Risky Business #340 -- BPX droppin' iOS8 remote jailbreaks like it "ain't no thang"

The Breakpoint edition...
09 Oct 2014 » Risky Business

This week's show was recorded on site at the Ruxcon Breakpoint conference in Melbourne. There have been a handful of absolute jaw-droppers among the presentations here, including a demo showcasing remote code exec against *most* mobile devices, including fully patched iOS8.

This week's show is brought to you by Context information security and we've got a great chat coming up with Mark Graham, Context's head of threat intelligence. He spends most of his days hip deep in data Context has gathered on APT groups, and he's seen some interesting trends. Bad guys are apparently using vendor analysis/blog posts to improve their "product", the Russians are getting in on the action and there's a renewed effort in keeping APT campaigns stealthy.

Show notes

Shellshock-like Vulnerability May Affect Windows | Threatpost | The first stop for security news
http://threatpost.com/shellshock-like-weakness-may-affect-windows/108696

White hat claims Yahoo and WinZip hacked by "shellshock" exploiters | Ars Technica
http://arstechnica.com/security/2014/10/white-hat-claims-yahoo-and-winzi...

Yahoo says attack wasn't Shellshock - CNET
http://www.cnet.com/news/yahoo-late-to-fix-shellshock-threat/

That Unpatchable USB Malware Now Has a Patch ... Sort Of | WIRED
http://www.wired.com/2014/10/unpatchable-usb-malware-now-patchsort/

Twitter Sues the Government for Violating Its First Amendment Rights | WIRED
http://www.wired.com/2014/10/twitter-sues-government/

Feds 'Hacked' Silk Road Without a Warrant? Perfectly Legal, Prosecutors Argue | WIRED
http://www.wired.com/2014/10/feds-silk-road-hack-legal/

Finding a Video Poker Bug Made These Guys Rich-Then Vegas Made Them Pay | WIRED
http://www.wired.com/2014/10/cheating-video-poker/

AT&T Hit By Insider Breach | Threatpost | The first stop for security news
http://threatpost.com/att-hit-by-insider-breach/108705

Huge Data Leak at Largest U.S. Bond Insurer - Krebs on Security
http://krebsonsecurity.com/2014/10/huge-data-leak-at-largest-u-s-bond-in...

Arbor: DDoS Attacks Getting Bigger as Reflection Increases | Threatpost | The first stop for security news
http://threatpost.com/arbor-ddos-attacks-getting-bigger-as-reflection-in...

Create app-specific passwords for iCloud - CNET
http://www.cnet.com/how-to/how-to-create-app-specific-passwords-for-icloud/

Bugzilla Zero-Day Exposes Zero-Day Bugs - Krebs on Security
http://krebsonsecurity.com/2014/10/bugzilla-zero-day-exposes-zero-day-bugs/

Tyupkin ATM Malware Discovered by Kaspersky Lab | Threatpost | The first stop for security news
http://threatpost.com/tyupkin-malware-infects-atms-in-eastern-europe/108734

Reddit-powered botnet infected thousands of Macs worldwide | Ars Technica
http://arstechnica.com/security/2014/10/reddit-powered-botnet-infected-t...

FDA: Medical device cybersecurity necessary, but optional | Ars Technica
http://arstechnica.com/security/2014/10/fda-medical-device-cybersecurity...

Adobe's e-book reader sends your reading logs back to Adobe-in plain text [Updated] | Ars Technica
http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-...

October 2014, Melbourne
http://www.contextis.com/events/oasis/october-2014-melbourne/

Alice Russell - Twin Peaks - YouTube
https://www.youtube.com/watch?v=vySmFB_vUeg

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: