In this week's show we're chatting with Matt Solnik of Accuvant Labs about his stellar presentation at Breakpoint last week. In this interview he describes how he can leverage crappy carrier management client software into full remote compromise attacks against most smartphones, including fully patched iOS8 and Android. It's savage stuff and if you work in telcoland you'd be nuts to miss it.
This week's show is brought to you by tenable network security. Tenable's very own Marcus Ranum will be along in this week's sponsor interview to chime in on desktop virtualisation trends, as well as cloud, remote desktop, the browser as a terminal and enterprise computing in general. The mainframe is dead. Long live the mainframe. It's a great chat.
Show notes
There Is a New Security Vulnerability Named POODLE, and It Is Not Cute | WIRED
http://www.wired.com/2014/10/poodle-explained/
Browser Vendors Move to Disable SSLv3 in Wake of POODLE Attack | Threatpost | The first stop for security news
http://threatpost.com/browser-vendors-move-to-disable-sslv3-in-wake-of-p...
Bahraini Activists Hacked by Their Government Go After UK Spyware Maker | WIRED
http://www.wired.com/2014/10/bahraini-activists-go-after-spyware-source/
NSA May Have Undercover Operatives in Foreign Companies | WIRED
http://www.wired.com/2014/10/nsa-may-undercover-operatives-foreign-compa...
Russian 'Sandworm' Hack Has Been Spying on Foreign Governments for Years | WIRED
http://www.wired.com/2014/10/russian-sandworm-hack-isight/
With This Tiny Box, You Can Anonymize Everything You Do Online | WIRED
http://www.wired.com/2014/10/tiny-box-can-anonymize-everything-online/
Judge Rejects Defense That FBI Illegally Hacked Silk Road-On a Technicality | WIRED
http://www.wired.com/2014/10/silk-road-judge-technicality/
Snapchat Can't Stop the Parasite Apps That Screw Its Users | WIRED
http://www.wired.com/2014/10/snapchat-parasite-apps/
Developer of hacked Snapchat web app says "Snappening" claims are hoax [Updated] | Ars Technica
http://arstechnica.com/security/2014/10/developer-of-hacked-snapchat-web...
Dropbox Denies Hack, Says 'Your Stuff is Safe' | Threatpost | The first stop for security news
http://threatpost.com/dropbox-denies-hack-says-your-stuff-is-safe/108824
Malware Based Credit Card Breach at Kmart - Krebs on Security
http://krebsonsecurity.com/2014/10/malware-based-credit-card-breach-at-k...
Signed Malware = Expensive "Oops" for HP - Krebs on Security
http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/
Who's Watching Your WebEx? - Krebs on Security
http://krebsonsecurity.com/2014/10/whos-watching-your-webex/
Doubling up on Ads Code Bounties
https://www.facebook.com/notes/protect-the-graph/doubling-up-on-ads-code...
Heistmeisters crack cost of safecrackers with $150 widget \u2022 The Register
http://www.theregister.co.uk/2014/10/13/heistmeisters_crack_cost_of_safe...
Shellshock Exploits Spreading Mayhem Botnet Malware | Threatpost | The first stop for security news
http://threatpost.com/shellshock-exploits-spreading-mayhem-botnet-malwar...
October 2014 Oracle Java Security Patches | Threatpost | The first stop for security news
http://threatpost.com/java-reflection-api-woes-resurface-in-latest-oracl...
Fixes for IE, Flash Player in October Patch Tuesday Release | Threatpost | The first stop for security news
http://threatpost.com/fixes-for-ie-flash-player-in-october-patch-tuesday...
Firms Detail Zero Days Targeting Windows Kernel | Threatpost | The first stop for security news
http://threatpost.com/two-patched-zero-days-targeting-windows-kernel/108860
Drupal Fixes Highly Critical SQL Injection Flaw | Threatpost | The first stop for security news
http://threatpost.com/drupal-fixes-highly-critical-sql-injection-flaw/10...
SAP Patches Seven Vulnerabilities in Three Products | Threatpost | The first stop for security news
http://threatpost.com/sap-patches-seven-vulnerabilities-in-three-product...
BlackBerry 10 Open to Bug That Allows Malicious App Installation | Threatpost | The first stop for security news
http://threatpost.com/blackberry-10-devices-open-to-bug-that-allows-mali...
Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback
http://googleonlinesecurity.blogspot.co.nz/2014/10/this-poodle-bites-exp...
Speakers \xbb Breakpoint 2014
https://ruxconbreakpoint.com/speakers/#Mathew Solnik
Tower Of Power - Soul Vaccination - YouTube
https://www.youtube.com/watch?v=46hd6DZS0ww