Risky Business #383 -- Inside FireEye's research gag

PLUS: The time to move to quantum-resistant crypto is NOW!
17 Sep 2015 » Risky Business

On this week's show we take a look at what the hell it happening in Germany, where FireEye sought and obtained an ex parte injunction against a bunch of security researchers over a presentation they were about to do at 44Con. We speak with infosec lawyer Alex Urbelis -- he was at 44Con when all this came to light and he shares his insights.

This week's show is sponsored by Senetas. They're a publicly listed company based in Melbourne that makes hardware encryption gear. Terribly sexy, layer 2 stuff actually. This week the company's co-founder and CTO Julian Fay joins the show to talk about the NSA's recent push to get people using encryption algorithms that are resistant to quantum computing-based attacks.

Adam Boileau, as always, stops in to discuss the week's news.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

beist on Twitter: "Just another stagefright 0day by my coworker, chpie. this one is reasonably reliable, more than 50% against Nexus 5. http://t.co/V5qhKvOr6C"
https://twitter.com/beist/status/643579728687841280

Project Zero: Stagefrightened?
http://googleprojectzero.blogspot.com.au/2015/09/stagefrightened.html

Let's Encrypt Issues First Cert | Threatpost | The first stop for security news
https://threatpost.com/first-lets-encrypt-free-certificate-goes-live/114...

Japan charges Bitcoin exchange CEO with embezzlement - Yahoo News
http://news.yahoo.com/japan-charges-bitcoin-exchange-ceo-embezzlement-ji...

Atlanta's Bitpay got hacked for $1.8 million in bitcoin - Atlanta Business Chronicle
http://www.bizjournals.com/atlanta/news/2015/09/16/atlantas-bitpay-got-h...

Cryptome founder revokes PGP keys after weird 'compromise' \u2022 The Register
http://www.theregister.co.uk/2015/09/16/cryptome_revokes_pgp_keys_after_...

Scan of Internet for Compromised Cisco Routers Finds Fewer Than 100 | Threatpost | The first stop for security news
https://threatpost.com/scan-of-ipv4-space-for-implanted-cisco-routers-fi...

Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked | Ars Technica
http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-mill...

Ashley Madison passwords like "thisiswrong" tap cheaters' guilt and denial | Ars Technica
http://arstechnica.com/security/2015/09/ashley-madison-passwords-like-th...

DARPA Protecting Software From Reverse Engineering Through Obfuscation | Threatpost | The first stop for security news
https://threatpost.com/darpa-protecting-software-from-reverse-engineerin...

Installation of Tor Relays in Libraries Attracts DHS Attention | Threatpost | The first stop for security news
https://threatpost.com/installation-of-tor-relays-in-library-attracts-dh...

Researchers Outline Bugs in Yahoo, PayPal, Magento | Threatpost | The first stop for security news
https://threatpost.com/researchers-outline-vulnerabilities-in-yahoo-payp...

'To read this page, please turn off your ad blocker...' \u2022 The Register
http://www.theregister.co.uk/2015/09/15/to_read_this_page_please_turn_of...

CoreBot Adds New Capabilities, Transitions to Banking Trojan | Threatpost | The first stop for security news
https://threatpost.com/corebot-adds-new-capabilities-transitions-to-bank...

GM Took 5 Years to Fix a Full-Takeover Hack in Millions of OnStar Cars | WIRED
http://www.wired.com/2015/09/gm-took-5-years-fix-full-takeover-hack-mill...

Hack Brief: Emergency-Number Hack Bypasses Android Lock Screens | WIRED
http://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily...

Shedload of security bugs squashed in iOS 9 - what the hell went wrong with iOS 8? \u2022 The Register
http://www.theregister.co.uk/2015/09/16/ios_9_security_updates/

AirDrop hole deposits stealth malware on all pre-iOS 9 Apple devices \u2022 The Register
http://www.theregister.co.uk/2015/09/16/airdrop_hole_malware_pre_ios_9/

Apple mitigates but doesn't fully fix critical iOS Airdrop vulnerability | Ars Technica
http://arstechnica.com/security/2015/09/apple-mitigates-but-doesnt-fully...

New Debian Releases Fix PHP, VirtualBox Bugs | Threatpost | The first stop for security news
https://threatpost.com/new-debian-releases-fix-php-virtualbox-bugs/114655/

WordPress Shortcodes Security Patch | Threatpost | The first stop for security news
https://threatpost.com/wordpress-patches-serious-shortcodes-core-engine-...

Bug Bounties, (Non) Lawsuits and Working with the Research Community \xab Executive Perspective | FireEye Inc
https://www.fireeye.com/blog/executive-perspective/2015/09/bug_bounties_...

Lattice-based cryptography - Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/Lattice-based_cryptography

Quantum-safe Security : Cloud Security Alliance
https://cloudsecurityalliance.org/group/quantum-safe-security/

NSA preps quantum-resistant algorithms to head off crypto-apocalypse | Ars Technica
http://arstechnica.com/security/2015/08/nsa-preps-quantum-resistant-algo...