Risky Business #370 -- Samsung screws the pooch in extravagant fashion

PLUS Dan Guido on the latest with DARPA's Cyber Grand Challenge...
18 Jun 2015 » Risky Business

On this week's show we chat with Dan Guido of Trail of Bits about DARPA's Cyber Grand Challenge. There was a competition round last week and he tells us all about it.

Participants have to stand up simple network services on a LAN and keep them up. They also have to write attack code that targets other peoples services. When another participant attacks you, you have to defend against the attack and even patch your service so it's immune from the attacks it's being faced with... all of this is automated. You write your software before the event, drop it on the LAN and off you go. Dan tells us where the competition is at.

This week's show is brought to you by Tenable Network Security. Tenable CEO Ron Gula joins the show to talk about the OPM breach. He's encouraging Risky Business listeners to get in touch with their empathy in this instance -- sometimes politics stop organisations from being able to do the right thing when it comes to security. It's a great chat, so stick around for it.

Adam Boileau, as usual, joins us to discuss the week's security news.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

New exploit turns Samsung Galaxy phones into remote bugging devices | Ars Technica
http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy...

Questions over Samsung's handling of security flaw in millions of smartphones
http://www.smh.com.au/digital-life/consumer-security/questions-over-sams...

Hack Brief: Password Manager LastPass Got Breached Hard | WIRED
http://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-br...

Catching Up on the OPM Breach - Krebs on Security
http://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/

Encryption "would not have helped" at OPM, says DHS official | Ars Technica
http://arstechnica.com/security/2015/06/encryption-would-not-have-helped...

Report: Hack of government employee records discovered by product demo | Ars Technica
http://arstechnica.com/security/2015/06/report-hack-of-government-employ...

Attackers Stole Certificate From Foxconn to Hack Kaspersky With Duqu 2.0 | WIRED
http://www.wired.com/2015/06/foxconn-hack-kaspersky-duqu-2/

China and Russia Almost Definitely Have the Snowden Docs | WIRED
http://www.wired.com/2015/06/course-china-russia-snowden-documents/

Serious OS X and iOS flaws let hackers steal keychain, 1Password contents | Ars Technica
http://arstechnica.com/security/2015/06/serious-os-x-and-ios-flaws-let-h...

Blackhats exploiting MacKeeper hole to foist dangerous trojan \u2022 The Register
http://www.theregister.co.uk/2015/06/16/blackhats_exploiting_mackeeper_h...

US anti-fraud law makes deleting browser history a crime punishable by 20yrs in jail - RT USA
http://rt.com/usa/266389-browsing-history-obstruction-justice/

Hack Brief: The Cardinals May Have Hacked the Astros | WIRED
http://www.wired.com/2015/06/hack-brief-cardinals-astros/

Magazine publisher loses $1.5M in cyberfraud | New York Post
http://nypost.com/2015/06/16/magazine-publisher-swindled-out-of-1-5-mill...

Data-stealing component of 'Stegoloader' hides in PNG images - SC Magazine
http://www.scmagazine.com/stegoloader-malware-uses-png-files-to-hide-dat...

AdBlock aims to send filthy malverts on one-way LSD trip \u2022 The Register
http://www.theregister.co.uk/2015/06/17/adblock_revamps_for_enterprise_l...

Vapourware no more: Let's Encrypt announces first cert dates \u2022 The Register
http://www.theregister.co.uk/2015/06/17/vapourware_no_more_lets_encrypt_...

Google extends vulnerability bounties to Android; offers up to $30,000 | Ars Technica
http://arstechnica.com/security/2015/06/google-extends-vulnerability-bou...

Wikipedia goes all-HTTPS, starting immediately | Ars Technica
http://arstechnica.com/security/2015/06/wikipedia-goes-all-https-startin...

Cisco Patches IPv6 Vulnerability in Carrier Routers | Threatpost | The first stop for security news
https://threatpost.com/cisco-patches-ipv6-vulnerability-in-carrier-grade...

ProjectVault/orp \xb7 GitHub
https://github.com/projectvault/orp

devstreaming.apple.com/videos/wwdc/2015/706nu20qkag/706/706_security_and_your_apps.pdf
http://devstreaming.apple.com/videos/wwdc/2015/706nu20qkag/706/706_secur...

DROP LEGS | triple j Unearthed
https://www.triplejunearthed.com/artist/drop-legs