Risky Business #433 -- Mirai ain't going anywhere

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we’re taking a look at the Great DDoSSening of 2016! Yep, we’ll be having a look at the attacks against Dyn, but perhaps more importantly we’ll be asking the question: With a zillion perma-owned things out there able to launch some pretty serious DDoS attacks: What now?

IoT device security specialist Stephen Ridley will join us in this week’s feature slot to discuss that.

This week’s sponsor interview is a cracker. We’ll be chatting with Cyalnce chief research officer Jon Miller about how the hell you’re supposed to benchmark AV these days. It’s actually trickier than you’d think, for reasons we’ll get into later. We also talk about managing false positives and hit on a few other topics in that one. Jon’s ex ISS X-Force, he’s been around the traps for a long time and really knows what he’s talking about. That’s a good interview… big thanks to Cylance for sponsoring this week’s show.

Adam Boileau is this week’s news guest. Links to everything are in this week’s show notes.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

Risky Business #433 -- Mirai ain't going anywhere
0:00 / 0:00

Show notes

DDoS on Dyn Impacts Twitter, Spotify, Reddit — Krebs on Security

Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers | Threatpost | The first stop for security news

Lawmakers Asking What ISPs Can Do About DDoS Attacks | Threatpost | The first stop for security news

Senator Prods Federal Agencies on IoT Mess — Krebs on Security

Should the FBI Hack Botnet Victims to Save the Internet? | Motherboard

How Vigilante Hackers Could Stop the Internet of Things Botnet | Motherboard

IoT Device Maker Vows Product Recall, Legal Action Against Western Accusers — Krebs on Security

How one rent-a-botnet army of cameras, DVRs caused Internet chaos | Ars Technica

Nuclear plants leak critical alerts in unencrypted pager messages | Ars Technica

Flaw in Intel chips could make malware attacks more potent | Ars Technica

Using Rowhammer bitflips to root Android phones is now a thing | Ars Technica

Android phones rooted by “most serious” Linux escalation bug ever | Ars Technica

This is not a drill: Hackers pop stock Nexus 6P in five minutes • The Register

Apple Patches iOS Flaw Exploitable by Malicious JPEG | Threatpost | The first stop for security news

837 - task_t considered harmful - many XNU EoPs - project-zero - Monorail

The Phone Hackers at Cellebrite Have Had Their Firmware Leaked Online | Motherboard

Every LTE call, text, can be intercepted, blacked out, hacker finds • The Register

iTWire - Census 2016: IBM blames Nextgen, Vocus for stuff-up

iTWire - Census 2016: Vocus lays blame on IBM employees

iTWire - Census 2016: Nextgen hits back at IBM claims

Census outage could have been prevented by turning router on and off again: IBM - ABC News (Australian Broadcasting Corporation)

Russia-linked phishing campaign behind the DNC breach also hit Podesta, Powell | Ars Technica

SurkovLeaks: Is Vladimir Putin aide's email hack payback for DNCLeak-Clinton exposure?

St. Jude Faces New Claim Heart Devices are Hackable | Threatpost | The first stop for security news

Yahoo Asks DNI to De-Classify Email Scanning Order | Threatpost | The first stop for security news

US Indicts Russian Hacker Allegedly Behind Dropbox, LinkedIn Breaches | Motherboard

Adobe Patches Flash Zero Day Under Attack | Threatpost | The first stop for security news

Senrio

Cylance | Advanced Threat Prevention Built on Artificial Intelligence