Risky Business #370 -- Samsung screws the pooch in extravagant fashion

PLUS Dan Guido on the latest with DARPA's Cyber Grand Challenge...
18 Jun 2015 » Risky Business

On this week's show we chat with Dan Guido of Trail of Bits about DARPA's Cyber Grand Challenge. There was a competition round last week and he tells us all about it.

Participants have to stand up simple network services on a LAN and keep them up. They also have to write attack code that targets other peoples services. When another participant attacks you, you have to defend against the attack and even patch your service so it's immune from the attacks it's being faced with... all of this is automated. You write your software before the event, drop it on the LAN and off you go. Dan tells us where the competition is at.

This week's show is brought to you by Tenable Network Security. Tenable CEO Ron Gula joins the show to talk about the OPM breach. He's encouraging Risky Business listeners to get in touch with their empathy in this instance -- sometimes politics stop organisations from being able to do the right thing when it comes to security. It's a great chat, so stick around for it.

Adam Boileau, as usual, joins us to discuss the week's security news.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

New exploit turns Samsung Galaxy phones into remote bugging devices | Ars Technica

Questions over Samsung's handling of security flaw in millions of smartphones

Hack Brief: Password Manager LastPass Got Breached Hard | WIRED

Catching Up on the OPM Breach - Krebs on Security

Encryption "would not have helped" at OPM, says DHS official | Ars Technica

Report: Hack of government employee records discovered by product demo | Ars Technica

Attackers Stole Certificate From Foxconn to Hack Kaspersky With Duqu 2.0 | WIRED

China and Russia Almost Definitely Have the Snowden Docs | WIRED

Serious OS X and iOS flaws let hackers steal keychain, 1Password contents | Ars Technica

Blackhats exploiting MacKeeper hole to foist dangerous trojan \u2022 The Register

US anti-fraud law makes deleting browser history a crime punishable by 20yrs in jail - RT USA

Hack Brief: The Cardinals May Have Hacked the Astros | WIRED

Magazine publisher loses $1.5M in cyberfraud | New York Post

Data-stealing component of 'Stegoloader' hides in PNG images - SC Magazine

AdBlock aims to send filthy malverts on one-way LSD trip \u2022 The Register

Vapourware no more: Let's Encrypt announces first cert dates \u2022 The Register

Google extends vulnerability bounties to Android; offers up to $30,000 | Ars Technica

Wikipedia goes all-HTTPS, starting immediately | Ars Technica

Cisco Patches IPv6 Vulnerability in Carrier Routers | Threatpost | The first stop for security news

ProjectVault/orp \xb7 GitHub


DROP LEGS | triple j Unearthed