Risky Business #387 -- Hack people to death!

PLUS a recap of the last three week's infosec news...
29 Oct 2015 » Risky Business

In this week's feature interview we're chatting with Chris Rock from Kustodian. Chris did a great presentation at Ruxcon last week about how easy it is to hack people to death!

He's found out just how easy it is to register births and deaths in the united states and Australia via online systems. He says it's a problem that could result in a virtual baby harvest for fraudsters who plan ahead. It's really fun stuff, that's this week's feature.

In this week's sponsor interview we're speaking with Deema Freij, general counsel at Intralinks. This is an interview the CSOs shouldn't miss... we're talking to her about privacy stuff -- about what the invalidation of Safe Harbour provisions really means, what we can expect from the new EU general data protection regulations when they land, and what sort of management challenges that's going to throw up at the boardroom level.

Adam Boileau, as always, stops in to discuss the week's news.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

WikiLeaks Is Publishing the CIA Director's Hacked Emails | WIRED
http://www.wired.com/2015/10/wikileaks-publishing-cia-director-john-bren...

Hacker releases new purported personal data for top CIA, DHS officials [Updated] | Ars Technica
http://arstechnica.com/tech-policy/2015/10/hacker-releases-new-purported...

A Second Snowden Has Leaked a Mother Lode of Drone Docs | WIRED
http://www.wired.com/2015/10/a-second-snowden-leaks-a-mother-lode-of-dro...

Who Is Ardit Ferizi? Malaysia Arrests Kosovo National For Hacking US Security Data For ISIS
http://www.ibtimes.com/who-ardit-ferizi-malaysia-arrests-kosovo-national...

Matthew Keys' Hacking Conviction May Not Survive an Appeal | WIRED
http://www.wired.com/2015/10/matthew-keys-journalist-conviction-cfaa-abu...

TalkTalk Hackers Demanded \xa380K in Bitcoin - Krebs on Security
http://krebsonsecurity.com/2015/10/talktalk-hackers-demanded-80k-in-bitc...

TalkTalk Hackers Demand Ransom of CEO Dido Harding | Threatpost | The first stop for security news
https://threatpost.com/talktalk-hackers-demand-ransom-from-ceo/115156/

China Is Still Hacking US Companies After Promising It Would Stop, Report Says | Motherboard
http://motherboard.vice.com/read/china-is-still-hacking-us-companies-aft...

Arrest of Chinese Hackers Not a First for U.S. - Krebs on Security
http://krebsonsecurity.com/2015/10/arrest-of-chinese-hackers-not-a-first...

How is NSA breaking so much crypto?
https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking...

Fewer IPsec VPN Connections at Risk to Weak Diffie-Hellman | Threatpost | The first stop for security news
https://threatpost.com/fewer-ipsec-vpn-connections-at-risk-from-weak-dif...

CISA Passes Senate Without Addressing Privacy Concerns | Threatpost | The first stop for security news
https://threatpost.com/cisa-passes-senate-without-addressing-privacy-con...

A DEA Agent Who Helped Take Down Silk Road Is Going to Prison for Unbelievable Corruption | Mother Jones
http://www.motherjones.com/mixed-media/2015/10/silk-road-investigator-se...

X-Ray Scans Expose an Ingenious Chip-and-Pin Card Hack | WIRED
http://www.wired.com/2015/10/x-ray-scans-expose-an-ingenious-chip-and-pi...

EFF: We found 100+ license plate readers wide open on the Internet | Ars Technica
http://arstechnica.com/tech-policy/2015/10/lprs-exposed-how-public-safet...

Automakers just lost the battle to stop you from hacking your car | The Verge
http://www.theverge.com/2015/10/27/9622150/dmca-exemption-accessing-car-...

New attacks on Network Time Protocol can defeat HTTPS and create chaos | Ars Technica
http://arstechnica.com/security/2015/10/new-attacks-on-network-time-prot...

Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica
http://arstechnica.com/security/2015/10/unpatched-browser-weaknesses-can...

This 11-year-old is selling cryptographically secure passwords for $2 each | Ars Technica
http://arstechnica.com/business/2015/10/this-11-year-old-is-selling-cryp...

Microsoft .NET Core, ASP.NET Beta Bug Bounty | Threatpost | The first stop for security news
https://threatpost.com/microsoft-opens-net-core-asp-net-bug-bounties/115...

IBM Runs World's Worst Spam-Hosting ISP? - Krebs on Security
http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/

Let's Encrypt Free HTTPS Secures Cross-Signatures To Be A CA | Threatpost | The first stop for security news
https://threatpost.com/lets-encrypt-hits-another-free-https-milestone/11...

Insecure Internet-Connected Kettles Help Researchers Crack WiFi Networks Across London - Softpedia
http://news.softpedia.com/news/insecure-internet-connected-kettles-help-...

13 million plaintext passwords belonging to webhost users leaked online | Ars Technica
http://arstechnica.com/security/2015/10/13-million-plaintext-passwords-b...

Western Digital self-encrypting hard drives riddled with security flaws | Ars Technica
http://arstechnica.com/security/2015/10/western-digital-self-encrypting-...

Joomla bug puts millions of websites at risk of remote takeover hacks | Ars Technica
http://arstechnica.com/security/2015/10/joomla-bug-puts-millions-of-webs...

New zero-day exploit hits fully patched Adobe Flash [Updated] | Ars Technica
http://arstechnica.com/security/2015/10/new-zero-day-exploit-hits-fully-...

October 2015 Oracle Critical Patch Update | Threatpost | The first stop for security news
https://threatpost.com/oracle-quarterly-security-update-patches-154-vuln...

'10-second' theoretical hack could jog Fitbits into malware-spreading mode \u2022 The Register
http://www.theregister.co.uk/2015/10/21/fitbit_hack/

DEF CON 23 - Chris Rock - I Will Kill You - YouTube
https://www.youtube.com/watch?v=9FdHq3WfJgs

bluejuice - Vitriol - YouTube
https://www.youtube.com/watch?v=ldBhDmvWFXE