On this week's show we're speaking with Philippe Langlois. You may remember him as the founder of Qualys in the 90s, but these days he's the CEO and founder of P1 Security, a telecommunications security firm. He'll be joining us to discuss the NSA and GCHQ operation against SIM card manufacturer Gemalto.
Last week The Intercept reported on some Snowden dox that said NSA and GCHQ were basically scooping up SIM card private keys from anywhere they could, including from within Gemalto's network. Because cellphone encryption schemes are symmetric, this is bad. It's very, very bad. We'll talk to Philippe about that.
This week's show is sponsored by Palo Alto Networks, big thanks to them. PAN CSO Rick Howard will be along in this week's sponsor interview to talk about one of his passion projects, the Cybersecurity Canon. It's basically his book club idea that PAN is now sponsoring and it's got a LOT of potential. Find out how you can get involved in this week's sponsor interview, with big thanks to Palo Alto Networks.
Don't forget you can now support the Risky Business page via our Patreon campaign. Oh, and do add Patrick and Adam on Twitter if that's your thing.
The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle
PCS Harvesting at Scale - The Intercept
Gemalto Doesn't Know What It Doesn't Know - The Intercept
Lenovo Superfish Certificate Password Cracked | Threatpost | The first stop for security news
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated] | Ars Technica
How to remove the Superfish malware: What Lenovo doesn't tell you | Ars Technica
Get your Snort rules here: SuperFish Detection - SquareLemon
Support Risky Business on Patreon:
Security software found using Superfish-style code, as attacks get simpler | Ars Technica
Here's how the clash between the NSA Director and a senior Yahoo executive went down. - The Washington Post
Spies Can Track You Just by Watching Your Phone's Power Use | WIRED
LenoLOL! 'Lizard Squad HACKS lenovo.com' \u2022 The Register
TrueCrypt Audit Cryptanalysis Handed Off to NCC Group | Threatpost | The first stop for security news
Moxie Marlinspike >> Blog >> GPG And Me
Hackers Cut in Line at the Burning Man Ticket Sale-And Get Caught | WIRED
How Hackers Abused Tor To Rob Blockchain, Steal Bitcoin, Target Private Email And Get Away With It - Forbes
Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy | WIRED
Accused British hacker, wanted for crimes in US, won't give up crypto keys | Ars Technica
LinkedIn premium users to get $1 each in password-leak settlement | Ars Technica
FBI: $3M Bounty for ZeuS Trojan Author - Krebs on Security
Europol cracks down on botnet infecting 3.2 million computers | Ars Technica
Snowden's favourite Linux - Tails - rushes sec-fix version to market \u2022 The Register
The Shins - Phantom Limb [OFFICIAL VIDEO] - YouTube