Risky Business #356 -- Crypto Wars 2.0 with guest Alex Stamos

PLUS Security at scale, risks to bug bounties...
05 Mar 2015 » Risky Business

This week's feature interview is with Alex Stamos, CISO of Yahoo. Alex did a fantastic AppSec keynote in early February that I wanted to ask him about, so we booked this interview a couple of weeks ago.

Then, last week, Alex made the news. Big time.

While on a panel with Admiral Mike Rogers, Alex challenged the NSA chief on the government's apparent desire to mandate the introduction of interception capabilities into products made by technology companies.

Alex asked if companies that agreed to introduce back doors for the US government should also agree to provide similar back doors to other countries as well, ones that might not be democratic. From there, there was some to and fro.

It was a cordial exchange but it was written up as a stoush.

Alex joined me via Skype to discuss that exchange, security at scale and bug bounties.

It's time for this week's sponsor interview now with Julian Fay, CTO and co-founder of Senetas, makers of fine, fine hardware security equipment.

Julian joined me this week to discuss a raft of crypto news, starting off with the Freak vulnerability, which, as best I can tell, isn't actually a giant fireball heading towards earth, despite what some of the tech press might be saying.

Don't forget you can now support the Risky Business page via our Patreon campaign. Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Google quietly backs away from encrypting new Lollipop devices by default [Updated] | Ars Technica
http://arstechnica.com/gadgets/2015/03/google-quietly-backs-away-from-en...

Buyout puts supersecure Blackphone in one company's hands - CNET
http://www.cnet.com/news/silent-circle-buys-out-secure-blackphone-hardwa...

There's Now a Free iPhone App That Encrypts Calls and Texts | WIRED
http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/

Sailfish Secure wants to be an Android alternative safe from spies' prying eyes - CNET
http://www.cnet.com/news/sailfish-secure-wants-to-be-an-android-alternat...

Tim Cook to governments: Lay off our privacy - CNET
http://www.cnet.com/news/tim-cook-to-governments-lay-off-our-privacy/

US court rubber-stamps dragnet metadata surveillance (again) \u2022 The Register
http://www.theregister.co.uk/2015/03/02/dragnet_metadata_surveillance_ex...

Komodia Certificate Manipulation Enabled Man-In-The-Middle Attacks | Threatpost | The first stop for security news
http://threatpost.com/komodia-certificate-manipulation-likely-led-to-man...

Lenovo.com hijack reportedly pulled off by hack on upstream registrar | Ars Technica
http://arstechnica.com/security/2015/02/lenovo-com-hijack-reportedly-pul...

More IoT insecurity: This Blu-ray disc pwns PCs and DVD players | Ars Technica
http://arstechnica.com/security/2015/03/more-iot-insecurity-this-blu-ray...

In major goof, Uber stored sensitive database key on public GitHub page | Ars Technica
http://arstechnica.com/security/2015/03/in-major-goof-uber-stored-sensit...

50,000 Uber driver names, license numbers exposed in a data breach | Ars Technica
http://arstechnica.com/business/2015/02/50000-uber-driver-names-license-...

Apple Pay a haven for 'rampant' credit card fraud, say experts \u2022 The Register
http://www.theregister.co.uk/2015/03/03/apple_pay_plastic_fraud/

Credit Card Breach at Mandarin Oriental - Krebs on Security
http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-orien...

Iran hacks America where it hurts: Las Vegas casinos \u2022 The Register
http://www.theregister.co.uk/2015/02/27/iran_behind_us_casino_hack/

Alleged Aussie Anon hauled in for Indonesia phone tap hacking spat \u2022 The Register
http://www.theregister.co.uk/2015/02/27/alledged_aussie_anon_hauled_in_f...

Hospital Sues Bank of America Over Million-Dollar Cyberheist - Krebs on Security
http://krebsonsecurity.com/2015/03/hospital-sues-bank-of-america-over-mi...

Natural Grocers Investigating Card Breach - Krebs on Security
http://krebsonsecurity.com/2015/03/natural-grocers-investigating-card-br...

Government moves quickly to adopt metadata retention law review recommendations
http://www.smh.com.au/it-pro/government-it/government-moves-quickly-to-a...

Federal MPs hit in phone prank | Herald Sun
http://www.heraldsun.com.au/news/federal-mps-hit-in-phone-prank/story-fn...

Seagate Business NAS Firmware Vulnerabilities Disclosed | Threatpost | The first stop for security news
http://threatpost.com/seagate-business-nas-firmware-vulnerabilities-disc...

D-Link Working on Firmware Updates for Three Critical Bugs | Threatpost | The first stop for security news
http://threatpost.com/d-link-working-on-firmware-updates-for-three-criti...

Spam Uses Default Passwords to Hack Routers - Krebs on Security
http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-r...

Firefox 37 to Include New OneCRL Certificate Blocklist | Threatpost | The first stop for security news
http://threatpost.com/firefox-37-to-include-new-onecrl-certificate-block...

Patrick Gray on the State of Security and State Security | Threatpost | The first stop for security news
http://threatpost.com/patrick-gray-on-the-state-of-security-and-state-se...

New Zealand Spies on Neighbors in Secret 'Five Eyes' Global Surveillance - The Intercept
https://firstlook.org/theintercept/2015/03/04/new-zealand-gcsb-surveilla...

Snowden revelations / The price of the Five Eyes club: Mass spying on friendly nations - National - NZ Herald News
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11411759

"FREAK" flaw in Android and Apple devices cripples HTTPS crypto protection | Ars Technica
http://arstechnica.com/security/2015/03/freak-flaw-in-android-and-apple-...

Surveillance-based manipulation: How Facebook or Google could tilt elections | Ars Technica
http://arstechnica.com/security/2015/02/surveillance-based-manipulation-...

House committee subpoenas Clinton emails in Benghazi probe
http://bigstory.ap.org/article/b78ba433af3a45209668f745158d994c/clinton-...

AppSec is Eating Security - Opening Keynote - AppSec California 2015 - Alex Stamos - YouTube
https://www.youtube.com/watch?v=-1kZMn1RueI

Here's how the clash between the NSA Director and a senior Yahoo executive went down. - The Washington Post
http://www.washingtonpost.com/blogs/the-switch/wp/2015/02/23/heres-how-t...

Senetas
http://www.senetas.com/

Rainy Day Women | triple j Unearthed
https://www.triplejunearthed.com/artist/rainy-day-women