This week's show was recorded on site at the Ruxcon Breakpoint conference in Melbourne. There have been a handful of absolute jaw-droppers among the presentations here, including a demo showcasing remote code exec against *most* mobile devices, including fully patched iOS8.
This week's show is brought to you by Context information security and we've got a great chat coming up with Mark Graham, Context's head of threat intelligence. He spends most of his days hip deep in data Context has gathered on APT groups, and he's seen some interesting trends. Bad guys are apparently using vendor analysis/blog posts to improve their "product", the Russians are getting in on the action and there's a renewed effort in keeping APT campaigns stealthy.
Show notes
Shellshock-like Vulnerability May Affect Windows | Threatpost | The first stop for security news
http://threatpost.com/shellshock-like-weakness-may-affect-windows/108696
White hat claims Yahoo and WinZip hacked by "shellshock" exploiters | Ars Technica
http://arstechnica.com/security/2014/10/white-hat-claims-yahoo-and-winzi...
Yahoo says attack wasn't Shellshock - CNET
http://www.cnet.com/news/yahoo-late-to-fix-shellshock-threat/
That Unpatchable USB Malware Now Has a Patch ... Sort Of | WIRED
http://www.wired.com/2014/10/unpatchable-usb-malware-now-patchsort/
Twitter Sues the Government for Violating Its First Amendment Rights | WIRED
http://www.wired.com/2014/10/twitter-sues-government/
Feds 'Hacked' Silk Road Without a Warrant? Perfectly Legal, Prosecutors Argue | WIRED
http://www.wired.com/2014/10/feds-silk-road-hack-legal/
Finding a Video Poker Bug Made These Guys Rich-Then Vegas Made Them Pay | WIRED
http://www.wired.com/2014/10/cheating-video-poker/
AT&T Hit By Insider Breach | Threatpost | The first stop for security news
http://threatpost.com/att-hit-by-insider-breach/108705
Huge Data Leak at Largest U.S. Bond Insurer - Krebs on Security
http://krebsonsecurity.com/2014/10/huge-data-leak-at-largest-u-s-bond-in...
Arbor: DDoS Attacks Getting Bigger as Reflection Increases | Threatpost | The first stop for security news
http://threatpost.com/arbor-ddos-attacks-getting-bigger-as-reflection-in...
Create app-specific passwords for iCloud - CNET
http://www.cnet.com/how-to/how-to-create-app-specific-passwords-for-icloud/
Bugzilla Zero-Day Exposes Zero-Day Bugs - Krebs on Security
http://krebsonsecurity.com/2014/10/bugzilla-zero-day-exposes-zero-day-bugs/
Tyupkin ATM Malware Discovered by Kaspersky Lab | Threatpost | The first stop for security news
http://threatpost.com/tyupkin-malware-infects-atms-in-eastern-europe/108734
Reddit-powered botnet infected thousands of Macs worldwide | Ars Technica
http://arstechnica.com/security/2014/10/reddit-powered-botnet-infected-t...
FDA: Medical device cybersecurity necessary, but optional | Ars Technica
http://arstechnica.com/security/2014/10/fda-medical-device-cybersecurity...
Adobe's e-book reader sends your reading logs back to Adobe-in plain text [Updated] | Ars Technica
http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-...
October 2014, Melbourne
http://www.contextis.com/events/oasis/october-2014-melbourne/
Alice Russell - Twin Peaks - YouTube
https://www.youtube.com/watch?v=vySmFB_vUeg