Risky Business #397 -- Guest HD Moore joins the show!

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

******Here's a link to the Risky Business listener survey. Please take some time to fill it in! It'll really help the show!********

On this week's show we're checking in with HD Moore. He's left Rapid7 after six years and he'll be along to fill us in on his future plans in this week's feature interview. He'll also be reassuring all you Metasploit users out there that he'll be staying involved. He'll talk about a couple of absolutely awful bugs and he'll also weigh in on NorseGate: The implosion of the world's most cybery cyber advanced threat intelligence derpa derpa firm.

This week's show is brought to you by an Australian security consultancy, HackLabs. It's probably worth noting for our American friends that the Australian exchange rate has shifted pretty substantially over the last six months or so... so Australia might be a pretty good place for you to send some app review work!

In this week's sponsor interview HackLabs founder and head honcho Chris Gatford joins us to discuss strategies for administering unmaintained and hideously vulnerable enterprise apps.

Microsoft has end-of-lifed a stack of old IE versions, Oracle is killing the Java browser plugin... this will leave a lot of legacy apps marooned. So what can you do?

Adam Boileau joins us, as always, to discuss the week's security news. He also discusses Java deserialisation attacks that are shaping up as a major attack vector for 2016.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

------------

Oracle deprecates the Java browser plugin, prepares for its demise | Ars Technica
http://arstechnica.com/information-technology/2016/01/oracle-deprecates-...

Good Riddance to Oracle's Java Plugin - Krebs on Security
http://krebsonsecurity.com/2016/02/good-riddance-to-oracles-java-plugin/

Sources: Security Firm Norse Corp. Imploding - Krebs on Security
http://krebsonsecurity.com/2016/01/sources-security-firm-norse-corp-impl...

NSA Hacker Chief Explains How to Keep Him Out of Your System | WIRED
http://www.wired.com/2016/01/nsa-hacker-chief-explains-how-to-keep-him-o...

National Security Agency plans major reorganization - The Washington Post
https://www.washingtonpost.com/world/national-security/national-security...

A technical reading of the "HIMR Data Mining Research Problem Book" | Conspicuous Chatter
https://conspicuouschatter.wordpress.com/2016/02/03/a-technical-reading-...

Default settings in Apache may decloak Tor hidden services | Ars Technica
http://arstechnica.com/security/2016/02/default-settings-in-apache-may-d...

Crypto flaw was so glaring it may be intentional eavesdropping backdoor | Ars Technica
http://arstechnica.com/security/2016/02/crypto-flaw-was-so-glaring-it-ma...

UN rules in favour of Julian Assange
http://www.theage.com.au/world/un-rules-in-favour-of-assange-20160204-gm...

Corrupt Silk Road Investigator Re-Arrested for Allegedly Trying to Flee the US | WIRED
http://www.wired.com/2016/02/corrupt-silk-road-investigator-re-arrested-...

Former Energy Department employee admits trying to spear phish coworkers | Ars Technica
http://arstechnica.com/tech-policy/2016/02/former-energy-department-empl...

FTC: Tax Fraud Behind 47% Spike in ID Theft - Krebs on Security
http://krebsonsecurity.com/2016/01/ftc-tax-fraud-behind-47-spike-in-id-t...

HSBC online banking suffers major outage, blames DDoS attack | Ars Technica
http://arstechnica.com/security/2016/01/hsbc-online-banking-suffers-majo...

eBay has no plans to fix "severe" bug that allows malware distribution [Updated] | Ars Technica
http://arstechnica.com/security/2016/02/ebay-has-no-plans-to-fix-severe-...

PayPal Java Serialization Vulnerability | Threatpost | The first stop for security news
https://threatpost.com/java-serialization-bug-crops-up-at-paypal/116054/

Government Promises Comment Period on Next Wassenaar Draft | Threatpost | The first stop for security news
https://threatpost.com/government-promises-comment-period-on-next-wassen...

VirusTotal Firmware Malware Implant Scanning | Threatpost | The first stop for security news
https://threatpost.com/virustotal-supports-firmware-scanning/116072/

Mysterious spike in WordPress hacks silently delivers ransomware to visitors | Ars Technica
http://arstechnica.com/security/2016/02/mysterious-spike-in-wordpress-ha...

High-severity bug in OpenSSL allows attackers to decrypt HTTPS traffic | Ars Technica
http://arstechnica.com/security/2016/01/high-severity-bug-in-openssl-all...

Google fixes multiple Wi-Fi flaws, mediaserver bugs in Android | InfoWorld
http://www.infoworld.com/article/3028079/security/google-fixes-multiple-...

Google engineer finds holes in three 'secure' browsers
http://www.engadget.com/2016/02/04/tavis-ormandy-chromium-bug-hunter/

Penetration Testing & Web Application Security - HackLabs
http://www.hacklabs.com/

Risky Business #397 -- Guest HD Moore joins the show!
0:00 / 0:00