Risky Business #355 -- Gemalto op exposes cellphone crypto flaws

P1 Security (and Qualys) founder Philippe Langlois talks SIM key haxx...
26 Feb 2015 » Risky Business

On this week's show we're speaking with Philippe Langlois. You may remember him as the founder of Qualys in the 90s, but these days he's the CEO and founder of P1 Security, a telecommunications security firm. He'll be joining us to discuss the NSA and GCHQ operation against SIM card manufacturer Gemalto.

Last week The Intercept reported on some Snowden dox that said NSA and GCHQ were basically scooping up SIM card private keys from anywhere they could, including from within Gemalto's network. Because cellphone encryption schemes are symmetric, this is bad. It's very, very bad. We'll talk to Philippe about that.

This week's show is sponsored by Palo Alto Networks, big thanks to them. PAN CSO Rick Howard will be along in this week's sponsor interview to talk about one of his passion projects, the Cybersecurity Canon. It's basically his book club idea that PAN is now sponsoring and it's got a LOT of potential. Find out how you can get involved in this week's sponsor interview, with big thanks to Palo Alto Networks.

Don't forget you can now support the Risky Business page via our Patreon campaign. Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

PCS Harvesting at Scale - The Intercept
https://firstlook.org/theintercept/document/2015/02/19/pcs-harvesting-sc...

Gemalto Doesn't Know What It Doesn't Know - The Intercept
https://firstlook.org/theintercept/2015/02/25/gemalto-doesnt-know-doesnt...

Lenovo Superfish Certificate Password Cracked | Threatpost | The first stop for security news
http://threatpost.com/lenovo-superfish-certificate-password-cracked/111165

Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated] | Ars Technica
http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-...

How to remove the Superfish malware: What Lenovo doesn't tell you | Ars Technica
http://arstechnica.com/security/2015/02/how-to-remove-the-superfish-malw...

Get your Snort rules here: SuperFish Detection - SquareLemon
http://blog.squarelemon.com/blog/2015/02/20/superfish-detection/

------------------------
Support Risky Business on Patreon:
https://patreon.com/riskybusiness
------------------------

Security software found using Superfish-style code, as attacks get simpler | Ars Technica
http://arstechnica.com/security/2015/02/security-software-found-using-su...

Here's how the clash between the NSA Director and a senior Yahoo executive went down. - The Washington Post
http://www.washingtonpost.com/blogs/the-switch/wp/2015/02/23/heres-how-t...

Spies Can Track You Just by Watching Your Phone's Power Use | WIRED
http://www.wired.com/2015/02/powerspy-phone-tracking/

LenoLOL! 'Lizard Squad HACKS lenovo.com' \u2022 The Register
http://www.theregister.co.uk/2015/02/25/thought_things_couldnt_get_worse...

TrueCrypt Audit Cryptanalysis Handed Off to NCC Group | Threatpost | The first stop for security news
http://threatpost.com/truecrypt-audit-stirs-back-to-life/111162

Moxie Marlinspike >> Blog >> GPG And Me
http://www.thoughtcrime.org/blog/gpg-and-me/

Hackers Cut in Line at the Burning Man Ticket Sale-And Get Caught | WIRED
http://www.wired.com/2015/02/hacking-burning-man-tickets/

How Hackers Abused Tor To Rob Blockchain, Steal Bitcoin, Target Private Email And Get Away With It - Forbes
http://www.forbes.com/sites/thomasbrewster/2015/02/24/blockchain-and-dar...

Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy | WIRED
http://www.wired.com/2015/02/hacker-claims-feds-hit-44-felonies-refused-...

Accused British hacker, wanted for crimes in US, won't give up crypto keys | Ars Technica
http://arstechnica.com/tech-policy/2015/02/accused-british-hacker-wanted...

LinkedIn premium users to get $1 each in password-leak settlement | Ars Technica
http://arstechnica.com/tech-policy/2015/02/linkedin-premium-users-to-get...

FBI: $3M Bounty for ZeuS Trojan Author - Krebs on Security
http://krebsonsecurity.com/2015/02/fbi-3m-bounty-for-zeus-trojan-author/

Europol cracks down on botnet infecting 3.2 million computers | Ars Technica
http://arstechnica.com/tech-policy/2015/02/europol-cracks-down-on-botnet...

Snowden's favourite Linux - Tails - rushes sec-fix version to market \u2022 The Register
http://www.theregister.co.uk/2015/02/25/tails_project_rushes_secfix_vers...

Cybersecurity Canon
https://www.paloaltonetworks.com/threat-research/cybercanon.html

P1 Security
http://www.p1sec.com/corp/

The Shins - Phantom Limb [OFFICIAL VIDEO] - YouTube
https://www.youtube.com/watch?v=OkITsv3Nk6M