Risky Business #424 -- Jess Frazelle on Docker. So hot right now.

PLUS! News with Grugq...
25 Aug 2016 » Risky Business

On this week's show we chat with Jessie Frazelle. Jessie is a former Docker maintainer who now works at Google on all things "containery". So we talk to her about what's up with containers, basically, and where the security pitfalls are. Like it or not, containers are likely going to be used in your environment, so getting to know them is a must. That's this week's feature.

This week's show is brought to you by HP Enterprise Security's Fortify! These guys and gals are a new sponsor, and I'm sure most of you know them. They make both static analysis and dynamic analysis code security tools, and this week we're joined by HPE Fortify's James "Jimmy" Rabon to talk about how this whole newfangled devops/agile thing has changed things for them.

The Grugq also joins the show to talk about the week's security news. He's filling in for Adam Boileau who's frantically getting Kiwicon 10 organised.

Oh, and do add Patrick and The Grugq on Twitter if that's your thing.

Show notes

Completely Wrong - Medium
https://medium.com/@thegrugq/completely-wrong-a300246ad316#.h7zsu81sg

CyberSecPolitics: Why EQGRP Leak is Russia
http://cybersecpolitics.blogspot.com.au/2016/08/why-eqgrp-leak-is-russia...

Shadow Broker Breakdown - Medium
https://medium.com/@thegrugq/shadow-broker-breakdown-b05099eb2f4a#.eqou5...

The NSA Leak Is Real, Snowden Documents Confirm
https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents...

NSA-linked Cisco exploit poses bigger threat than previously thought | Ars Technica
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-b...

Juniper Acknowledges Equation Group Targeted ScreenOS | Threatpost | The first stop for security news
https://threatpost.com/juniper-acknowledges-equation-group-exploits-targ...

Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump | Motherboard
http://motherboard.vice.com/read/former-nsa-staffers-rogue-insider-shado...

The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days | WIRED
https://www.wired.com/2016/08/shadow-brokers-mess-happens-nsa-hoards-zer...

Researcher Grabs VPN Password With Tool From NSA Dump | Motherboard
http://motherboard.vice.com/read/researcher-grabs-cisco-vpn-password-wit...

Commentary: Evidence points to another Snowden at the NSA | Reuters
http://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P

The NSA Data Leakers Might Be Faking Their Awful English To Deceive Us | Motherboard
http://motherboard.vice.com/read/the-shadow-brokers-nsa-leakers-linguist...

Someone Rickrolled the Bitcoin Auction for NSA Exploits | Motherboard
http://motherboard.vice.com/read/someone-rickrolled-the-bitcoin-auction-...

Californian gets 50 months in prison for Chinese 'technology spy' work \u2022 The Register
http://www.theregister.co.uk/2016/08/23/50_months_for_chinese_tech_spy_w...

Lawyer: Dark Web Child Porn Site Ran Better When It Was Taken Over by the FBI | Motherboard
http://motherboard.vice.com/read/lawyer-dark-web-child-porn-site-ran-bet...

A 'Tor General Strike' Wants to Shut Down the Tor Network for a Day | Motherboard
http://motherboard.vice.com/read/a-tor-general-strike-wants-to-shut-down...

EFF Blasts Microsoft Over Windows 10 Rollout | Threatpost | The first stop for security news
https://threatpost.com/eff-blasts-microsoft-over-malicious-windows-10-ro...

Australia Post says use blockchain for voting. Expert: you're kidding \u2022 The Register
http://www.theregister.co.uk/2016/08/22/australia_postblockchain_for_vot...

SSA: Ixnay on txt msg reqmnt 4 e-acct, sry - Krebs on Security
http://krebsonsecurity.com/2016/08/ssa-ixnay-on-txt-msg-reqmnt-4-e-acct-...

Epic Games Forums Hacked, 800,000 User Accounts Exposed | Threatpost | The first stop for security news
https://threatpost.com/epic-games-forums-hacked-sql-injection-vulnerabil...

Malware Infected All Eddie Bauer Stores in U.S., Canada - Krebs on Security
http://krebsonsecurity.com/2016/08/malware-infected-all-eddie-bauer-stor...

Massive Email Bombs Target .Gov Addresses - Krebs on Security
http://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addres...

New Brazilian Banking Trojan Uses Windows PowerShell Utility | Threatpost | The first stop for security news
https://threatpost.com/new-brazilian-banking-trojan-uses-windows-powersh...

Browser Address Bar Spoofing Vulnerability Disclosed | Threatpost | The first stop for security news
https://threatpost.com/browser-address-bar-spoofing-vulnerability-disclo...

Software-defined networking is dangerously sniffable \u2022 The Register
http://www.theregister.co.uk/2016/08/23/sdns_normal_behaviour_is_sniffab...

How to Dramatically Improve Corporate IT Security Without Spending Millions - Praetorian.pdf
https://www.praetorian.com/downloads/report/How%20to%20Dramatically%20Im...