Risky Business #378 -- Mary Ann Davidson vs Krebs and Dowd

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Mark Dowd and Brian Krebs about Oracle CSO Mary Ann Davidson's somewhat odd blog post from earlier this week. In the post she laid into security researchers for violating Oracle's EULA when reverse engineering their products. The post got pulled, much drama, we sift through the ashes of that. Plus we chat to Brian about the daring $46.7m online heist against Ubiquiti Networks.

This week's show is brought to you by BugCrowd. But in this week's sponsor interview we're not chatting with a BugCrowd representative, we're speaking to one of its customers instead. Paul Moreno from Pinterest drops by to talk about his experience in operating a bug bounty through an outsourced provider.

Adam Boileau, as always, joins the show to discuss the week's news headlines.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Doubts cast on Islamic State's so-called leak of US .mil, .gov passwords \u2022 The Register
http://www.theregister.co.uk/2015/08/12/islamic_panic/

Attackers are hijacking critical networking gear from Cisco, company warns | Ars Technica
http://arstechnica.com/security/2015/08/attackers-are-hijacking-critical...

Why Not Insider Trade on Every Company? - Bloomberg View
http://www.bloombergview.com/articles/2015-08-11/why-not-insider-trade-o...

Sen. Warren Worried About Banks' New Encrypted Messaging Platform | Threatpost | The first stop for security news
https://threatpost.com/sen-warren-worried-about-banks-new-encrypted-mess...

Russia hacks Pentagon computers: NBC, citing sources
http://www.cnbc.com/2015/08/06/russia-hacks-pentagon-computers-nbc-citin...

Manipulating Microsoft WSUS to Own Enterprises | Threatpost | The first stop for security news
https://threatpost.com/manipulating-wsus-to-own-enterprises/114168

Imploding Barrels and Other Highlights From Hackfest DefCon | WIRED
http://www.wired.com/2015/08/highlights-from-defcon-2015/

Hackers Cut a Corvette's Brakes Via a Common Car Gadget | WIRED
http://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car...

Internet-Connected Gas Pumps Are a Lure for Hackers | WIRED
http://www.wired.com/2015/08/internet-connected-gas-pumps-lure-hackers/

Researchers Hacked a Model S, But Tesla's Already Released a Patch | WIRED
http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

Meet RollJam, the $30 device that jimmies car and garage doors | Ars Technica
http://arstechnica.com/security/2015/08/meet-rolljam-the-30-device-that-...

Researchers reveal electronic car lock hack after 2-year injunction by Volkswagen | Ars Technica
http://arstechnica.com/security/2015/08/researchers-reveal-electronic-ca...

"Funtenna" software hack turns a laser printer into a covert radio | Ars Technica
http://arstechnica.com/security/2015/08/funtenna-software-hack-turns-a-l...

Hack of telematics device lets attackers mess with car's brakes | Ars Technica
http://arstechnica.com/cars/2015/08/hack-of-telematics-device-lets-attac...

The Windows 10 Security Settings You Need to Know | WIRED
http://www.wired.com/2015/08/windows-10-security-settings-need-know/

Lenovo used Windows anti-theft feature to install persistent crapware | Ars Technica
http://arstechnica.com/information-technology/2015/08/lenovo-used-window...

Darkhotel APT Latest to Use Hacking Team Zero Day | Threatpost | The first stop for security news
https://threatpost.com/darkhotel-apt-latest-to-use-hacking-team-zero-day...

0-day attack on Firefox users stole password and key data: Patch now! | Ars Technica
http://arstechnica.com/security/2015/08/0-day-attack-on-firefox-users-st...

Attackers actively exploit Windows bug that uses USB sticks to infect PCs | Ars Technica
http://arstechnica.com/security/2015/08/attackers-actively-exploit-windo...

Microsoft Patches USB-Related Flaw Used in Targeted Attacks | Threatpost | The first stop for security news
https://threatpost.com/microsoft-patches-usb-related-flaw-used-in-target...

August 2015 Microsoft Patch Tuesday Security Bulletins | Threatpost | The first stop for security news
https://threatpost.com/microsoft-patches-critical-vulnerabilities-in-new...

Severe weaknesses in Android handsets could leak user fingerprints | Ars Technica
http://arstechnica.com/security/2015/08/severe-weaknesses-in-android-han...

Android 'Serialization' Vulnerability Affects 55 Percent of Devices | Threatpost | The first stop for security news
https://threatpost.com/patched-android-serialization-vulnerability-affec...

Huge Flash Update Patches More Than 30 Vulnerabilities | Threatpost | The first stop for security news
https://threatpost.com/huge-flash-update-patches-more-than-30-vulnerabil...

Oracle security chief to customers: Stop checking our code for vulnerabilities [Updated] | Ars Technica
http://arstechnica.com/information-technology/2015/08/oracle-security-ch...

Tech Firm Ubiquiti Suffers $46M Cyberheist - Krebs on Security
http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberh...

History | DAN WARNER
http://danwarner.com.au/history/

Risky Business #378 -- Mary Ann Davidson vs Krebs and Dowd
0:00 / 0:00