On this week's show we're chatting with Neel Mehta, a security researcher with Google. Neel is best known for finding the Heartbleed bug, and he joins us this week to talk about Heartbleed, ShellShock, the security of SSL stacks and where he expects vuln research to go in the future.
Funnily enough this is Neel's first interview about Heartbleed, so I guess we can call this a scoop!
This week's show is brought to you by Bromium, makers of fine, fine exploit mitigation software. Personally I'm a real fan of Bromium's stuff. They're relatively new, but if you have a Java problem in your enterprise, as in, you have to have Java in your enterprise, Bromium has a solution for you -- they make micro-vm software that mitigates memory corruption bugs and it's actually quite good.
Bromium's chief security architect Rahul Kashyap joins us this week to talk about some malvertising research he presented at the virus bulletin conference recently, and he also previews the results of Bromium's code audit. That's right, a security software company actually had their software audited! Bowl me over. The audit report will be available next week, but we get the inside scoop on that before it's out.
JPMorgan hack exposed data of 83 million, among biggest breaches in history
Xen Bug Could cause Crashes, Expose Cloud Data | Threatpost | The first stop for security news
Musings on the recent Xen Security Advisories | Bromium Labs
Apple patches "Shellshock" Bash bug in OS X 10.9, 10.8, and 10.7 | Ars Technica
OpenVPN vulnerable to Shellshock Bash vulnerability | Threatpost | The first stop for security news
Fiora\u202e\u2604anreteA on Twitter: "RT "cmd.exe #shellshock" @dakami: "this is why we can't have nice strings" http://t.co/9LPTbtVazr"
Silk Road Lawyers Poke Holes in FBI's Story - Krebs on Security
The Unpatchable Malware That Infects USBs Is Now on the Loose | WIRED
Lacoon Discovers Xsser mRAT, the First Advanced iOS Trojan
If the information from https://www.lacoon.com/lacoon-discovers-xsser-mrat-first - Pastebin.com
Holder urges tech companies to leave device backdoors open for police - The Washington Post
Cops Are Handing Out Spyware to Parents-With Zero Oversight | WIRED
The Criminal Indictment That Could Finally Hit Spyware Makers Hard | WIRED
CloudFlare Rolls Out Free SSL | Threatpost | The first stop for security news
FBI to Open Up Malware Investigator Portal to External Researchers | Threatpost | The first stop for security news
Chrome bug hunters, Google's giving you a raise - CNET
WPScan Vulnerability Database WordPress Security Resource | Threatpost | The first stop for security news
Second Same-Origin Policy Bypass Flaw Haunts Android Browser | Threatpost | The first stop for security news
Advertising firms struggle to kill malvertisements | Ars Technica
Leftovers | The Basics