Risky Business #405 -- Doxing Africa's W2 scammers, FBiOS and more

Plus news, Haroon Meer and MORE!
24 Mar 2016 » Risky Business

On this week's show we're chatting with myNetWatchman's Donald McCarthy about some research he's done into these crews shaking down US companies for W2 forms. He and his colleagues have identified at least 40 crews involved in this stuff. We'll get the skinny on that in this week's feature interview.

We're also chatting with Haroon Meer this week in the sponsor interview. Haroon is the head honcho over at Thinkst Applied Research and we'll be talking to him some more about the fantastic honeypot product they've released: Canary.Tools.

With thousands of them now sold, we'll be asking Haroon why he's been able to make honeypots a commercial success and a security win after something like 16 years of them going nowhere despite industry people saying they're the next big thing.

Adam Boileau, as always, will also pop in to discuss the week's news headlines.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

iOS forensics expert's theory: FBI will hack shooter's phone by mirroring storage | Ars Technica
http://arstechnica.com/security/2016/03/ios-forensics-experts-theory-fbi...

Judge: Order to Compel Apple Has Been 'Unenforceable' All Along | Motherboard
http://motherboard.vice.com/en_au/read/judge-order-to-compel-apple-has-b...

Attention Turns To FBI's 'Outside Party' | Threatpost | The First Stop For Security News
https://threatpost.com/attention-turns-to-fbis-outside-party/116931/

Hack Brief: Update iOS Now to Fix a Serious iMessage Crypto Flaw | WIRED
http://www.wired.com/2016/03/hack-brief-update-ios-fix-serious-imessage-...

'Apple Should Replace the Entirety of iMessage', Warn Encryption Researchers | Motherboard
http://motherboard.vice.com/en_au/read/apple-should-replace-imessage-enc...

Hack Brief: No Need to Freak Out Over That Chinese iPhone Malware | WIRED
http://www.wired.com/2016/03/hack-brief-no-need-freak-chinese-iphone-mal...

Android rooting bug opens Nexus phones to "permanent device compromise" | Ars Technica
http://arstechnica.com/security/2016/03/rooting-bug-in-android-opens-nex...

Stagefright Variant 'Metaphor' Puts Millions Of Samsung, LG And HTC Phones At Risk | Threatpost | The First Stop For Security News
https://threatpost.com/stagefright-variant-metaphor-puts-millions-of-sam...

A Government Error Just Revealed Snowden Was the Target in the Lavabit Case | WIRED
http://www.wired.com/2016/03/government-error-just-revealed-snowden-targ...

Emails show NSA rejected Hillary Clinton's request for secure smartphone - CBS News
http://www.cbsnews.com/news/emails-show-nsa-rejected-hillary-clinton-req...

The FBI Warns That Car Hacking Is a Real Risk | WIRED
http://www.wired.com/2016/03/fbi-warns-car-hacking-real-risk/

Uber Will Pay $10,000 'Bug Bounties' to Friendly Hackers | WIRED
http://www.wired.com/2016/03/uber-bug-bounties/

Paris terrorists used burner phones, not encryption, to evade detection | Ars Technica
http://arstechnica.com/tech-policy/2016/03/paris-terrorist-attacks-burne...

Once thought safe, DDR4 memory shown to be vulnerable to "Rowhammer" | Ars Technica
http://arstechnica.com/security/2016/03/once-thought-safe-ddr4-memory-sh...

Judge Won't Consider EFF's Arguments in FBI Mass Hacking Case | Motherboard
http://motherboard.vice.com/en_au/read/judge-in-fbi-mass-hacking-case-wo...

CanSecWest 2016 Attack Attribution False Flags | Threatpost | The First Stop For Security News
https://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/1...

BinDiff Now Free, To Delight Of Security Researchers | Threatpost | The First Stop For Security News
https://threatpost.com/bindiff-now-free-to-delight-of-security-researche...

Home Depot Agrees $19.5 Million To Settle 2014 Breach | Threatpost | The First Stop For Security News
https://threatpost.com/home-depot-agrees-to-19-5-million-settlement-to-e...

Pwn2Own Day Two: Safari, Microsoft Edge Go Down Winner Announced | Threatpost | The First Stop For Security News
https://threatpost.com/pwn2own-day-two-safari-microsoft-edge-go-down-win...

Hospital Declares 'Internal State of Emergency' After Ransomware Infection - Krebs on Security
http://krebsonsecurity.com/2016/03/hospital-declares-internet-state-of-e...

How Pirates And Hackers Worked Together To Steal Millions Of Dollars In Diamonds - BuzzFeed News
http://www.buzzfeed.com/josephbernstein/how-pirates-and-hackers-worked-t...

How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript \u2022 The Register
http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos?mt=1458722195866

Company behind the Badlock disclosure says pre-patch hype is good for business | CSO Online
http://www.csoonline.com/article/3047221/techology-business/company-behi...

Special Meetup with Thomas Dullien aka Halvar Flake - Null Singapore - YouTube
https://www.youtube.com/watch?v=fkDD2ea7SD8

HITBSecConf2016 - Amsterdam
http://conference.hitb.org/hitbsecconf2016ams/

Canary - know when it matters
https://canary.tools/