Risky Business #342 -- The NSA Playset, cloud woes and more!

Two feature interviews in this week's show!
24 Oct 2014 » Risky Business

Despite some technical challenges we have a great show for you all this week. We'll be chatting with Mike Ryan of iSec Partners and his pal, independent hardware hacker Joe Fitzpatrick, all about the NSA Playset! It's a hobbyist project that aims to recreate all the awesome tools in the leaked NSA ANT catalogue. Such fun!

We'll also be hearing a tale of cloud woe from the trenches of enterprise IT. A friend of the show had his entire global email infrastructure pulled offline by Symantec with what he says was inadequate warning. And he might just have a point there. Have a listen to the interview and make your own mind up.

This week's show is brought to you by the fine folks at Websense! Websense does Web, email and data security, and this week's sponsoe guest is Neil Thacker, head of information security and strategy for Europe, middle east and africa at Websense. And he's going to tell us that DLP is back baby... it's finding new life for a few reasons... the most interesting of which, I reckon, is as a confirmation tool for detecting when a positive is most definitely not false!

Show notes

Palo Alto Networks boxes spray firewall creds across the net \u2022 The Register
http://www.theregister.co.uk/2014/10/21/palo_alto_customers_spray_net_wi...

Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking? \u2022 The Register
http://www.theregister.co.uk/2014/10/22/home_router_security_threat_rapid7/

Chipmaker FTDI bricking counterfeit kit \u2022 The Register
http://www.theregister.co.uk/2014/10/23/ftdi_turning_counterfeit_chips_i...

Kickstarter Freezes Anonabox Privacy Router Project for Misleading Funders | WIRED
http://www.wired.com/2014/10/kickstarter-suspends-anonabox/

In wake of Anonabox, more crowdsourced Tor router projects make their pitch | Ars Technica
http://arstechnica.com/information-technology/2014/10/in-wake-of-anonabo...

The Case of the Modified Binaries | Leviathan Security Group
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/

Google Accounts Now Support Security Keys - Krebs on Security
http://krebsonsecurity.com/2014/10/google-accounts-now-support-security-...

How to Stop Apple From Snooping on Your OS X Yosemite Searches | WIRED
http://www.wired.com/2014/10/how-to-fix-os-x-yosemite-search/

Apple dumps SSL 3.0 for push notifications due to Poodle flaw - CNET
http://www.cnet.com/news/apple-dumps-ssl-3-0-for-push-notifications-due-...

Whisper CTO says tracking "anonymous" users not a big deal, really | Ars Technica
http://arstechnica.com/security/2014/10/whisper-cto-says-tracking-anonym...

Guns don't scare people, hackers do: Americans fear identity theft more than shooting sprees \u2022 The Register
http://www.theregister.co.uk/2014/10/22/americans_more_afraid_of_identit...

Obama Executive Order Forces Chip & Pin, EMV on Government | Threatpost | The first stop for security news
http://threatpost.com/obama-executive-order-forces-chip-pin-payment-on-g...

Xen says its security policies might be buggier than its software \u2022 The Register
http://www.theregister.co.uk/2014/10/23/xen_says_its_security_policies_h...

NIST Publishes Draft Hypervisor Security Guide | Threatpost | The first stop for security news
https://threatpost.com/nist-publishes-draft-hypervisor-security-guide/10...

Chinese APT groups targeting Australian lawyers \u2022 The Register
http://www.theregister.co.uk/2014/10/21/bakers_dozen_of_apt_groups_poppi...

Chinese government launches man-in-middle attack against iCloud [Updated] | Ars Technica
http://arstechnica.com/security/2014/10/chinese-government-launches-man-...

Quick PHP patch beats slow research reveal \u2022 The Register
http://www.theregister.co.uk/2014/10/23/quick_php_patch_beats_slow_resea...

DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides \u2022 The Register
http://www.theregister.co.uk/2014/10/22/powerpoint_attacks_exploit_ms_0day/

Cisco Patches Three-Year-Old Telnet Remote Code Execution Bug in Security Appliances | Threatpost | The first stop for security news
http://threatpost.com/cisco-patches-three-year-old-telnet-remote-code-ex...

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: