Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business #322 -- China charges: Just what is America doing?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

On this week's show we've got a cracking interview with ANU Professor and former prime ministerial advisor Hugh White about the charges brought against alleged Chinese military hackers by the US Department of Justice. That one's coming up after the news.

This week's show is brought to you by Tenable Network Security. Jack Daniel of Tenable stops by in this week's sponsor interview to talk about password managers in light of the eBay breach. Is it time we really started encouraging people to use them?

Show notes

Hackers raid eBay in historic breach, access 145 million records | Reuters
http://uk.reuters.com/article/2014/05/22/uk-ebay-password-idUKKBN0E10ZL2...

Expert: Fake eBay Customer List is Bitcoin Bait - Krebs on Security
http://krebsonsecurity.com/2014/05/expert-fake-ebay-customer-list-is-bit...

'Blackshades' Trojan Users Had It Coming - Krebs on Security
http://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/

U.S. Indictment of Chinese Hackers Could Be Awkward for the NSA | Enterprise | WIRED
http://www.wired.com/2014/05/us-indictments-of-chinese-military-hackers-...

USDOJ: U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage
http://www.justice.gov/opa/pr/2014/May/14-ag-528.html

NSA reportedly installing spyware on US-made hardware - CNET
http://www.cnet.com/au/news/nsa-reportedly-installing-spyware-on-us-made...

China ups security checks on tech suppliers as US tensions mount - CNET
http://www.cnet.com/au/news/china-ups-security-checks-on-tech-suppliers-...

Why did China ban Windows 8? - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386140,why-did-china-ban-windows-8.aspx

Cisco CEO asks Obama to control NSA surveillance - CNET
http://www.cnet.com/au/news/cisco-ceo-asks-obama-to-control-nsa-surveill...

NSA Reform Bill Passes the House-With a Gaping Loophole | Threat Level | WIRED
http://www.wired.com/2014/05/usa-freedom-act-2/

Free App Lets the Next Snowden Send Big Files Securely and Anonymously | Threat Level | WIRED
http://www.wired.com/2014/05/onionshare/

Pro-Privacy Blackphone Pulls $30M Into Silent Circle | TechCrunch
http://techcrunch.com/2014/05/21/silent-circle-funding/

Whistleblowers Beware: Apps Like Whisper and Secret Will Rat You Out | Business | WIRED
http://www.wired.com/2014/05/whistleblowers-beware/

Secrets, lies and Snowden's email: why I was forced to shut down Lavabit | Comment is free | theguardian.com
http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shu...

Darkcoin, the Shadowy Cousin of Bitcoin, Is Booming | Threat Level | WIRED
http://www.wired.com/2014/05/darkcoin-is-booming/

AFP arrests man over Melbourne IT hack - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/386200,afp-arrests-man-over-melbourne-it-h...

SNMP DDoS Attacks Spike
http://www.darkreading.com/attacks-breaches/snmp-ddos-attacks-spike/d/d-...?

SNMP Public Community String Zero Day in Routers Disclosed | Threatpost | The first stop for security news
http://threatpost.com/embedded-devices-leak-authentication-data-via-snmp...

XMPP Mandating Encryption on Messaging Service Operators | Threatpost | The first stop for security news
http://threatpost.com/xmpp-mandating-encryption-on-messaging-service-ope...

Remove metadata from Office files, PDFs, and images - CNET
http://www.cnet.com/au/how-to/remove-metadata-from-office-files-pdfs-and...

Chip and PIN EMV Protocol security vulnerabilities found | Threatpost | The first stop for security news
http://threatpost.com/researchers-find-serious-problems-in-chip-and-pin-...

Privileged User Access Lacking Trust But Verify | Threatpost | The first stop for security news
http://threatpost.com/enterprises-still-lax-on-privileged-user-access-co...

ICS-CERT Confirms Public Utility Compromised Recently | Threatpost | The first stop for security news
http://threatpost.com/ics-cert-confirms-public-utility-compromised-recen...

Samsung Eyeing Iris Recognition for New Phones | Threatpost | The first stop for security news
http://threatpost.com/samsung-eyeing-iris-recognition-for-new-phones/106222

Why You Should Ditch Adobe Shockwave - Krebs on Security
http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/

Malvertising Redirecting to Angler EK, Silverlight Exploits | Threatpost | The first stop for security news
http://threatpost.com/malvertising-redirecting-to-microsoft-silverlight-...

Android Outlook App Could Expose Emails, Attachments | Threatpost | The first stop for security news
http://threatpost.com/android-outlook-app-could-expose-emails-attachment...

Microsoft Working on Patch for IE 8 Zero Day | Threatpost | The first stop for security news
http://threatpost.com/microsoft-working-on-patch-for-ie-8-zero-day/106247

Chrome 35 Fixes 23 Security Flaws | Threatpost | The first stop for security news
http://threatpost.com/chrome-35-fixes-23-security-flaws/106188

Professor Hugh White - Researchers - ANU
https://researchers.anu.edu.au/researchers/white-hj

02 - Mammal - Think - YouTube
https://www.youtube.com/watch?v=mCQXqHr9CwE&feature=kp

Risky Business #322 -- China charges: Just what is America doing?
0:00 / 55:25

Risky Business 321 -- Silvio goes to Bunnings

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Silvio Cesare about his new pastime of messing around with home alarm systems, garage door remotes and car immobilisers. How secure do you think your little key ring transmitters are? Well, not very. But the interesting thing is, the tools that you need to crack these things are now very cheap -- could we see thieves roaming the streets with software defined radios, opening up your neighbourhood's garages? Tune in to find out

This week's show is brought to you by HackLabs, an Australian penetration testing and security consulting firm. HackLabs head honcho Chris Gatford joins us in this week's sponsor interview to have a yarn about inadvertent disclosures.

It seems every week we're reading another story about sensitive information being uploaded to a web accessible directory and indexed by Google. It's true that there's no cure for stupid, but is there anything we can do to stop these things happening?

Adam Boileau, as always, joins the show to discuss the week's security news.

Show notes and links to everything can be found here.

Risky Business 321 -- Silvio goes to Bunnings
0:00 / 57:18

Risky Business #320 -- Hacking cars with Charlie Miller

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with security researcher Charlie Miller about the work he's been doing with Chris Valasek on hacking cars. It's fun stuff, but yeah, it might make you want to go back to driving an older car.

This week's show is sponsored by BugCrowd. We've got a great interview with BugCrowd founder and CEO Casey Ellis about a really, really interesting little case study he went through involving a random bug-hunter who'd tried blackmailing a BugCrowd client. The solution they came up with was ingenious and spectacularly lulzy.

Show notes

Microsoft fixes big IE bug -- even on Windows XP - CNET
http://www.cnet.com/news/microsoft-fixes-big-ie-bug-on-windows-xp-even/

Microsoft tells IE users how to defend against zero-day bug - CNET
http://www.cnet.com/news/microsoft-tells-ie-users-how-to-defend-against-...

Flash Zero Day Used to Target Victims in Syria | Threatpost | The first stop for security news
http://threatpost.com/flash-zero-day-used-to-target-victims-in-syria/105726

Mozilla Redesigns Firefox, Fixes Security Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/mozilla-redesigns-firefox-browser-fixes-security-v...

Mozilla Offers Bug Bounty for Heartbleed-like Crypto Bugs | Threatpost | The first stop for security news
http://threatpost.com/mozilla-offers-bug-bounty-for-new-certificate-veri...

After Heartbleed, NSA reveals some flaws are kept secret - CNET
http://www.cnet.com/news/after-heartbleed-nsa-reveals-some-flaws-are-kep...

Obama Policy on Zero Days Craps Out - Forbes
http://www.forbes.com/sites/jennifergranick/2014/04/29/obama-policy-on-z...

Target Accelerates Chip-and-Pin Roll Out, Hires New CIO | Threatpost | The first stop for security news
http://threatpost.com/target-accelerates-chip-and-pin-roll-out-hires-new...

Anonymous activist pleads guilty to threatening FBI agent - CNET
http://www.cnet.com/news/anonymous-activist-pleads-guilty-to-threatening...

Inside the 'DarkMarket' Prototype, a Silk Road the FBI Can Never Seize | Threat Level | WIRED
http://www.wired.com/2014/04/darkmarket/

It's Insanely Easy to Hack Hospital Equipment | Threat Level | WIRED
http://www.wired.com/2014/04/hospital-equipment-vulnerable/

Hackers Can Mess With Traffic Lights to Jam Roads and Reroute Cars | Threat Level | WIRED
http://www.wired.com/2014/04/traffic-lights-hacking/

Exploiting Facebook Notes to Launch DDoS | Threatpost | The first stop for security news
http://threatpost.com/exploiting-facebook-notes-to-launch-ddos/105701

UltraDNS Dealing with DDoS Attack | Threatpost | The first stop for security news
http://threatpost.com/ultradns-dealing-with-ddos-attack/105806

Vishing Attacks Targeting Dozens of Banks, Users' Card Data | Threatpost | The first stop for security news
http://threatpost.com/vishing-attacks-targeting-dozens-of-banks/105774

AOL Breached, Investigating Spam from Spoofed Accounts | Threatpost | The first stop for security news
http://threatpost.com/aol-investigating-breach-urges-users-to-change-pas...

Apache Struts Zero Day Vulnerability Patch to be Re-Issued | Threatpost | The first stop for security news
http://threatpost.com/apache-warns-of-faulty-zero-day-patch-for-struts/1...

Vulnerability in Viber Allows Snooping of Images, Videos | Threatpost | The first stop for security news
http://threatpost.com/vulnerability-in-viber-allows-intercept-of-images-...

60 Minutes shocked to find 8-inch floppies drive nuclear deterrent | Ars Technica
http://arstechnica.com/information-technology/2014/04/60-minutes-shocked...

RIP | Every Day Carry
http://everydaycarry.bandcamp.com/releases

Risky Business #320 -- Hacking cars with Charlie Miller
0:00 / 61:42

Risky Business #319 -- The one with weev in it

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Please note we have disabled access to this recording. It was published before the interview subject outed himself as a committed Nazi. If you're a journalist or researcher and you'd like access to the recording, please email us and we can provide you with a copy.

This week's show is brought to you by Adobe! Big thanks to Adobe for making this week's show possible.

And we've got an... err... *interesting* program for you this week... we'll be chatting with Andrew Auernheimer, aka weev, about the recent appeal victory that saw him out of prison after 14 months inside. Is he going to pull his head in after his scrape with the law?

He says no way!

Also this week we chat with Wade Baker of Verizon Business Security Solutions about the latest Verizon Data Breach Investigation Report and the nine attack patterns they've observed from 10 years of breach data.

Adam Boileau, as always, pops in to discuss the week's news headlines. Show notes are here.

Risky Business #319 -- The one with weev in it
0:00 / 0:00

Risky Business #318 -- TrueCrypt passes audit, Weev off the hook and more

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

It's a four day week this week and a four day next week so I'm afraid I couldn't organise feature interviews for both, so this week you're getting an extra long news section and a sponsor interview!

This week's show is brought to you by Senetas, makers of fine, fine layer 2 encryption gear. If you're planning a greenfields network you have absolutely no excuse to not check out their stuff, it rocks like a banana on its back. This week we're joined by Senetas CEO Andrew Wilson in the sponsor slot. He'll be talking about a privacy act readiness survey Senetas did that yielded some genuinely depressing results.

He also compares director-level attitudes to infosec to director-level attitudes to occupational health and safety issues 50 years ago. It's a really, really interesting take so do stick around for that.

Show notes are here.

Risky Business #318 -- TrueCrypt passes audit, Weev off the hook and more
0:00 / 49:15

Risky Business #317 -- Cryptocalypse news plus Dave DeWalt interview

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature guest is the man with the Midas touch -- former McAfee president and current FireEye CEO Dave DeWalt. This is the guy who sold McAfee to Intel for $7.8 billion dollars, so I chat to him about a whole bunch of topics, from his thoughts on how Intel has handled that deal, through to Snowden, to the security business overall. It's a great chat with one of the most interesting executives in this whole industry.

Also this week we chat with Marcus Ranum who's in the sponsor chair on behalf of Tenable Network Security. He's along this week to look back on his very popular 2005 blog post "The six dumbest ideas in computer security". Are they still dumb? Unsurprisingly they are, but the landscape has shifted a bit. That's a great chat and it's coming up later.

Adam Boileau joins the program to discuss the Heartbleed bug and some other infosec news from the last week.

Show notes are here.

Risky Business #317 -- Cryptocalypse news plus Dave DeWalt interview
0:00 / 70:58

Risky Business #316 -- Data breach suits could have legs

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're taking a look at the Target/Trustwave suit. A couple of banks were suing Target and its alleged security auditor Trustwave over the massive credit card data breach last year. That suit has been withdrawn, possibly temporarily, and another has been filed on behalf of some other banks. We speak with former New York assistant DA and infosec law specialist Dave Stampley about these types of suits. Do they have legs?

This week we welcome a new sponsor -- Rapid7.

Rapid7 is launching an interesting campaign right now to try to fix the Computer Fraud and Abuse Act (CFAA) in America. They say it's stifling research. Rapid7's global security strategist Trey Ford joins the show to fill us in on that.

As news regulars Adam Boileau and The Grugq are both in Singapore for Syscan and probably nursing cripping hangovers, this week we're joined by a special guest in the news chair, Christopher Hoff. Hoff is the Vice President of Strategy for Juniper Networks' security business unit, but you may know him as Beaker on Twitter.

Show notes

Microsoft to Fix Word Zero Day with Final XP Patch | Threatpost | The first stop for security news
http://threatpost.com/microsoft-to-fix-word-zero-day-with-final-xp-patch...

Barrett Brown Signs Plea Deal in Case Involving Stratfor Hack | Threat Level | WIRED
http://www.wired.com/2014/04/barrett-brown-plea-agreement/

Alleged Silk Road Founder's Lawyer Moves to Dismiss Charges Against His Client | Threat Level | WIRED
http://www.wired.com/2014/04/threatlevel_0401_silkroad_motion/

Will Target's Lawsuit Finally Expose the Failings of Security Audits? | Threat Level | WIRED
http://www.wired.com/2014/03/trustwave-target-audit/

Information Security | Compliance | Trustwave
https://www.trustwave.com/Trustwave-Announcement/

http://www.smh.com.au/it-pro/security-it/default-password-leaves-tens-of... is not available
http://www.smh.com.au/it-pro/security-it/default-password-leaves-tens-of...

Cyber Tool Estimates Incident Response Cost for Businesses | Threatpost | The first stop for security news
http://threatpost.com/tool-estimates-incident-response-cost-for-business...

FTC Settles With Fandango, Credit Karma Over SSL Issues in Mobile Apps | Threatpost | The first stop for security news
http://threatpost.com/ftc-settles-with-fandango-credit-karma-over-ssl-is...

Amazon Web Services Combing Third Parties for Credentials | Threatpost | The first stop for security news
http://threatpost.com/amazon-web-services-combing-third-parties-for-expo...

Yahoo Encrypts Data Center Communication Links | Threatpost | The first stop for security news
http://threatpost.com/yahoo-encrypts-data-center-links-boosts-other-serv...

April Fools' Day prank: parents sent SMS saying school closed
http://www.smh.com.au/technology/technology-news/april-fools-day-prank-p...

DVR Infected with Bitcoin Mining Malware | Threatpost | The first stop for security news
http://threatpost.com/dvr-infected-with-bitcoin-mining-malware/105167

Extended Random: The PHANTOM NSA-RSA backdoor that never was \u2022 The Register
http://www.theregister.co.uk/2014/04/02/extended_random_nsa_rsa_bsafe/

Researcher Identifies Potential Security Issues in Tesla S | Threatpost | The first stop for security news
http://threatpost.com/researcher-identifies-potential-security-issues-wi...

Google DNS Intercepted in Turkey | Threatpost | The first stop for security news
http://threatpost.com/google-dns-intercepted-in-turkey/105136

DOJ Pushes to Expand Hacking Abilities Against Cyber-Criminals - Law Blog - WSJ
http://blogs.wsj.com/law/2014/03/27/doj-pushes-to-expand-hacking-abiliti...

Watch out, journalists: Hackers are after you - CNET
http://www.cnet.com/news/watch-out-journalists-hackers-are-after-you-goo...

Facebook Bug Bounty Submissions Dramatically Increase | Threatpost | The first stop for security news
http://threatpost.com/facebook-bug-bounty-submissions-dramatically-incre...

Android Botnet Targets Middle East Banks - Krebs on Security
http://krebsonsecurity.com/2014/04/android-botnet-targets-middle-east-ba...

Home Routers at Core of DNS-Based DDoS Amplification Attacks | Threatpost | The first stop for security news
http://threatpost.com/dns-based-amplification-attacks-key-on-home-router...

Patch Available for Schneider Electric Serial Modbus Driver | Threatpost | The first stop for security news
http://threatpost.com/critical-vulnerabilities-patched-in-schneider-elec...

Cisco Patches Denial-of-Service Vulnerabilities in IOS | Threatpost | The first stop for security news
http://threatpost.com/cisco-patches-denial-of-service-vulnerabilities-in...

Researchers Divulge 30 Oracle Java Cloud Service Bugs | Threatpost | The first stop for security news
http://threatpost.com/researchers-divulge-30-oracle-java-cloud-service-b...

Apple Fixes More Than 25 Flaws in Safari | Threatpost | The first stop for security news
http://threatpost.com/apple-fixes-more-than-25-flaws-in-safari/105197

GOLDEN THREAD - Passenger featuring Matt Corby - YouTube
https://www.youtube.com/watch?v=Ms0A7pXPySc&feature=kp

KamberLaw | New York & California | Defending your legal rights in a digital world
http://www.kamberlaw.com/

IT Security Data & Analytics, Risk Management, Compliance | Rapid7
http://www.rapid7.com/

Risky Business #316 -- Data breach suits could have legs
0:00 / 62:42

Risky Business #315 -- Nmap's Fyodor talks FD relaunch

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is with nmap creator Gordon Lyon, who's probably better known by his handle: Fyodor.

Last week we brought you the news that the Full Disclosure mailing list was shuttered following legal threats from someone describing themselves as a security researcher. Fyodor runs the seclists.org mailing list archive and he's decided to bring FD back from the dead. I got him on the line and asked him why.

This week's show is brought to you by Bridgepoint -- a Queensland-based company that does all sorts of stuff -- systems integration, pen testing and PCI. With the G20 coming up we chat with the company's principal security consultant Michael Trott about the preparations underway. When the world shines its spotlight on Brisbane in November boy oh boy, everyone with a gripe is going to be trying to deface pretty much every website with the word "Queensland" on it. That's coming up soon.

Adam Boileau, as always, joins us to discuss the week's security news headlines.

Show notes are here.

Risky Business #315 -- Nmap's Fyodor talks FD relaunch
0:00 / 47:57

Risky Business #314 -- FD closure foreshadows cyberpocalypse

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're taking a look at some absolutely awesome research by Azimuth Security's Tarjei Mandt on the pseudo random number generators used by iOS 6 and 7. Tarjei has figured out a way to blow away iOS's memory mitigations with some very cool tricks.

This week's show is sponsored by Tenable Network Security, and this week we're joined by Carlos Perez, Tenable's Director of Reverse Engineering in the sponsor slot. He heard last week's interview all about using PowerShell as a post exploitation tool, and as it turns out, he's one of the leading experts out there on using PowerShell to do sneaky stuff. So he'll be along to pretty much pick up where we left off last week. More PowerShell! That's this week's sponsor interview.

Adam Boileau, as usual, joins us for the week's news headlines.

Show notes are here.

Risky Business #314 -- FD closure foreshadows cyberpocalypse
0:00 / 72:36

Risky Business #313 -- Why you should know PowerShell

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we have a look at PowerShell, the Microsoft sorta scripting language admin thingy. As it turns out, PowerShell can be an attacker's best friend when it comes to lateral movement through a network. We'll chat with Kieran Jacobson about that in this week's feature interview. He did a cracker presentation at CrikeyCon where he demo'd owning a domain controller and dumping all its creds with something like five lines of PowerShell. I mean, there are caveats there, but wow... the demotime was food for thought.

This week's show is sponsored by HackLabs. HackLabs head honcho Chris Gatford joins the program in this week's sponsor interview to have a yarn about the upcoming great XP switch of 2014. Ditching XP in your environment shouldn't be a supreme challenge, but what about specialist devices? Like the heart monitor that you can't patch but needs to be networked so you can know Mr. Jones in 14F is about to have a heart attack? Yeah, that'd be one of those intractable problems. Yay.

Show notes

Study Shows 'Metadata is Highly Sensitive' | Threatpost | The first stop for security news
http://threatpost.com/study-shows-phone-metadata-is-highly-sensitive/104767

HTTPS Traffic Attacks Leak Sensitive Personal Details | Threatpost | The first stop for security news
http://threatpost.com/new-attacks-on-https-traffic-reveal-plenty-about-y...

NSA Has Been Hijacking the Botnets of Other Hackers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2014/03/nsa-botnet/

NSA Denies Impersonating Facebook to Exploit Targets | Threatpost | The first stop for security news
http://threatpost.com/nsa-denies-impersonating-facebook-to-exploit-targe...

Charitable Prelude to Pwn2Own Not Without Its Critics | Threatpost | The first stop for security news
http://threatpost.com/charitable-prelude-to-pwn2own-not-without-its-crit...

Vupen Cashes in Four Times at Pwn2Own 2014 | Threatpost | The first stop for security news
http://threatpost.com/vupen-cashes-in-four-times-at-pwn2own/104754

Weak Early Random PRNG Threatens iOS 7 Kernel Mitigations | Threatpost | The first stop for security news
http://threatpost.com/weak-random-number-generator-threatens-ios-7-kerne...

Researcher Eric Filiol Withdraws CanSecWest Presentation | Threatpost | The first stop for security news
http://threatpost.com/cansecwest-presenter-self-censors-risky-critical-i...

162,000 WordPress Sites Used in DDoS Attack | Threatpost | The first stop for security news
http://threatpost.com/162000-wordpress-sites-used-in-ddos-attack/104745

NTP Amplification DDoS Attacks Increasing | Threatpost | The first stop for security news
http://threatpost.com/ntp-amplified-ddos-attacks-on-the-rise/104741

Experian Lapse Allowed ID Theft Service Access to 200 Million Consumer Records - Krebs on Security
http://krebsonsecurity.com/2014/03/experian-lapse-allowed-id-theft-servi...

Energy Watering Hole Attack Used LightsOut Exploit Kit | Threatpost | The first stop for security news
http://threatpost.com/energy-watering-hole-attack-used-lightsout-exploit...

Malware Analysis: The Final Frontier: LightsOut EK: "By the way... How much is the fish!?"
http://malwageddon.blogspot.com.au/2013/09/unknown-ek-by-way-how-much-is...

MelbourneIT stores domain passwords in cleartext - Security - Technology - News - iTnews.com.au
http://www.itnews.com.au/News/374095,melbourneit-stores-domain-passwords...

How Target detected hack but failed to act -- Bloomberg | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57620289-83/how-target-detected-hack-bu...

Backdoor in Samsung Galaxy Devices Could Give Attackers Access | Threatpost | The first stop for security news
http://threatpost.com/backdoor-in-samsung-galaxy-devices-could-give-atta...

Google Fixes Four High-Risk Flaws in Chrome Before Pwn2Own | Threatpost | The first stop for security news
http://threatpost.com/google-fixes-four-high-risk-flaws-in-chrome-before...

Microsoft Resolves IE Zero Day with Patch Tuesday Release | Threatpost | The first stop for security news
http://threatpost.com/microsoft-closes-ie-zero-day-ships-final-xp-patch-...

IE Zero Day Exploits Increase Just Before Patch | Threatpost | The first stop for security news
http://threatpost.com/hackers-milk-ie-zero-day-before-patch/104713

Apple iOS 7.1 Fixes More Than 20 Code-Execution Flaws | Threatpost | The first stop for security news
http://threatpost.com/apple-ios-7-1-fixes-more-than-20-code-execution-fl...

Risky Business #313 -- Why you should know PowerShell
0:00 / 55:25