Risky Business #346 -- Haters gonna hate, Americans gonna 'muric

Encrypt smartphones = KILL the CHILDREN...
21 Nov 2014 » Risky Business

On this week's show we're chatting with Peter Fillmore about payment card security. He was able to clone a contactless card and use it to do his shopping here in Australia -- this is something you shouldn't be able to do. So the question becomes, how can the USA, which is taking tentative steps towards chip cards, avoid some of the mistakes made in more advanced markets like ours?

We also find out chip-enabled ATMs pass card data through the chip reader straight into a parser running on the main ATM OS... which, yeah... That's pretty bad.

This week's show is brought to you by Senetas, makers of fine, fine encryption technology. They make layer 2 encryption gear... Senetas CTO Julian Fay, says the Snowden leaks are continuing to have a massive impact on the business landscape out there. These guys are shipping equipment to encrypt hundreds and hundreds of gigabits of data flowing between data centres that are increasingly located in Europe. So all that talk about companies moving their equipment out of the USA? Well, it IS happening.

He's got some fascinating insights for us.

Show notes

Critical NSA Reform Bill Fails in the Senate | WIRED
http://www.wired.com/2014/11/usa-freedom-act-fails-in-senate/

Beefed up iPhone crypto will lead to a child dying, DOJ warned Apple execs | Ars Technica
http://arstechnica.com/tech-policy/2014/11/beefed-up-iphone-crypto-will-...

U.S. Gov Insists It Doesn't Stockpile Zero-Day Exploits to Hack Enemies | WIRED
http://www.wired.com/2014/11/michael-daniel-no-zero-day-stockpile/

EFF, Others Plan to Make Encrypting the Web Easier in 2015 | Threatpost | The first stop for security news
http://threatpost.com/eff-others-plan-to-make-encrypting-the-web-easier-...

Whatsapp Just Switched on End-to-End Encryption for Hundreds of Millions of Users | WIRED
http://www.wired.com/2014/11/whatsapp-encrypted-messaging/

IAB Urges Designers to Make Encryption the Default | Threatpost | The first stop for security news
http://threatpost.com/iab-urges-designers-to-make-encryption-the-default...

Paper: NetFlow Data De-Anonymizes Tor Users | Threatpost | The first stop for security news
http://threatpost.com/tor-reins-in-concerns-after-academic-paper-on-de-a...

For a year, gang operating rogue Tor node infected Windows executables | Ars Technica
http://arstechnica.com/security/2014/11/for-a-year-one-rogue-tor-node-ad...

SMS pwnage on MEELLIONS of flawed SIM cards, popular 4G modems \u2022 The Register
http://www.theregister.co.uk/2014/11/19/sms_pwnage_on_meellions_of_flawe...

Google Releases Open Source XSS Web App Scanner | Threatpost | The first stop for security news
http://threatpost.com/google-releases-open-source-xss-web-app-scanner/10...

Open Source OpenSOC Security Analytics Framework Released | Threatpost | The first stop for security news
http://threatpost.com/cisco-releases-security-analytics-framework-to-ope...

Visa, MasterCard Remove Passwords from 3D Secure | Threatpost | The first stop for security news
http://threatpost.com/visa-mastercard-removing-passwords-from-3d-secure/...

Swedish Court Rejects Julian Assange's Appeal to Dismiss His Arrest Warrant | WIRED
http://www.wired.com/2014/11/sweden-rejects-assange-appeal/

How the Dark Web's New Favorite Drug Market Is Profiting From Silk Road 2's Demise | WIRED
http://www.wired.com/2014/11/the-evolution-of-evolution-after-silk-road/

AT&T Stops Using Invasive 'Perma-Cookies,' But It May Turn Them Back On | WIRED
http://www.wired.com/2014/11/att-hits-pause-privacy-busting-perma-cookie...

UK.gov teams up with moneymen on HACK ATTACK INSURANCE \u2022 The Register
http://www.theregister.co.uk/2014/11/13/cyber_insurance_analysis/

Network Hijackers Exploit Technical Loophole - Krebs on Security
http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-l...

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign | Threatpost | The first stop for security news
http://threatpost.com/attackers-using-compromised-web-plug-ins-in-crypto...

A neverending story: PC users lose another $120M to tech support scams | Ars Technica
http://arstechnica.com/information-technology/2014/11/ftc-windows-tech-s...

State Department shuts down email system after suspected hacker attack | US news | theguardian.com
http://www.theguardian.com/us-news/2014/nov/16/state-department-shuts-do...

Malware's new target: your password manager's password | Ars Technica
http://arstechnica.com/security/2014/11/citadel-attackers-aim-to-steal-v...

Apple iOS 8.1.1 Fixes Several Code-Execution Flaws | Threatpost | The first stop for security news
http://threatpost.com/apple-ios-8-1-1-fixes-several-code-execution-flaws...

Nasty Security Bug Fixed in Android Lollipop 5.0 | Threatpost | The first stop for security news
http://threatpost.com/nasty-security-bug-fixed-in-android-lollipop-5-0/1...

Windows Phone security sandbox survives Pwn2Own unscathed | Ars Technica
http://arstechnica.com/security/2014/11/windows-phone-security-sandbox-s...

Microsoft Releases Emergency Security Update - Krebs on Security
http://krebsonsecurity.com/2014/11/microsoft-releases-emergency-security...

WinShock PoC clocked: But DON'T PANIC... It's no Heartbleed \u2022 The Register
http://www.theregister.co.uk/2014/11/17/ms_schannel_crypto_poc/

Drupal Denial of Service Session Hijacking Patch | Threatpost | The first stop for security news
http://threatpost.com/drupal-patches-denial-of-service-vulnerability-det...

EMVCo
http://emvco.com/approvals.aspx?id=85

Payment Security Consulting
http://pscco.com.au/

the loved ones - ever lovin' man - YouTube
https://www.youtube.com/watch?v=Ajdqk8ZN1jM