Risky Business #386 -- Katie Moussouris on the (groan) disclosure debate

The horse is still showing signs of life. Keep flogging...
09 Oct 2015 » Risky Business

On this week's show we're checking in with Katie Moussouris of HackerOne. She's an ex Microsoftie who's spent something like a decade working on vulnerability disclosure policies. She even helped get a vuln disclosure ISO standard ratified!

And she'll be joining us this week to discuss disclosure politics, I guess you'd call it... for those of us who've been around infosec for a while, most of us would rather stick our face in a blender than talk about it, but Katie will be along to point out why people should fight their "disclosure debate fatigue" and get involved.

This week's show is brought to you by Telstra! Telstra is Australia's incumbent telco but also offers a bunch of enterprise services and has invested in some mobile security plays. They took a stake in Zimperium, which is where Risky Business pal Joshua Drake works. They also have a stake in Telesign.

In this week's sponsor interview we're joined by Telstra's Rocky Scopelliti. He's Telstra's finance brain and he'll be along to discuss a report he prepared on the fusion of financial services, mobility and identity. Telstra has collected a lot of *extremely* interesting data and Rocky will be along to fill us in on what it all means. That's this week's sponsor interview, with big thanks to new sponsor Telstra!

Adam Boileau, as always, stops in to discuss the week's news.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Hack Brief: Hackers Steal 15M T-Mobile Customers' Data From Experian | WIRED
http://www.wired.com/2015/10/hack-brief-hackers-steal-15m-t-mobile-custo...

Scottrade Breach Hits 4.6 Million Customers - Krebs on Security
http://krebsonsecurity.com/2015/10/scottrade-breach-hits-4-6-million-cus...

Trump Hotel Collection Confirms Card Breach - Krebs on Security
http://krebsonsecurity.com/2015/10/trump-hotel-collection-confirms-card-...

Patreon was warned of serious website flaw 5 days before it was hacked | Ars Technica
http://arstechnica.com/security/2015/10/patreon-was-warned-of-serious-we...

Gigabytes of user data from hack of Patreon donations site dumped online | Ars Technica
http://arstechnica.com/security/2015/10/gigabytes-of-user-data-from-hack...

Exclusive: Uber checks connections between hacker and Lyft | Reuters
http://www.reuters.com/article/2015/10/08/us-uber-tech-lyft-hacking-excl...

Amazon Web Services Inspector Application Security Scanner | Threatpost | The first stop for security news
https://threatpost.com/amazon-inspector-addresses-compliance-and-securit...

Canceled HITB GSEC Singapore Presentation | Threatpost | The first stop for security news
https://threatpost.com/canceled-talk-re-ignites-controversy-over-legitim...

Verizon's zombie cookie gets new life | Ars Technica
http://arstechnica.com/security/2015/10/verizons-zombie-cookie-gets-new-...

Questions raised over Malcolm Turnbull's use of private email server
http://www.theage.com.au/technology/technology-news/questions-raised-ove...

Backdoor infecting Cisco VPNs steals customers' network passwords | Ars Technica
http://arstechnica.com/security/2015/10/backdoor-infecting-cisco-vpns-st...

Cisco shuts down million-dollar ransomware operation | Ars Technica
http://arstechnica.com/security/2015/10/cisco-shuts-down-30-million-rans...

SHA1 algorithm securing e-commerce and software could break by year's end | Ars Technica
http://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-i...

Report finds many nuclear power plant systems "insecure by design" | Ars Technica
http://arstechnica.com/security/2015/10/report-finds-many-nuclear-power-...

Microsoft sites expose visitors' profile info in plain text | Ars Technica
http://arstechnica.com/security/2015/10/microsoft-sites-expose-visitors-...

Android adware wields potent root exploits to gain permanent foothold | Ars Technica
http://arstechnica.com/security/2015/10/android-adware-wields-potent-roo...

iPhone Malware Is Hitting China. Let's Not Be Next | WIRED
http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/

Journalist Convicted of Helping Anonymous Hack Tribune Co. | WIRED
http://www.wired.com/2015/10/matthew-keys-reuters-journalist-convicted-o...

Netgear Router Vulnerabilities Public Exploits | Threatpost | The first stop for security news
https://threatpost.com/disclosed-netgear-router-vulnerability-under-atta...

WikiLeaks Wants to Pay $50K for Video of the Kunduz Hospital Bombing | WIRED
http://www.wired.com/2015/10/wikileaks-wants-pay-50k-video-kunduz-bombing/

Hacking Wireless Printers With Phones on Drones | WIRED
http://www.wired.com/2015/10/drones-robot-vacuums-can-spy-office-printer/

October 2015 Adobe Acrobat Adobe Acrobat Patches | Threatpost | The first stop for security news
https://threatpost.com/adobe-to-patch-reader-and-acrobat-next-week/114966/

When Security Experts Gather to Talk Consensus, Chaos Ensues | WIRED
http://www.wired.com/2015/10/security-experts-gather-talk-consensus-chao...

Mobile Identity
http://www.telstraglobal.com/mobile-identity

L-FRESH The LION
http://l-fresh.com/