On this week's show we're taking a look at public transport ticketing security. Some clever fellows from the US of A have figured out how to reset their RFID tickets with a nifty little app for NFC-enabled smartphones. All this due to some positively boneheaded mistakes made during the initial rollout of some ticketing systems. That interview is with Corey Benninger of Intrepidus Group.
This week's show is brought to you by Tenable Network Security. Tenable's co-founder and CEO Ron Gula will be joining the program to talk about the possibility of US president Obama issuing an executive order designed to replace the doomed Cybersecurity Act of 2012, which was shot down by the US congress.
Insomnia Security's Mark Piper fills in for Adam Boileau in this week's news segment.
Show notes
New Java flaw could hit 1 billion users | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57520532-83/new-java-flaw-could-hit-1-b...
Microsoft Releases Out-Of-Band IE Zero-Day Patch | threatpost
http://threatpost.com/en_us/blogs/microsoft-releases-out-band-ie-zero-da...
SourceForge Investigates Backdoor Code Found in Copy of phpMyAdmin | threatpost
http://threatpost.com/en_us/blogs/sourceforge-investigates-backdoor-code...
Researcher Finds 100k IEEE.org Passwords Stored in Plain-Text on Public FTP Server | threatpost
http://threatpost.com/en_us/blogs/researcher-finds-100k-ieeeorg-password...
Samsung offers up patch for Galaxy S3 remote wipe vulnerability | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57520467-83/samsung-offers-up-patch-for...
Apple TV vulnerabilities closed after being watched for months | ZDNet
http://www.zdnet.com/apple-tv-vulnerabilities-closed-after-being-watched...
Large-Scale Water Holing Attack Campaigns Hitting Key Targets | threatpost
http://threatpost.com/en_us/blogs/large-scale-water-holing-attack-campai...
Forthcoming SHA-3 Hash Function May Be Unnecessary | threatpost
http://threatpost.com/en_us/blogs/forthcoming-sha-3-hash-function-may-be...
New Zealand Intel Agency Investigated for Unlawful Spying on Kim Dotcom | Threat Level | Wired.com
http://www.wired.com/threatlevel/2012/09/illegal-spying-on-kim-dotcom/
Google pays bug hunters for finding Windows flaw | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57520440-83/google-pays-bug-hunters-for...
ACLU sues to get U.S. agencies' license plate tracking records | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57520336-83/aclu-sues-to-get-u.s-agenci...
How long will it be before iOS 6 Maps kills someone? | ZDNet
http://www.zdnet.com/how-long-will-it-be-before-ios-6-maps-kills-someone...
Australian police want telco customer data retained forever | ZDNet
http://www.zdnet.com/australian-police-want-telco-customer-data-retained...
Special Report: iOS app piracy soars - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/316996,special-report-ios-app-piracy-s...
Hackers ransom $3000 from NT business - Applications - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/316663,hackers-ransom-3000-from-nt-bus...
Adobe releases open-source coding typeface - Boing Boing
http://boingboing.net/2012/09/24/adobe-releases-open-source-cod.html
UltraReset - Bypassing NFC access control with your smartphone - Intrepidus Group - Insight
http://intrepidusgroup.com/insight/2012/09/ultrareset-bypassing-nfc-acce...
Video of Intrepidus demonstrating NFC ticketing resets:
http://vimeo.com/49664045
Slide deck:
http://media.risky.biz/EUSecWest-SoBenn-Transit2012-Preview.pdf
The Public Opinion Afro Orchestra - Shake on Official.fm
http://official.fm/tracks/daLt/file
That out of brand IE is really getting my attention. What would that be if I may ask? - Steven Wyer
