Community turn to Tumblr -- weird but true | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599622-83/nsa-and-intelligence-commun...

Scanning the Internet in 45 Minutes | Threatpost
http://threatpost.com/scanning-the-internet-in-45-minutes/102025

Nasdaq Stock Exchange Goes Dark After Tech Glitch | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/nasdaq-outage/

IP Cloaking Violates Computer Fraud and Abuse Act, Judge Rules | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/ip-cloaking-cfaa/

Prison Computer 'Glitch' Blamed for Opening Cell Doors in Maximum-Security Wing | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/computer-prison-door-mishap/

Cybercrooks use DDoS attacks to mask theft of banks' millions | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599646-83/cybercrooks-use-ddos-attack...

How Not to DDoS Your Former Employer - Krebs on Security
http://krebsonsecurity.com/2013/08/how-not-to-ddos-your-former-employer/

Joburg billing leak not a hack: whistle blower
http://businesstech.co.za/news/government/44593/joburg-billing-leak-not-...

Google, Mozilla Considering Limiting Certificate Validity to 60 Months | Threatpost
http://threatpost.com/google-mozilla-considering-limiting-certificate-va...

League of Legends is hacked, with crucial user info accessed | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57599450-83/league-of-legends-is-hacked...

Google Chrome 29 Fixes 25 Vulnerabilities | Threatpost
http://threatpost.com/google-chrome-29-fixes-25-vulnerabilities/102038

Microsoft Reissues MS13-066 Windows Server Patch | Threatpost
http://threatpost.com/microsoft-reissues-ms13-066-windows-server-patch/1...

Jumping Out of IE's Sandbox With One Click | Threatpost
http://threatpost.com/jumping-out-of-ies-sandbox-with-one-click/102054

Cisco Patches DoS, Buffer Overflow Vulnerabilities in UCM | Threatpost
http://threatpost.com/cisco-patches-dos-buffer-overflow-vulnerabilities-...

IT Security News, Security Product Reviews and Opinion - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/

Phish5 - Phish your company in five easy steps
https://phish5.com/

Microsoft Extends MAPP To Incident Responders And Offers Free Online
http://www.darkreading.com/vulnerability/microsoft-extends-mapp-to-incid...

The Bombay Royale
http://thebombayroyale.com/index.html

,

The notes are really good. If you can read it, then that would be better. - Roger Stanton

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: