Risky Business #367 -- Tor Project lead Roger Dingledine

PLUS Haroon Meer with news!
28 May 2015 » Risky Business

This week's show is a bit different. I've prepared it while in South Africa. I've been here for two weeks now, one week of holidays and another week at the ITWeb Security Summit in Johannesburg.

While here I got a chance to meet and interview Roger Dingledine, the Tor Project leader, about the future of hidden services, the Anonabox controversy, and the possibility of major browser manufactures integrating Tor into their private browsing modes. That's this week's feature.

This week's news guest is Haroon Meer of Thinkst.

Thinkst is actually this week's sponsor as well. But as Haroon is a super smart guy who also happens to be funny and eloquent, I invited him to do this week's news segment with me from the conference centre in Midrand.

For the sponsor segment Haroon filled us in on his latest invention, Canary.

It's a honeypot you put on your LAN that can detect all sorts of lateral movement. It's an awesome idea and you'll get the skinny in this week's sponsor interview!

Show notes

Proposed U.S. Wassenaar Rules on Intrusion Software | Threatpost | The first stop for security news
https://threatpost.com/head-scratching-begins-on-proposed-wassenaar-expo...

Researchers Wary of Wassenaar Arrangement Proposed Rules | Threatpost | The first stop for security news
https://threatpost.com/security-researchers-wary-of-proposed-wassenaar-r...

US aims to limit zero-day sales to Five Eyes - Security - News - iTnews.com.au
http://www.itnews.com.au/News/404272,us-aims-to-limit-zero-day-sales-to-...

New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs | Threatpost | The first stop for security news
https://threatpost.com/new-logjam-attack-on-diffie-hellman-threatens-sec...

HTTPS-crippling attack threatens tens of thousands of Web and mail servers | Ars Technica
http://arstechnica.com/security/2015/05/https-crippling-attack-threatens...

Feds Say That Banned Researcher Commandeered a Plane | WIRED
http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

Alleged plane hacker said he pierced Boeing jet's firewall in 2012 | Ars Technica
http://arstechnica.com/security/2015/05/alleged-plane-hacker-said-he-pie...

Is It Possible for Passengers to Hack Commercial Aircraft? | WIRED
http://www.wired.com/2015/05/possible-passengers-hack-commercial-aircraft/

Silk Road Prosecutors Ask Judge to 'Send a Message' In Ulbricht Sentencing | WIRED
http://www.wired.com/2015/05/silk-road-prosecutors-ask-judge-send-messag...

Silk Road from the inside: Moderator SSBD tells his story | All Things VICE
http://allthingsvice.com/2015/05/27/silk-road-from-the-inside-moderator-...

Database of 4 million Adult Friend Finder users leaked for all to see | Ars Technica
http://arstechnica.com/security/2015/05/database-of-4-million-adult-frie...

Five Eyes spies sought to subvert Google, Samsung app stores - Security - News - iTnews.com.au
http://www.itnews.com.au/News/404297,five-eyes-spies-sought-to-subvert-g...

IRS system mined for over 100,000 taxpayer records by fraudsters [Updated] | Ars Technica
http://arstechnica.com/security/2015/05/report-irs-admits-its-been-hacke...

Researcher who exploits bug in Starbucks gift cards gets rebuke, not love | Ars Technica
http://arstechnica.com/security/2015/05/researcher-who-exploits-bug-in-s...

'90s-style security flaw puts "millions" of routers at risk | Ars Technica
http://arstechnica.com/security/2015/05/90s-style-security-flaw-puts-mil...

The Moose is loose: Linux-based worm turns routers into social network bots | Ars Technica
http://arstechnica.com/security/2015/05/the-moose-is-loose-linux-based-w...

Flawed Android factory reset leaves crypto and login keys ripe for picking | Ars Technica
http://arstechnica.com/security/2015/05/flawed-android-factory-reset-lea...

SQL Attack Results in Breach of Telstra Telecom Pacnet | Threatpost | The first stop for security news
https://threatpost.com/sql-attack-results-in-breach-of-telstra-owned-tel...

"The media is always lying" hacked WaPo website says | Ars Technica
http://arstechnica.com/security/2015/05/the-media-is-always-lying-hacked...

Penn State severs engineering network after "incredibly serious" intrusion | Ars Technica
http://arstechnica.com/security/2015/05/penn-state-severs-engineering-ne...

Researcher turns tables, discloses unpatched bugs in Google cloud platform | Ars Technica
http://arstechnica.com/security/2015/05/researcher-turns-tables-disclose...

Google Fixes Sandbox Escape in Chrome | Threatpost | The first stop for security news
https://threatpost.com/google-fixes-sandbox-escape-in-chrome/112899

Apple Releases Patches For a Watch | Threatpost | The first stop for security news
https://threatpost.com/apple-releases-patches-for-a-watch/112920

Risky Business #83 -- The Military Digital Complex | Risky Business
http://risky.biz/netcasts/risky-business/risky-business-83-military-digi...

Why changes to Wassenaar make oppression and surveillance easier, not harder
http://addxorrol.blogspot.com/2015/05/why-changes-to-wassenaar-make.html

Canary box aims to lure hackers into honeypots before they make headlines | Ars Technica
http://arstechnica.com/security/2015/05/canary-box-aims-to-lure-hackers-...

Canary - know when it matters
https://canary.tools/