Symantec claims customers using its endpoint protection and antivirus products are not at risk following revelations the company's AV source code was stolen in 2006. But when it comes to providing specifics, Symantec is guarded. Following yesterday's blog post, Symantec has claimed recycled source code from its corporate antivirus product of 2006 makes up only 5% of current endpoint protection software. But it won't say which 5%.

An interesting news piece hit the wires overnight describing the 2010 breach of a handful of Verisign's corporate systems. The story was broken by the Reuters news agency and is peppered with sensational quotes like a former NSA and DHS guy saying "ZOMG this will end the interwebz" despite the fact the guy knows about as much as we do about the breach. You can read the whole thing here.

This is a special summer edition of the Risky Business podcast. There's no feature interview or sponsor interview -- just Adam Boileau and Patrick Gray discussing the most interesting security news items of the last three weeks, including: Did Persians pwn Drones? Bradley Manning faces court HP to face printer vulnerability lawsuit Could the USA's SOPA law break DNSSEC? GlobalSign says its CA systems were never compromised New guidelines for issuance of SSL certs Microsoft to silently update IE in 2012

McAfee Australia leaked 971 customer e-mail addresses in a botched e-mail marketing campaign last week. The addresses of the recipients were placed in the visible TO field instead of the BCC field. It's an all-too-common mistake, made especially embarrassing for McAfee because it's not the first time in recent memory something like this has happened.

On this week's podcast we take a look at doing some fairly unnatural things to the OS X operating system. We'll hear how to best rootkit OS X and also how messing with EFI bootloaders can be a whole bunch of fun in terms of installing persistent rootkits in PCI firmware. That's this week's feature interview, with our buddy Loukas from Assurance.com.au.

NFC on mobile phones is a new phenomenon and opens a lot of possibilities for research, particularly when talking about mobile payment platforms. Lateral Security's Nick discusses the good, the bad and the ugly of mobile NFC. RAW AUDIO.

In this week's feature we chat to Patrick Webster about his tangle with First State Superannuation. This is a story we've covered on the show over the last few weeks. If you haven't heard what happened, Pat spotted a bug in First State Super's statements system, probed it, let them know 12 hours later and then wound up with the police on his door! Since then the whole saga has turned into a pretty big deal here in Australia. The police and civil actions against Webster have both been dropped and First State Super -- and its administrator -- has wound up in a bunch of trouble.

This week's feature interview is with Ian De Villiers of the South African security firm Sensepost. Ian recently dropped a couple of interesting SAP security tools at 44con in London and ZACon in South Africa. SAP makes Enterprise Resource Planning (ERP) solutions... CRM, SCM, PLM... you know, all that three-lettered, thick client enterprise stuff. It's everywhere and as it turns out, one of the only things that has saved it from thorough examination in the past has been the obscurity of its protocol.

Australian security researcher Patrick Webster has received a letter from commercial law firm Minter Ellison demanding he turn over his computer to its client First State Superannuation. The legal threat follows Webster's disclosure of a serious and trivially exploitable security vulnerability in First State Superannuation's website to the company in September. Listen to my interview with First State Superannuation's Chief Executive Michael Dwyer AM here.