This week's feature guest is the creator of the iPhone worm, Ashley Towns, aka Ikee. This guy is either a cheeky kid or a cyber terrorist, depending on who you ask, and yup -- we've got him on the show.
"Unu's blog", a website chronicling one hacker's brazen compromises of high-profile web applications, has been yanked offline.
Visitors to the blog are now shown text suggesting Unu has shut up shop voluntarily. "This user has elected to delete their account and the content is no longer available," is the only explanation offered.
Unu's blog mostly consisted of a series of screen captures showing allegedly compromised Web applications. The blog's victims included bank and other high profile Web sites, including the Royal Bank of Scotland, HSBC France, the Italian Postal Service, Facebook and more.
Prior to hosting at BayWords, Unu's blog was hosted by Wordpress.com, until it was apparently pulled down after the blogger posted details of a vulnerability in a Yahoo site.
Most recently Unu made waves by claiming to have hacked BarackObama.com, a claim disputed by the Democratic National Committee's national press secretary Hari Sevugan.
While the actions of the blog author, if proved authentic would clearly be illegal, the Web site attracted a significant following -- and a modicum of privately expressed respect -- among many IT security professionals.
While Unu's motives were never expressly outlined, many assume the blog served to name and shame large organisations that failed to secure their web applications.
Follow Risky.Biz on Twitter here.
Sign up for a Risky.Biz account here to receive a weekly newsletter and join our forums!
This week's show is sponsored by the wonderful people from Tenable Network Security.
In this sponsored podcast, Risky.Biz chats with Symantec's Kevin Haley about rogue AV. More specifically, how can we measure the extent of the rogue AV problem? How can we know how much money is involved, and what can be done to shut down this nasty trade?
This week's podcast is hosted by Vigabyte virtual hosting but sponsored by Check Point.
Risky Business 2 is brought to you by Symantec and hosted by Vigabyte virtual hosting!
This week's edition of Risky Business is brought to you by Sophos.
The Metasploit project has been acquired by Rapid7, a US-based vulnerability management company.
Metasploit creator H D Moore confirmed the sale in a podcast interview with Risky.Biz overnight (Click to hear the podcast). "This is more of a buy in than a sell out," he told Risky.Biz "It's about taking Metasploit to the next level with a real company with real funding."
Eager to put open source enthusiasts' minds at ease, Moore told Risky.Biz the acquisition will result in full time resources being allocated to the Metasploit project. Rapid7 will fund five full time developers to work on the project and Moore insists all core software developed by the new, full time team will remain free and open source.
"Nothing that people are using today is going away," he said. " I'm definitely in it for the long haul."
Rapid7 director of products and operations, Corey Thomas, insists the company is committed to the future of Metasploit as an open source project. He says the acquisition seemed a natural progression following partnership and integration discussions with Moore.
"We [already had] two or three developers who contribute to Metasploit," he said. "After a period of time we decided the best way to go was to make a direct investment and fully sponsor the Metasploit project."
Originally released in 2003, Metasploit allows security professionals to rapidly develop exploits for computer vulnerabilities. Initially regarded as controversial, Metasploit has become a staple tool for penetration testers and other technical security professionals.
To hear H D Moore and Corey Thomas discuss the acquisition, listen to Risky Business episode 128 here.
Subscribe to the Risky Business podcast here.
Follow Risky Business on Twitter here.
Sign up for a forum account and our weekly newsletter here.
...or leave us a voicemail on Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).
This week's show features an excerpt from David Rice's plenary speech at the GovCERT Symposium in Rotterdam, The Netherlands.
This week's show is a bit of a special edition, prepared at the GovCERT.nl Symposium at the World Trade Centre in Rotterdam, Netherlands.
In today's podcast you'll hear Risky.Biz's New Zealand correspondent Paul Craig discussing Red Team testing with Chris Nickerson. A Red Team test involves more than just a standard pen test, it's an outright simulated attack. You'll hear Chris speak of crawling through ceilings to get to data centres, stealing trade secrets -- actual documents -- and even having his nose smashed in by an overly enthusiastic security guard.
On this week's show we'll be chatting with Stratsec's Chief Technology guy Nick Ellsmore about bank fraud liability. A couple in the USA who fell victim to a phishing scam are suing their bank to get their money back. Nick's not a lawyer, but he's one of those guys who follows the law as it relates to security very, very closely, so he'll be on the show to talk about that.
Domain name regulator auDA moved to terminate Bottle Domains' registrar agreement when it was revealed the company's customer database had been hacked and offered for sale in a black market forum. "Under the terms of the registrar agreement with us they are obliged to inform us of any security breach," auDA CEO Chris Disspain told Risky.Biz in a podcast interview. (Click to hear the full interview.) "That did not happen."
On this week's show we'll be taking a look at the disclosure of security vulnerabilities in Web applications.
Risky Business 2 is sponsored exclusively by Symantec.
This week's edition of Risky Business is brought to you by the fine folks at Sophos, the makers of all types of security software and the employer many, many smart cookies.
While the bug allows remote code execution several versions of Windows, including Vista and Server 2008, its impact on Windows 2000 is limited to causing a denial of service.
This week's episode is sponsored by Check Point software.
Risky Business two is brought to you exclusively by Symantec, so big thanks to the team over there for making this podcast possible!
It makes for pretty interesting reading. There are 211 exploits on the list, with 117 of them described as confirmed 0day.
