On this week's show we chat with Dan Guido of Trail of Bits about DARPA's Cyber Grand Challenge. There was a competition round last week and he tells us all about it.
Participants have to stand up simple network services on a LAN and keep them up. They also have to write attack code that targets other peoples services. When another participant attacks you, you have to defend against the attack and even patch your service so it's immune from the attacks it's being faced with... all of this is automated. You write your software before the event, drop it on the LAN and off you go. Dan tells us where the competition is at.
This week's show is brought to you by Tenable Network Security. Tenable CEO Ron Gula joins the show to talk about the OPM breach. He's encouraging Risky Business listeners to get in touch with their empathy in this instance -- sometimes politics stop organisations from being able to do the right thing when it comes to security. It's a great chat, so stick around for it.
Adam Boileau, as usual, joins us to discuss the week's security news.
Don't forget you can now support the Risky Business page via our Patreon campaign.
Oh, and do add Patrick and Adam on Twitter if that's your thing.
New exploit turns Samsung Galaxy phones into remote bugging devices | Ars Technica
Questions over Samsung's handling of security flaw in millions of smartphones
Hack Brief: Password Manager LastPass Got Breached Hard | WIRED
Catching Up on the OPM Breach - Krebs on Security
Encryption "would not have helped" at OPM, says DHS official | Ars Technica
Report: Hack of government employee records discovered by product demo | Ars Technica
Attackers Stole Certificate From Foxconn to Hack Kaspersky With Duqu 2.0 | WIRED
China and Russia Almost Definitely Have the Snowden Docs | WIRED
Serious OS X and iOS flaws let hackers steal keychain, 1Password contents | Ars Technica
Blackhats exploiting MacKeeper hole to foist dangerous trojan \u2022 The Register
US anti-fraud law makes deleting browser history a crime punishable by 20yrs in jail - RT USA
Hack Brief: The Cardinals May Have Hacked the Astros | WIRED
Magazine publisher loses $1.5M in cyberfraud | New York Post
Data-stealing component of 'Stegoloader' hides in PNG images - SC Magazine
AdBlock aims to send filthy malverts on one-way LSD trip \u2022 The Register
Vapourware no more: Let's Encrypt announces first cert dates \u2022 The Register
Google extends vulnerability bounties to Android; offers up to $30,000 | Ars Technica
Wikipedia goes all-HTTPS, starting immediately | Ars Technica
Cisco Patches IPv6 Vulnerability in Carrier Routers | Threatpost | The first stop for security news
ProjectVault/orp \xb7 GitHub
DROP LEGS | triple j Unearthed