Risky Business #359 -- Whisper? More like shout!

App maker accuses Xipiter of "doctoring" disastrous PoC...
26 Mar 2015 » Risky Business

This week Risky Business takes you behind the scenes of a spat between the makers of the Whisper App and Stephen Ridley's company Xipiter.

Ridley's crew say they found some 24-carat-facepalm security problems with the app, subsequently publishing a blog post and video detailing the bugs. You'd think whisper would patch the bugs and move on. But no, they decided to accuse Xipiter of making the whole thing up, even going so far as to accuse them of doctoring their proof of concept video!

Stephen Ridley will join the show to discuss all of that.

This week's show is brought to you by FireEye, makers of fine, fine security software and appliances. And this week's guest is Steve Miller. Steve is American, he came from the Mandiant side of FireEye's business, but he's moved to Sydney to head up security operations for FireEye in APJ! We'll be talking to him about some tales from the incident response trenches and how really good target profiling has become a standard part of the contemporary attacker's MO.

Don't forget you can now support the Risky Business page via our Patreon campaign. Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

You can become a Risky Business patron here:
https://www.patreon.com/riskybusiness

News:

Islamic State doxes US soldiers, airmen, calls on supporters to kill them | Ars Technica
http://arstechnica.com/tech-policy/2015/03/islamic-state-doxes-us-soldie...

All four major browsers take a stomping at Pwn2Own hacking competition | Ars Technica
http://arstechnica.com/security/2015/03/all-four-major-browsers-take-a-s...

Google warns of unauthorized TLS certificates trusted by almost all OSes [Updated] | Ars Technica
http://arstechnica.com/security/2015/03/google-warns-of-unauthorized-tls...

Windows 10 to make the Secure Boot alt-OS lock out a reality | Ars Technica
http://arstechnica.com/information-technology/2015/03/windows-10-to-make...

Google Adds Deceptive Software to Safe Browsing API | Threatpost | The first stop for security news
https://threatpost.com/google-adds-deceptive-software-to-safe-browsing-a...

MRIs show our brains shutting down when we see security prompts | Ars Technica
http://arstechnica.com/security/2015/03/mris-show-our-brains-shutting-do...

Stealing Data From Computers Using Heat | WIRED
http://www.wired.com/2015/03/stealing-data-computers-using-heat/

Hacking BIOS Chips Isn't Just the NSA's Domain Anymore | WIRED
http://www.wired.com/2015/03/researchers-uncover-way-hack-bios-undermine...

Tax Fraud Advice, Straight from the Scammers - Krebs on Security
http://krebsonsecurity.com/2015/03/tax-fraud-advice-straight-from-the-sc...

Malicious user hides trojan links in cloned Steam Greenlight pages | Ars Technica
http://arstechnica.com/gaming/2015/03/malicious-user-hides-trojan-links-...

Twitch resets user passwords following breach | Ars Technica
http://arstechnica.com/security/2015/03/twitch-resets-user-passwords-fol...

Hilton Honors Flaw Exposed All Accounts - Krebs on Security
http://krebsonsecurity.com/2015/03/hilton-honors-flaw-exposed-all-accounts/

Target to pay $10 million to victims of data breach - CNET
http://www.cnet.com/news/target-to-pay-10-million-to-victims-of-data-bre...

A $60 Gadget That Makes Car Hacking Far Easier | WIRED
http://www.wired.com/2015/03/60-gadget-thatll-make-car-hacking-easier-ever/

Dridex Campaign Evades Detection with AutoClose Function | Threatpost | The first stop for security news
https://threatpost.com/latest-dridex-campaign-evades-detection-with-auto...

Adobe CVE-2011-2461 Remains Exploitable Via Flex Four Years After Patch | Threatpost | The first stop for security news
https://threatpost.com/adobe-cve-2011-2461-remains-exploitable-four-year...

Cisco Small Business IP Phones Open to Remote Eavesdropping | Threatpost | The first stop for security news
https://threatpost.com/cisco-small-business-ip-phones-open-to-remote-eav...

Default Setting in Windows 7, 8.1 Could Allow Privilege Escalation | Threatpost | The first stop for security news
https://threatpost.com/default-setting-in-windows-7-8-1-could-allow-priv...

Instagram API Bug Could Allow Malware Downloads | Threatpost | The first stop for security news
https://threatpost.com/instagram-api-bug-could-allow-malicious-file-down...

OpenSSL Patches High Severity DOS Vulnerability | Threatpost | The first stop for security news
https://threatpost.com/openssl-mystery-patch-is-no-heartbleed/111708

Android hijacking bug may allow attackers to install password-stealers | Ars Technica
http://arstechnica.com/security/2015/03/android-hijacking-bug-may-allow-...

Background on The Guardian vs Whisper:

Corrections and clarifications | News | The Guardian
http://www.theguardian.com/news/2015/mar/11/corrections-and-clarifications

The Whisper Campaign That Torched A Guardian Story - BuzzFeed News
http://www.buzzfeed.com/mathonan/the-whisper-campaign-that-torched-a-gua...

"a confederacy of 'privacy' dunces": what we found under the hood of an 'anonymous' chat app used by millions - Xipiter
http://www.xipiter.com/musings/a-confederacy-of-privacy-dunces-what-we-f...

Music!

Pendulum - ABC News Theme Remix Full Version + Download - YouTube
https://www.youtube.com/watch?v=8XbQsjRc7L0

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: