News, analysis and commentary
Presented by
CEO and Publisher
Technology Editor
Despite Australian Attorney General George Brandis's stellar explanation, some people are still a tad confused about what proposed law changes mean. Funny, that.
Presented by
CEO and Publisher
Technology Editor
In this week's feature we're chatting with Dave Aitel of Immunity Inc. We chat to him about the Sony hack being a demonstration of North Korean capability as opposed to genuine revenge... we also talk about security conferences in 2015 and chat to him about his rage-inspiring musings on so-called junk hacking from last year.
In this week's sponsor interview we speak with HackLabs big cheese Chris Gatford about the so-called Ghost vulnerability.
As it turned out, it was a bit of a fizzer, but it's still an interesting bug from a management point of view. How the hell do you figure out what the impact of something like that is on your network? The gethostbyname code is, of course, all over your nix boxes, but it's no doubt statically included in a whole bunch of your enterprise crapware as well. And the thing is, the fact that it's causing heart palpitations out there in some enterprise teams proves one thing: We don't trust out upstream software providers to patch this stuff... we don't even trust them to know what code is in their own products! It's a contemporary pickle and Chris Gatford of Hacklabs will be along in a bit to discuss it.
Don't forget you can now support Risky Business via our Patreon campaign!
Presented by
CEO and Publisher
Technology Editor
In this week's feature interview we're chatting with Wired journalist Kim Zetter about her fantastic book Stuxnet: Countdown to Zero Day. As it turns out, the assumption that US and Israeli intelligence agencies had "boots on ground" intelligence to design the malicious code could very well be bunkum!
This week's show is brought to you by Tenable Network Security, so in this week's sponsor interview we're chatting with Tenable's very own Marcus Ranum about attribution.
No, not just the North Korea angle... we cover off what sort of focus the average enterprise needs to put on attributing attacks. Does it even matter?
Adam Boileau, as always, joins the show to discuss the week's security news.
You can become a Risky Business patron thanks to our Patreon campaign.
And you can also follow Patrick or Adam on Twitter, if that's your thing.
First ever Risky.Biz YouTube rant with Patrick Gray - YouTube
https://www.youtube.com/watch?v=0o5PRIrQq48
Support Risky Business via our Patreon campaign!
https://patreon.com/riskybusiness
Kim Zetter's awesome Stuxnet book on Amazon:
http://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X
Prosecutors Trace $13.4M in Bitcoins From the Silk Road to Ulbricht's Laptop | WIRED
http://www.wired.com/2015/01/prosecutors-trace-13-4-million-bitcoins-sil...
A Heroin Dealer Tells the Silk Road Jury What It Was Like to Sell Drugs Online | WIRED
http://www.wired.com/2015/01/silk-road-heroin-dealer-testifies/
Here's the Secret Silk Road Journal From the Laptop of Ross Ulbricht | WIRED
http://www.wired.com/2015/01/heres-secret-silk-road-journal-laptop-ross-...
Silk Road paid off hackers to keep site running - CNET
http://www.cnet.com/news/hackers-blackmailed-silk-road-underground/
No, Department of Justice, 80 Percent of Tor Traffic Is Not Child Porn | WIRED
http://www.wired.com/2015/01/department-justice-80-percent-tor-traffic-c...
Bitcoin Exchange Operator Sentenced to 4 Years for Silk Road Transactions | WIRED
http://www.wired.com/2015/01/bitcoin-exchange-operator-sentenced-4-years...
Aspiring Singer Arrested in Israel on Suspicion of Hacking Madonna | WIRED
http://www.wired.com/2015/01/aspiring-singer-arrested-israel-suspicion-h...
Barrett Brown Sentenced to 5 Years in Prison in Connection to Stratfor Hack | WIRED
http://www.wired.com/2015/01/barrett-brown-sentenced-5-years-prison-conn...
Dutch judge allows alleged "sophisticated" Russian hacker to be sent to US | Ars Technica
http://arstechnica.com/tech-policy/2015/01/dutch-judge-allows-alleged-so...
New Rules in China Upset Western Tech Companies - NYTimes.com
http://www.nytimes.com/2015/01/29/technology/in-china-new-cybersecurity-...
FCC Warns Businesses WiFi Blocking is Illegal | Threatpost | The first stop for security news
http://threatpost.com/fcc-warns-businesses-wifi-blocking-is-illegal/110728
Snowden reveals LEVITATION technique of Canada's spies \u2022 The Register
http://www.theregister.co.uk/2015/01/29/snowden_reveals_levitation_techn...
Researcher says Aussie spooks help code Five Eyes mega malware \u2022 The Register
http://www.theregister.co.uk/2015/01/29/did_aussie_spooks_write_regin/
Oz spooks hack, wreck Middle East 'cooling system': report \u2022 The Register
http://www.theregister.co.uk/2015/01/28/skip_spooks_hack_wreck_middle_ea...
Australia launches cyber-weapons in global counter-terrorist operations
http://www.afr.com/p/technology/australia_launches_cyber_weapons_hR1B30q...
Facebook: Oi, Lizard Squad - we can take down our own site, ta \u2022 The Register
http://www.theregister.co.uk/2015/01/27/facebook_lizardsquad_takedown_cl...
Information Security: The Internet of Gas Stati... | SecurityStreet
https://community.rapid7.com/community/infosec/blog/2015/01/22/the-inter...
Google drops three OS X 0days on Apple | Ars Technica
http://arstechnica.com/security/2015/01/google-drops-three-os-x-0days-on...
iTunes Connect bug logs developers in to other developers' accounts at random | Ars Technica
http://arstechnica.com/apple/2015/01/itunes-connect-bug-logs-developers-...
PHP Applications, WordPress Vulnerable to Ghost glibc Bug | Threatpost | The first stop for security news
http://threatpost.com/php-applications-wordpress-subject-to-ghost-glibc-...
Critical "GHOST" Vulnerability Released | Sucuri Blog
http://blog.sucuri.net/2015/01/critical-ghost-vulnerability-released.html
Thunderstrike Patch Slated for Inclusion in New OS X Build | Threatpost | The first stop for security news
http://threatpost.com/thunderstrike-patch-slated-for-new-os-x-build/110649
Bug in ultra secure BlackPhone let attackers decrypt texts, stalk users | Ars Technica
http://arstechnica.com/security/2015/01/bug-in-ultra-secure-blackphone-l...
Chrome 40 Patches 62 Security Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/chrome-40-patches-62-security-vulnerabilities-pays...
Medeski Martin & Wood
http://www.mmw.net/
Presented by
CEO and Publisher
Technology Editor
Here it is, my first ever YouTube rant! I hope you enjoy it...
https://www.youtube.com/watch?v=0o5PRIrQq48
Yeah I haven't figured out how to embed it yet.
Presented by
CEO and Publisher
Technology Editor
Welcome back to Risky Business for another year. This is the ninth year of weekly Risky Business podcasts, we're stoked you're sticking around for more.
In this week's show Patrick Gray and Adam Boileau discuss the last month's crazy CyberNews(tm) and Palo Alto CTO and founder Nir Zuk stops by for the sponsor interview.
You can now support Risky Business by becoming a Patron.
Presented by
CEO and Publisher
Technology Editor
In this special edition we take a look back over the big news items of 2014.
Presented by
CEO and Publisher
Technology Editor
On this week's show Adam and I establish that it's actually quite possible the disaster unfolding at Sony Pictures is, in fact, a North Korean government plot. I know, I know, there are sceptics, but any way you slice or dice it, it actually looks plausible. Tune in to find out why.
In this week's feature interview we chat with Dan Guido, CEO of Trail of Bits, about his company's approach to DARPA's Cyber Grand Challenge. It's an initiative that will see automated attack and defence rigs do battle at DEF CON in Las Vegas in 2016. It's a fascinating idea that involves a lot of cutting edge research. Don't miss that interview.
In this week's sponsor interview Matt Alderman of Tenable joins us to talk about what tech is going to be hot in 2015. Will a clear definition of threat intelligence (besides herpa derp) emerge in 2015? What about the skills shortage? Will that put even more impetus behind the push to security automation?
Sony Got Hacked Hard: What We Know and Don't Know So Far | WIRED
http://www.wired.com/2014/12/sony-hack-what-we-know/
Sony Pictures hack gets uglier; North Korea won't deny responsibility [Updated] | Ars Technica
http://arstechnica.com/security/2014/12/sony-pictures-hack-gets-uglier-n...
Inside the "wiper" malware that brought Sony Pictures to its knees [Update] | Ars Technica
http://arstechnica.com/security/2014/12/inside-the-wiper-malware-that-br...
Sony Pictures malware tied to Seoul, "Shamoon" cyber-attacks | Ars Technica
http://arstechnica.com/security/2014/12/sony-pictures-malware-tied-to-se...
Sony Breach May Have Exposed Employee Healthcare, Salary Data - Krebs on Security
http://krebsonsecurity.com/2014/12/sony-breach-may-have-exposed-employee...
An alleged 27GB Sony Pictures data dump. 65 PlayStation web servers. One baffling mystery \u2022 The Register
http://www.theregister.co.uk/2014/12/03/strange_things_afoot_with_great_...
Iranian CLEAVER hacks through airport security, Cisco boxen \u2022 The Register
http://www.theregister.co.uk/2014/12/03/operation_cleaver/
Critical networks in US, 15 other nations, completely owned, possibly by Iran | Ars Technica
http://arstechnica.com/security/2014/12/critical-networks-in-us-15-natio...
An Interview With Darkside, Russia's Favorite Dark Web Drug Lord | WIRED
http://www.wired.com/2014/12/interview-darkside-russias-favorite-dark-we...
GCHQ boffins quantum-busted its OWN crypto primitive \u2022 The Register
http://www.theregister.co.uk/2014/12/03/gchq_boffins_quantumbusted_own_c...
Sites certified as secure often more vulnerable to hacking, scientists find | Ars Technica
http://arstechnica.com/security/2014/12/sites-certified-as-secure-often-...
Google kills CAPTCHAs: Are we human or are we spammer? \u2022 The Register
http://www.theregister.co.uk/2014/12/03/google_moves_beyond_text_puzzles...
Hawking: RISE of the MACHINES could DESTROY HUMANITY \u2022 The Register
http://www.theregister.co.uk/2014/12/03/stephen_hawking_says_ai_will_sup...
Australian Government funds effort to secure wearable data pulses \u2022 The Register
http://www.theregister.co.uk/2014/12/02/govt_backs_security_probe_to_fee...
December 2014 Microsoft Patch Tuesday Advance Notification | Threatpost | The first stop for security news
http://threatpost.com/missing-exchange-patch-expected-among-december-pat...
Apple Pulls Back Safari Patches | Threatpost | The first stop for security news
http://threatpost.com/apple-pulls-latest-round-of-safari-patches/109712
Cyber Grand Challenge - Mike Walker on Vimeo
http://vimeo.com/81340884
DARPA | Cyber Grand Challenge
http://www.cybergrandchallenge.com/
National Tour - Augie March
http://www.augiemarch.com.au/national-tour/
Presented by
CEO and Publisher
Technology Editor
There's lots of fun news in this week's show. Sony Pictures got absolutely flattened, Regin is all the rage and the SEA has been enjoying some success.
In this week's feature interview we're chatting with Claudio Guarnieri about his tool Detekt. It copped an absolute tonne of criticism on Twitter over the last week or so, but as you'll hear, most of the critics were kind of missing the point about what Claudio was trying to achieve. I know, I know, the idea that someone on Twitter might have been wrong is crazy, but just listen to the interview and see what you think. Claudio joins us via Skype from Berlin for a chat about Detekt!
This week's show is brought to you by Websense, big thanks to them. Websense principal security researcher Carl Leonard will join us from London to do something very, very brave. He's going to make some predictions for what we could see in the malware space in 2015. Brave is the soul who makes predictions in this discipline. That's this week's sponsor interview, with thanks again to Websense!
Sony Pictures hackers release list of stolen corporate files | Ars Technica
http://arstechnica.com/security/2014/11/sony-pictures-hackers-release-li...
'Hacked by #GOP': staff at Sony Pictures resort to paper and pen after hack shuts computer system
http://www.watoday.com.au/it-pro/security-it/hacked-by-gop-staff-at-sony...
I used to work for Sony Pictures. My friend still works there and sent me this. It's on every computer all over Sony Pictures nationwide. : hacking
https://www.reddit.com/r/hacking/comments/2n9zhv/i_used_to_work_for_sony...
Syrian Electronic Army claims hack of news sites, including CBC - Technology & Science - CBC News
http://www.cbc.ca/news/technology/syrian-electronic-army-claims-hack-of-...
Researchers Uncover Government Spy Tool Used to Hack Telecoms and Belgian Cryptographer | WIRED
http://www.wired.com/2014/11/mysteries-of-the-malware-regin/
Regin Cyberespionage Malware Platform Targets GSM Networks | Threatpost | The first stop for security news
http://threatpost.com/regin-cyberespionage-platform-also-spies-on-gsm-ne...
Oops: After Threatening Hacker With 440 Years, Prosecutors Settle for a Misdemeanor | WIRED
http://www.wired.com/2014/11/from-440-years-to-misdemeanor/
Freya Newman escapes conviction for leaking Frances Abbott scholarship details
http://www.smh.com.au/nsw/freya-newman-escapes-conviction-for-leaking-fr...
Laughing Hacker Who Hit Sony, FBI Now Seeks Legal Lols - Businessweek
http://www.businessweek.com/news/2014-11-26/lulzsec-hacker-out-of-jail-w...
Icelandic hacker says guilty of stealing money from Wikileaks | Reuters
http://www.reuters.com/article/2014/11/26/iceland-wikileaks-idUSL6N0TG4U...
Apple, Google encryption 'not helping' criminal investigation: AFP | ZDNet
http://www.zdnet.com/au/apple-google-encryption-not-helping-criminal-inv...
ATO bitcoin treatment could see business move offshore | ZDNet
http://www.zdnet.com/ato-bitcoin-treatment-could-see-business-move-offsh...
Home Depot Breach Cost Company $43 Million in Third Quarter | Threatpost | The first stop for security news
http://threatpost.com/home-depot-breach-cost-company-43-million-in-third...
Home Depot hit with "at least 44 civil lawsuits" due to data breach | Ars Technica
http://arstechnica.com/tech-policy/2014/11/home-depot-hit-with-at-least-...
Craigslist Back Online Following DNS Hijack | Threatpost | The first stop for security news
http://threatpost.com/craigslist-back-online-following-dns-hijack/109559
New Google Security Dashboard Manages Device Activity | Threatpost | The first stop for security news
http://threatpost.com/new-google-security-dashboard-manages-device-activ...
Using a password manager on Android? It may be wide open to sniffing attacks | Ars Technica
http://arstechnica.com/security/2014/11/using-a-password-manager-on-andr...
Skimmer Innovation: 'Wiretapping' ATMs - Krebs on Security
http://krebsonsecurity.com/2014/11/skimmer-innovation-wiretapping-atms/
Siemens issues emergency SCADA patch \u2022 The Register
http://www.theregister.co.uk/2014/11/27/siemens_issues_emergency_scada_p...
Siemens Patches WinCC Vulnerabilities Likely Being Exploited | Threatpost | The first stop for security news
http://threatpost.com/siemens-patches-wincc-vulnerabilities-likely-being...
Four-year-old comment security bug affects 86 percent of WordPress sites | Ars Technica
http://arstechnica.com/security/2014/11/four-year-old-comment-security-b...
Adobe Releases Emergency Flash Player Patch | Threatpost | The first stop for security news
http://threatpost.com/adobe-releases-emergency-flash-player-patch/109623
Adobe Reader sandbox popped says Google researcher \u2022 The Register
http://www.theregister.co.uk/2014/11/27/adobe_reader_sandbox_popped/
Privacy bods Detekt FinFisher dressed as bookmark manager \u2022 The Register
http://www.theregister.co.uk/2014/11/26/privacy_bods_detekt_finisher_dre...
Resist Surveillance
https://resistsurveillance.org/intentions.html
Augie March - A Dog Starved (official video) - YouTube
https://www.youtube.com/watch?v=DCE0zKxgyKI
Presented by
CEO and Publisher
Technology Editor
On this week's show we're chatting with Peter Fillmore about payment card security. He was able to clone a contactless card and use it to do his shopping here in Australia -- this is something you shouldn't be able to do. So the question becomes, how can the USA, which is taking tentative steps towards chip cards, avoid some of the mistakes made in more advanced markets like ours?
We also find out chip-enabled ATMs pass card data through the chip reader straight into a parser running on the main ATM OS... which, yeah... That's pretty bad.
This week's show is brought to you by Senetas, makers of fine, fine encryption technology. They make layer 2 encryption gear... Senetas CTO Julian Fay, says the Snowden leaks are continuing to have a massive impact on the business landscape out there. These guys are shipping equipment to encrypt hundreds and hundreds of gigabits of data flowing between data centres that are increasingly located in Europe. So all that talk about companies moving their equipment out of the USA? Well, it IS happening.
He's got some fascinating insights for us.
Critical NSA Reform Bill Fails in the Senate | WIRED
http://www.wired.com/2014/11/usa-freedom-act-fails-in-senate/
Beefed up iPhone crypto will lead to a child dying, DOJ warned Apple execs | Ars Technica
http://arstechnica.com/tech-policy/2014/11/beefed-up-iphone-crypto-will-...
U.S. Gov Insists It Doesn't Stockpile Zero-Day Exploits to Hack Enemies | WIRED
http://www.wired.com/2014/11/michael-daniel-no-zero-day-stockpile/
EFF, Others Plan to Make Encrypting the Web Easier in 2015 | Threatpost | The first stop for security news
http://threatpost.com/eff-others-plan-to-make-encrypting-the-web-easier-...
Whatsapp Just Switched on End-to-End Encryption for Hundreds of Millions of Users | WIRED
http://www.wired.com/2014/11/whatsapp-encrypted-messaging/
IAB Urges Designers to Make Encryption the Default | Threatpost | The first stop for security news
http://threatpost.com/iab-urges-designers-to-make-encryption-the-default...
Paper: NetFlow Data De-Anonymizes Tor Users | Threatpost | The first stop for security news
http://threatpost.com/tor-reins-in-concerns-after-academic-paper-on-de-a...
For a year, gang operating rogue Tor node infected Windows executables | Ars Technica
http://arstechnica.com/security/2014/11/for-a-year-one-rogue-tor-node-ad...
SMS pwnage on MEELLIONS of flawed SIM cards, popular 4G modems \u2022 The Register
http://www.theregister.co.uk/2014/11/19/sms_pwnage_on_meellions_of_flawe...
Google Releases Open Source XSS Web App Scanner | Threatpost | The first stop for security news
http://threatpost.com/google-releases-open-source-xss-web-app-scanner/10...
Open Source OpenSOC Security Analytics Framework Released | Threatpost | The first stop for security news
http://threatpost.com/cisco-releases-security-analytics-framework-to-ope...
Visa, MasterCard Remove Passwords from 3D Secure | Threatpost | The first stop for security news
http://threatpost.com/visa-mastercard-removing-passwords-from-3d-secure/...
Swedish Court Rejects Julian Assange's Appeal to Dismiss His Arrest Warrant | WIRED
http://www.wired.com/2014/11/sweden-rejects-assange-appeal/
How the Dark Web's New Favorite Drug Market Is Profiting From Silk Road 2's Demise | WIRED
http://www.wired.com/2014/11/the-evolution-of-evolution-after-silk-road/
AT&T Stops Using Invasive 'Perma-Cookies,' But It May Turn Them Back On | WIRED
http://www.wired.com/2014/11/att-hits-pause-privacy-busting-perma-cookie...
UK.gov teams up with moneymen on HACK ATTACK INSURANCE \u2022 The Register
http://www.theregister.co.uk/2014/11/13/cyber_insurance_analysis/
Network Hijackers Exploit Technical Loophole - Krebs on Security
http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-l...
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign | Threatpost | The first stop for security news
http://threatpost.com/attackers-using-compromised-web-plug-ins-in-crypto...
A neverending story: PC users lose another $120M to tech support scams | Ars Technica
http://arstechnica.com/information-technology/2014/11/ftc-windows-tech-s...
State Department shuts down email system after suspected hacker attack | US news | theguardian.com
http://www.theguardian.com/us-news/2014/nov/16/state-department-shuts-do...
Malware's new target: your password manager's password | Ars Technica
http://arstechnica.com/security/2014/11/citadel-attackers-aim-to-steal-v...
Apple iOS 8.1.1 Fixes Several Code-Execution Flaws | Threatpost | The first stop for security news
http://threatpost.com/apple-ios-8-1-1-fixes-several-code-execution-flaws...
Nasty Security Bug Fixed in Android Lollipop 5.0 | Threatpost | The first stop for security news
http://threatpost.com/nasty-security-bug-fixed-in-android-lollipop-5-0/1...
Windows Phone security sandbox survives Pwn2Own unscathed | Ars Technica
http://arstechnica.com/security/2014/11/windows-phone-security-sandbox-s...
Microsoft Releases Emergency Security Update - Krebs on Security
http://krebsonsecurity.com/2014/11/microsoft-releases-emergency-security...
WinShock PoC clocked: But DON'T PANIC... It's no Heartbleed \u2022 The Register
http://www.theregister.co.uk/2014/11/17/ms_schannel_crypto_poc/
Drupal Denial of Service Session Hijacking Patch | Threatpost | The first stop for security news
http://threatpost.com/drupal-patches-denial-of-service-vulnerability-det...
EMVCo
http://emvco.com/approvals.aspx?id=85
Payment Security Consulting
http://pscco.com.au/
the loved ones - ever lovin' man - YouTube
https://www.youtube.com/watch?v=Ajdqk8ZN1jM
Presented by
CEO and Publisher
Technology Editor
On this week's show we're taking a look at how you -- YES YOU -- can game online media. Find out how you can make comments on major news sites just disappear with one line of bash! Find out how you can drive a cupcake recipe into the "most popular" stories box on the world's major news sites!
That's a chat with Azhar Desai of Thinkst and it's this week's feature.
This week's show is brought to you be Tenable Network Security, thanks to them. And in this week's sponsor interview we're speaking with Tenable strategist Jack Daniel about his latest project Shoulders of Infosec. It's essentially a history project that seeks to record the achievements of infosec discipline pioneers.
Adam Boileau, as always, joins the show to talk about the week's infosec news.
Silk Road, other Tor "darknet" sites may have been "decloaked" through DDoS [Updated] | Ars Technica
http://arstechnica.com/security/2014/11/silk-road-other-tor-darknet-site...
How Did The FBI Break Tor?
http://www.forbes.com/sites/kashmirhill/2014/11/07/how-did-law-enforceme...
So Far Feds Have Only Confirmed Seizing 27 "Dark Market" Sites In Operation Onymous - Forbes
http://www.forbes.com/sites/katevinton/2014/11/07/operation-onymous-dark...
the grugq on Twitter: "http://t.co/mLVVT9NHzF"
https://twitter.com/thegrugq/status/530411690676875264
129 Of the Seized ".Onion" Domains Were at a Single Bulgarian Hosting - Deep Dot Web
http://www.deepdotweb.com/2014/11/08/129-seized-onion-domains-single-bul...
Law enforcement seized Tor nodes and may have run some of its own | Ars Technica
http://arstechnica.com/security/2014/11/law-enforcement-seized-tor-nodes...
TORpedo'd dev dumps Doxbin files after police raids \u2022 The Register
http://www.theregister.co.uk/2014/11/09/torpedod_dev_dumps_doxbin_files_...
Supporting Anonymous Use of Facebook in Tor - DigiCert Blog
https://blog.digicert.com/anonymous-facebook-via-tor/
New Mozilla Privacy Initiative to Include High-Capacity Tor Relays | Threatpost | The first stop for security news
http://threatpost.com/new-mozilla-privacy-initiative-to-include-high-cap...
Did the government hack a CBS journalist? Maybe. [Updated] | Ars Technica
http://arstechnica.com/tech-policy/2014/11/did-the-government-hack-a-cbs...
Sharyl Attkisson Changes Hacking Story Again: Now She Doesn't Know Who Did It | Blog | Media Matters for America
http://mediamatters.org/blog/2014/11/05/sharyl-attkisson-changes-hacking...
Australian Federal Police methods under question after 'LulzSec hacker' claims he was wrongly accused - ABC News (Australian Broadcasting Corporation)
http://mobile.abc.net.au/news/2014-11-10/afp-methods-questioned-as-hacke...
Hacker Emails Testing Service BrowserStack's Customers, Says Company Lied About Security | TechCrunch
http://techcrunch.com/2014/11/10/hacker-emails-testing-service-browserst...
gist:9b16e436e035f90ec35f
https://gist.github.com/simonsarris/9b16e436e035f90ec35f
Masque Attack: All Your iOS Apps Belong to Us | FireEye Blog
http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-atta...
DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests | WIRED
http://www.wired.com/2014/11/darkhotel-malware/
FBI defends "ruse" of undercover agents posing as hotel cable guys | Ars Technica
http://arstechnica.com/tech-policy/2014/11/fbi-defends-ruse-of-undercove...
Only Half of USB Devices Have an Unpatchable Flaw, But No One Knows Which Half | WIRED
http://www.wired.com/2014/11/badusb-only-affects-half-of-usbs/
Chinese hack U.S. weather systems, satellite network - The Washington Post
http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-sate...
All US Postal Service employees' personal data exposed by hackers | Ars Technica
http://arstechnica.com/security/2014/11/all-us-postal-service-employees-...
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon: Kim Zetter: 9780770436179: Amazon.com: Books
http://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X/r...
Lonely Planet 2001 Out to Eat San Francisco (Out to Eat Series): Kim Zetter, Andrew Dean Nystrom: 9781864500844: Amazon.com: Books
http://www.amazon.com/Lonely-Planet-2001-Francisco-Series/dp/1864500840
Stuxnet worm infected high-profile targets before hitting Iran nukes | Ars Technica
http://arstechnica.com/security/2014/11/stuxnet-worm-infected-high-profi...
iPhone, Galaxy S5, Nexus 5, and Fire Phone fall like dominoes at Pwn2Own | Ars Technica
http://arstechnica.com/security/2014/11/iphone-galaxy-s5-nexus-5-and-fir...
Don't blame Obama, but DDoS attacks are now using his press releases | Ars Technica
http://arstechnica.com/security/2014/11/dont-blame-obama-but-ddos-attack...
WTF, Russia's domestic Internet traffic mysteriously passes through Chinese routers | Ars Technica
http://arstechnica.com/security/2014/11/wtf-russias-domestic-internet-tr...
Emoticons blast three security holes in Pidgin :-( \u2022 The Register
http://www.theregister.co.uk/2014/11/10/cisco_security_bods_hunt_pidgin/
Potentially catastrophic bug bites all versions of Windows. Patch now | Ars Technica
http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bit...
Adobe, Microsoft Issue Critical Security Fixes - Krebs on Security
http://krebsonsecurity.com/2014/11/adobe-microsoft-issue-critical-securi...
thinkst.com/stuff/hitb2014/HITB_Thinkst_2014_No_notes.pdf
http://thinkst.com/stuff/hitb2014/HITB_Thinkst_2014_No_notes.pdf
LABJACD | Unearthed
https://www.triplejunearthed.com/artist/labjacd
shouldersofinfosec [licensed for non-commercial use only] / The Shoulders of InfoSec Project
http://shouldersofinfosec.pbworks.com/w/page/85415119/The%20Shoulders%20...