On this week's show we're chatting with Alec Stuart Muirk about some of his research into Cisco appliance security. That interview is not so much a blow by blow of the bugs he found, which were pretty devastating by the way, but more about how accessibility is a major hurdle when researching various bits of kit.
As you'll hear, many security vendors are starting to release their kit as VMs, which means researchers will be more likely to poke at them. Does that mean more boneheaded bugs like the stuff he found? Well, probably.
This week's show is brought to you by Bromium. In this week's sponsor interview we're chatting with Bromium's chief security architect Rahul Kashyap about some of his reflections on 2014. Well, two in particular. He says the decision of retailers to skip POS refresh programs during the US recession that began in 2008 is preeeetty much how the retail sector in the USA wound up in so much strife now. And he also shares some interesting thoughts on how standardised indicators of compromise may be turned against attack victims in 2015.
Show notes
Feds Arrest Alleged 'Silk Road 2\u2032 Admin, Seize Servers - Krebs on Security
http://krebsonsecurity.com/2014/11/feds-arrest-alleged-silk-road-2-admin...
Blake Benthall Criminal Complaint
http://www.scribd.com/doc/245744857/Blake-Benthall-Criminal-Complaint
Not Just Silk Road 2: Feds Seize Two Other Drug Markets and Counting | WIRED
http://www.wired.com/2014/11/dark-web-seizures/
US Attorney's office: Whoops, Silk Road 2.0 hired a fed [Updated] | Ars Technica
http://arstechnica.com/tech-policy/2014/11/feds-claim-silkroad-2-0-taken...
Why Facebook Just Launched Its Own 'Dark Web' Site | WIRED
http://www.wired.com/2014/10/facebook-tor-dark-site/
Active "WireLurker" iPhone infection ushers in new era for iOS users | Ars Technica
http://arstechnica.com/security/2014/11/active-wirelurker-iphone-infecti...
WireLurker Mac OS X Malware Shut Down | Threatpost | The first stop for security news
http://threatpost.com/wirelurker-mac-os-x-malware-shut-down/109204
Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide - The Intercept
https://firstlook.org/theintercept/2014/10/30/hacking-team/
Hacking Team Responds in Defense of Its Spyware - The Intercept
https://firstlook.org/theintercept/2014/11/03/hacking-team-responds-defe...
How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone - AirHopper | Cyber Security Labs @ Ben-Gurion University of the Negev
http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer...
Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud | Ars Technica
http://arstechnica.com/security/2014/11/crypto-attack-that-hijacked-wind...
Nat McHugh: How I created two images with the same MD5 hash
http://natmchugh.blogspot.co.uk/2014/10/how-i-created-two-images-with-sa...
Flaw in New 'Secure' Credit Cards Would Let Hackers Steal $1M Per Card | WIRED
http://www.wired.com/2014/11/chip-n-pin-foreign-currency-vulnerability/
Who wants to be A MILLIONAIRE? Not so fast, Visa tells wannabe pay-by-bonk thieves \u2022 The Register
http://www.theregister.co.uk/2014/11/05/visa_contactless_card_flaw/
Pirate Bay Founder Convicted on Hacking Charges, Sentenced to 3.5 Years | WIRED
http://www.wired.com/2014/10/pirate-bay-founder-hacking/
Thai police question The Pirate Bay founder | Stuff.co.nz
http://www.stuff.co.nz/technology/digital-living/62971785/thai-police-qu...
Cell carrier was weakest link in hack of Google, Instagram accounts | Ars Technica
http://arstechnica.com/security/2014/11/cell-carrier-was-weakest-link-in...
Ericsson boss sticks a pin in Google's loony Loon bubble \u2022 The Register
http://www.theregister.co.uk/2014/11/06/ericsson_chief_pops_googles_loon...
Microsoft releases free anti-malware for Azure VMs \u2022 The Register
http://www.theregister.co.uk/2014/11/06/microsoft_releases_free_antimalw...
EFF: VPNs will crumble Verizon's creepy supercookie stalkers \u2022 The Register
http://www.theregister.co.uk/2014/11/06/mobile_vpns_will_save_you_from_v...
Feds investigate Homeland Security background checker security breach \u2022 The Register
http://www.theregister.co.uk/2014/11/05/feds_investigate_dhs_background_...
Russia to ban iCloud.. to PROTECT iPhone fiddlers' pics 'n' sh*t \u2022 The Register
http://www.theregister.co.uk/2014/11/05/russia_set_to_ban_icloud/
Critics chafe as Macs send sensitive docs to iCloud without warning | Ars Technica
http://arstechnica.com/security/2014/11/critics-chafe-as-macs-send-sensi...
Thieves Cash Out Rewards, Points Accounts - Krebs on Security
http://krebsonsecurity.com/2014/11/thieves-cash-out-rewards-points-accou...
Does your phone company track you? | Ars Technica
http://arstechnica.com/security/2014/11/does-your-phone-company-track-you/
Google releases "nogotofail" to detect HTTPS bugs before they bite users | Ars Technica
http://arstechnica.com/security/2014/11/google-releases-nogotofail-to-de...
Yosemite infested by nasty 'Rootpipe' vuln \u2022 The Register
http://www.theregister.co.uk/2014/11/04/rootpipe_another_os_x_vuln/
Fatback Band - Tour
http://fatbackband.com/tour.html
https://ruxcon.org.au/assets/2014/slides/Breaking Bricks Ruxcon 2014.pdf
https://ruxcon.org.au/assets/2014/slides/Breaking%20Bricks%20Ruxcon%2020...
