In this week's podcast we check in with Troy Hunt from HaveIBeenPwned.com. Troy has done the responsible thing in adding the Ashley Madison dataset to his service -- you can only search for email addresses in the dump after you've verified that you control them. We'll talk to him about why he did that.
This week's show is brought to you by FireEye and FireEye senior systems engineer Ben Wilson stops by to have a chat about some neat tricks attackers and malware authors are getting up to with various scripts on Windows. WMI for persistence is a thing now, for example. It's a really interesting chat that one and it's coming up a bit later.
The Grugq is in the news chair this week, filling in for Adam Boileau.
Don't forget you can now support the Risky Business page via our Patreon campaign.
Oh, and do add Patrick and The Grugq on Twitter if that's your thing.
Show notes
Was the Ashley Madison Database Leaked? - Krebs on Security
http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/
Ashley Madison hack is not only real, it's worse than we thought | Ars Technica
http://arstechnica.com/security/2015/08/ashley-madison-hack-is-not-only-...
Microsoft issues emergency patch for critical IE bug under active exploit | Ars Technica
http://arstechnica.com/security/2015/08/microsoft-issues-emergency-patch...
Exclusive: Russian antivirus firm faked malware to harm rivals - Ex-employees | Reuters
http://www.reuters.com/article/2015/08/14/us-kaspersky-rivals-idUSKCN0QJ...
Crackdowns Haven't Stopped the Dark Web's $100M Yearly Drug Sales | WIRED
http://www.wired.com/2015/08/crackdowns-havent-stopped-dark-webs-100m-ye...
What We Know About the NSA and AT&T's Spying Pact | WIRED
http://www.wired.com/2015/08/know-nsa-atts-spying-pact/
Busting the Biggest Myth of CISA---That the Program Is Voluntary | WIRED
http://www.wired.com/2015/08/access-cisa-myth-of-voluntary-info-sharing/
Virginia Finally Drops America's 'Worst Voting Machines' | WIRED
http://www.wired.com/2015/08/virginia-finally-drops-americas-worst-votin...
How Not to Start an Encryption Company - Krebs on Security
http://krebsonsecurity.com/2015/08/how-not-to-start-an-encryption-company/
How BitTorrent could let lone DDoS attackers bring down big sites | Ars Technica
http://arstechnica.com/security/2015/08/how-bittorrent-could-let-lone-dd...
RPC Portmapper Reflective DDoS Attacks | Threatpost | The first stop for security news
https://threatpost.com/reflection-ddos-attacks-abusing-rpc-portmapper/11...
Android security on the ropes with one-two punch from researchers | Ars Technica
http://arstechnica.com/security/2015/08/android-security-on-the-ropes-wi...
Your BMW or Benz Could Also Be Vulnerable to That GM OnStar Hack | WIRED
http://www.wired.com/2015/08/bmw-benz-also-vulnerable-gm-onstar-hack/
My browser visited Weather.com and all I got was this lousy malware (Updated) | Ars Technica
http://arstechnica.com/security/2015/08/my-browser-visited-drudgereport-...
Luca Todesco OS X Zero Day Vulnerabilities | Threatpost | The first stop for security news
https://threatpost.com/inside-the-unpatched-os-x-vulnerabilities/114344
Bugged, Tracked, Hacked | 60 Minutes | 9Jumpin
http://www.9jumpin.com.au/show/60minutes/stories/2015/august/phone-hacking/
Troy Hunt: Here's how I'm going to handle the Ashley Madison data
http://www.troyhunt.com/2015/07/heres-how-im-going-to-handle-ashley.html
fireeye/flare-wmi \xb7 GitHub
https://github.com/fireeye/flare-wmi
https://www.insomniasec.com/downloads/publications/shellgame.pdf
