Risky Business #392 -- A look at Silverpush with Kevin Finisterre

PLUS: Details of the Risky Business partnership with PacketPushers...
03 Dec 2015 » Risky Business

On this week's show we're chatting with Kevin Finisterre about Silverpush -- the creepy ultrasonic audio-beaconing technology used by advertising companies that was in the press a couple of weeks ago. Kevin was all over it and he joins me to discuss the growing overlap between the techniques used by marketers and blackhats.

This week's show is brought to you by Bugcrowd, big thanks to them. In this week's sponsor interview Bugcrowd CEO Casey Ellis joins us to discuss more on bug economics -- how do you price bugs? How do you determine bounty pools? It's not as simple as saying, well, XXE's are worth $500 each and XSS $200. The dynamics here are actually a little more complex than that.

Adam Boileau, as always, joins the show to discuss the week's news headlines.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Hacker Obtained Children's Headshots and Chatlogs From Toymaker VTech | Motherboard
http://motherboard.vice.com/read/hacker-obtained-childrens-headshots-and...

When children are breached-inside the massive VTech hack | Ars Technica
http://arstechnica.com/security/2015/11/when-children-are-breached-insid...

Adobe sounds death knell for Flash - Software - iTnews
http://www.itnews.com.au/news/adobe-sounds-death-knell-for-flash-412522

China blamed for 'massive' cyber attack on Bureau of Meteorology supercomputer - ABC News (Australian Broadcasting Corporation)
http://www.abc.net.au/news/2015-12-02/china-blamed-for-cyber-attack-on-b...

CNN investigates: How Corporate America keeps huge hacks secret - Nov. 30, 2015
http://money.cnn.com/2015/11/30/technology/secret-deals-hacked-companies...

DHS Giving Firms Free Penetration Tests - Krebs on Security
http://krebsonsecurity.com/2015/12/dhs-giving-firms-free-penetration-tests/

DHS to Silicon Valley: Tell us how to secure this "Internet of Things" | Ars Technica
http://arstechnica.com/information-technology/2015/12/dhs-to-silicon-val...

Hey Reader's Digest: Your site has been attacking visitors for days | Ars Technica
http://arstechnica.com/security/2015/11/hey-readers-digest-your-site-has...

China APT Gang Targets Hong Kong Media via Dropbox | Threatpost | The first stop for security news
https://threatpost.com/china-apt-gang-targets-hong-kong-media-via-dropbo...

BlackBerry to bug out of Pakistan by end of year \u2022 The Register
http://www.theregister.co.uk/2015/12/01/blackberry_to_quit_pakistan/

Kazakhtelecom
http://telecom.kz/en/news/view/18729

Advantech EKI Vulnerable to Shellshock, Heartbleed | Threatpost | The first stop for security news
https://threatpost.com/advantech-ics-gear-still-vulnerable-to-shellshock...

Google Plans to End Chrome for 32-bit Linux, Releases Chrome 47 | Threatpost | The first stop for security news
https://threatpost.com/google-ends-chrome-support-on-32-bit-linux-releas...

Microsoft Revoves Trust for eDellroot Certficates | Threatpost | The first stop for security news
https://threatpost.com/microsoft-removes-trust-for-edellroot-certificate...

Lord Echo - Thinking of you - YouTube
https://www.youtube.com/watch?v=9djfSSTL-qQ

Meet The 'Ultrasonic' Tracking Company Privacy Activists Are Terrified Of - Forbes
http://www.forbes.com/sites/thomasbrewster/2015/11/16/silverpush-ultraso...