This week's show is brought to you by BugCrowd -- crowdsourced security testing. Bugcrowd founder and CEO Casey Ellis will join us in this week's sponsor interview to tell us about the latest trends in bounties and crowdsourced security.
He's got some useful info. It turns out bounty participants are getting better at doing OSINT collection to win when testing. So yeah, creds and stuff in Github and repos that shouldn't be there are giving these guys easy wins... we'll also talk about the latest trends in terms of who's running bounty programs -- it's not just companies testing web and mobile apps these days, they're doing a bunch more work on IoT and installable software. It's a solid trend.
There's no feature interview in this week's show because, well, it was a pretty slow week. I was expecting last week's US House hearing into possible US responses to encryption technology to give me heaps of feature material for this week's show, but it was actually a bit of a fizzer, which is pretty awesome, actually.
Adam Boileau, as usual, joins the show to discuss the week's news headlines.
Don't forget you can now support the Risky Business page via our Patreon campaign.
Oh, and do add Patrick and Adam on Twitter if that's your thing.
Show notes
Windows Update for Business Uproots Patch Tuesday | Threatpost | The first stop for security news
https://threatpost.com/patch-tuesday-facelift-end-of-an-era/112640
A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent\u2026
https://blogs.windows.com/msedgedev/2015/05/06/a-break-from-the-past-par...
Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday \u2022 The Register
http://www.theregister.co.uk/2015/05/04/microsoft_windows_10_updates/
With Lock Research, Another Battle Brews in the War Over Security Holes | WIRED
http://www.wired.com/2015/05/lock-research-another-battle-brews-war-secu...
Vulnerability-Riddled Drug Pumps Open to Takeover | Threatpost | The first stop for security news
https://threatpost.com/vulnerability-riddled-drug-pumps-open-to-takeover...
Interpol alerted as teenage hacker from Perth flees to Europe | The Australian
http://www.theaustralian.com.au/news/nation/interpol-alerted-as-teenage-...
Programmer Convicted in Bizarre Goldman Sachs Case-Again | WIRED
http://www.wired.com/2015/05/programmer-convicted-bizarre-goldman-sachs-...
WikiLeaks Finally Brings Back Its Submission System for Your Secrets | WIRED
http://www.wired.com/2015/05/wikileaks-finally-brings-back-submission-sy...
How Selerity reported Twitter's earnings-before Twitter did | Ars Technica
http://arstechnica.com/business/2015/05/how-selerity-reported-twitters-2...
'Just follow the damn Constitution!' FBI, DoJ skewered over demands for crypto backdoors \u2022 The Register
http://www.theregister.co.uk/2015/05/01/congress_gives_bipartisan_bolloc...
Congress, Crypto and Craziness | Threatpost | The first stop for security news
https://threatpost.com/congress-crypto-and-craziness/112508
Zuck'ed up: Facebook opens up free internet in India - but bans HTTPS \u2022 The Register
http://www.theregister.co.uk/2015/05/04/internet_org_facebook/
Foiling Pump Skimmers With GPS - Krebs on Security
http://krebsonsecurity.com/2015/05/foiling-pump-skimmers-with-gps/
PayIvy Sells Your Online Accounts Via PayPal - Krebs on Security
http://krebsonsecurity.com/2015/05/payivy-sells-your-online-accounts-via...
Google Research Reveals Profitable, Pervasive Ad Injector Ecosystem | Threatpost | The first stop for security news
https://threatpost.com/google-research-reveals-profitable-pervasive-ad-i...
Microsoft LAPS Tool Addresss Local Admin Password Problem | Threatpost | The first stop for security news
https://threatpost.com/microsoft-laps-tool-tackles-common-local-admin-pa...
Netflix Releases FIDO Incident Response Tool | Threatpost | The first stop for security news
https://threatpost.com/netflix-releases-fido-incident-response-tool/112618
Google Updates Password Alert Extension, But Some Bypasses Still Work | Threatpost | The first stop for security news
https://threatpost.com/google-updates-password-alert-extension-but-some-...
Super secretive malware wipes hard drive to prevent analysis | Ars Technica
http://arstechnica.com/security/2015/05/super-secretive-malware-wipes-ha...
Dyre Banking Trojan Avoids Sandbox Detection | Threatpost | The first stop for security news
https://threatpost.com/dyre-banking-trojan-jumps-out-of-sandbox/112533
The BACKRONYM MySQL Vulnerability - Blog - Duo Security
https://www.duosecurity.com/blog/backronym-mysql-vulnerability
Behold: the drop-dead simple exploit that nukes Google's Password Alert | Ars Technica
http://arstechnica.com/security/2015/04/behold-the-drop-dead-simply-expl...
Actively exploited WordPress bug puts millions of sites at risk | Ars Technica
http://arstechnica.com/security/2015/05/actively-exploited-wordpress-bug...
Spam-blasting malware infects thousands of Linux and FreeBSD servers | Ars Technica
http://arstechnica.com/security/2015/04/spam-blasting-malware-infects-th...
Lenovo System Update Vulnerabilities Patched | Threatpost | The first stop for security news
https://threatpost.com/lenovo-patches-vulnerabilities-in-system-update-s...
Sally Beauty Card Breach, Part Deux? - Krebs on Security
http://krebsonsecurity.com/2015/05/sally-beauty-card-breach-part-deux/
02 - Mammal - Think - YouTube
https://www.youtube.com/watch?v=mCQXqHr9CwE