On this week’s show Patrick and Adam have a look at the surprisingly great report about 0day prepared by RAND Corporation, as well as the other security news of the week. How ‘bout dat Struts bug, eh?
Dr. Vanessa Teague of the University of Melbourne also joins the show to talk about the latest developments around computerised voting. Vanessa is an expert on e-voting and she’s been in the space for a long time – she’ll be joining us this week to talk about how European authorities have been responding to the risks posed to their elections by outside parties, and we take a look at some voting security ideas for America.
This week’s show is brought to you by Netsparker. Netsparker is a black-box web application testing tool that aims to speed up webapp tests through automation. Netsparker’s creator Ferruh Mavituna is this week’s sponsor guest. He’s joining us to basically talk about what you can actually automate in webapp testing, but also about what you can’t automate. That’s a really interesting chat, one that the pentesters will love I’m sure.
Links to items discussed in this week’s show have moved – they’re now included in this post, below.
Oh, and do add Patrick, or Adam on Twitter if that’s your thing.
- Critical vulnerability under “massive” attack imperils high-impact sites [Updated] | Ars Technica
- In-the-wild exploits ramp up against high-impact sites using Apache Struts | Ars Technica
- Zero Day Exploits Rarely Discovered By More Than One Group, Study Finds - Motherboard
- Wikileaks' Cache of Alleged CIA Files Includes Unredacted Names - Motherboard
- WikiLeaks: We’ll Work With Software Makers on Zero-Days — Krebs on Security
- Apple Says Many of the CIA's Alleged iPhone Hacks Have Already Been Patched - Motherboard
- After NSA hacking exposé, CIA staffers asked where Equation Group went wrong | Ars Technica
- FBI Director Tells Companies Not to 'Hack Back' Against Hackers - Motherboard
- Dutch Cops Say They've Decrypted PGP Messages On Seized Server - Motherboard
- Dear Confide: “We would never” isn’t the same as “we can’t” | Ars Technica
- Court Says Hacking Victim Can’t Sue a Foreign Government For Hacking Him on US Soil - Motherboard
- The NSA's 'Twitter For Spies' Has Over 60,000 Users - Motherboard
- Yahoo to give Marissa Mayer $23 million parting gift after sale to Verizon | Ars Technica
- 38 Android Devices Infected with Malware Preinstalled in Supply Chain | Threatpost | The first stop for security news
- Dahua, Hikvision IoT Devices Under Siege — Krebs on Security
- Hackers with Credit Card Scrapers Continue to Target Magento | Threatpost | The first stop for security news
- Getting Physical With USB Type-C
- Patch Tuesday Returns; Microsoft Quiet on Postponement | Threatpost | The first stop for security news
- iVote West Australia: Who voted for you? | Pursuit by The University of Melbourne