Risky Business Podcast
November 05, 2015
Risky Business #388 -- Cyber shrinkery, IoT shenanigans and guest Troy Hunt
Presented by
CEO and Publisher
Technology Editor
This week's feature interview is with Troy Hunt of HaveIBeenPwned.com. And he's noticing something pretty weird. It's common for people to deface websites for bragging rights, and yeah, it's not new that data dumps are the new bragging fodder. But it seems like these days attackers are seeing Troy's site as the definitive place to get cred. Now they'll steal a bunch of data and Troy is their first stop.
Life is strange on the internets. That's this week's feature interview.
This week's show is brought to you by ContextIS, a security consultancy and research house with offices in England, Germany and Australia. In this week's sponsor interview we chat with Alex Farrant, a senior security researcher with Context in Cheltenham about the risks of IoT to enterprise networks.
Don't worry, this isn't some non-specific, high level chat saying "IoT is bad," we're talking about real examples where they've managed to chain together a couple of bugs for serious effect. We also talk about how enterprises aren't shy about making key company resources accessible over WiFi these days. Yes, the same WiFi network that your vulnerable electric kettle and lightbulbs are on. Happy days.
Adam Boileau, as always, stops in to discuss the week's news, including the delightful Freudian analysis of computer hackers by "cyber psychologist" Mary Aiken.
Don't forget you can now support the Risky Business page via our Patreon campaign.
Oh, and do add Patrick and Adam on Twitter if that's your thing.
Show notes
Hackers Claim Million-Dollar Bounty for iOS Zero Day Attack | WIRED
http://www.wired.com/2015/11/hackers-claim-million-dollar-bounty-for-ios...
UK Government Works on Restricting Encryption, Urges Staff to Use It | Motherboard
http://motherboard.vice.com/read/uk-government-works-on-restricting-stro...
Internet firms to be banned from offering unbreakable encryption under new laws - Telegraph
http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/11970391/Inte...
UK surveillance powers explained - BBC News
http://www.bbc.com/news/uk-34713435
The Lesson of CISA's Success, or How to Fight a Zombie
https://theintercept.com/2015/11/03/lesson-of-cisa-success-or-how-to-fig...
ALBAWABA NEWS: Egypt's military arrests 150 terrorists through "Telegram"
http://www.albawabaeg.com/66794
Teenager arrested in Norwich over TalkTalk cyber-attack bailed | Business | The Guardian
http://www.theguardian.com/business/2015/nov/04/teenager-arrested-in-nor...
vBulletin password hack fuels fears of serious Internet-wide 0-day attacks | Ars Technica
http://arstechnica.com/security/2015/11/vbulletin-password-hack-fuels-fe...
Tor Just Launched the Easiest App Yet for Anonymous, Encrypted IM | WIRED
http://www.wired.com/2015/10/tor-just-launched-the-easiest-app-yet-for-a...
Zerocoin Startup Revives the Dream of Truly Anonymous Money | WIRED
http://www.wired.com/2015/11/zerocoin-startup-revives-the-dream-of-truly...
Signal, the Snowden-Approved Crypto App, Comes to Android | WIRED
http://www.wired.com/2015/11/signals-snowden-approved-phone-crypto-app-c...
Don't count on STARTTLS to automatically encrypt your sensitive e-mails | Ars Technica
http://arstechnica.com/security/2015/10/dont-count-on-starttls-to-automa...
Still fuming over HTTPS mishap, Google makes Symantec an offer it can't refuse | Ars Technica
http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-g...
How Carders Can Use eBay as a Virtual ATM - Krebs on Security
http://krebsonsecurity.com/2015/11/how-carders-can-use-ebay-as-a-virtual...
Shuanet Adware Roots Android Devices | Threatpost | The first stop for security news
http://threatpost.com/shuanet-adware-rooting-android-devices-via-trojani...
Chinese Mobile Ad Library Backdoored to Spy on iOS Devices | Threatpost | The first stop for security news
http://threatpost.com/chinese-mobile-ad-library-backdoored-to-spy-on-ios...
Samsung Galaxy S6 Edge Security Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/google-project-zero-turns-over-11-bugs-in-galaxy-s...
Data-Stealing Android App Impersonates Word Doc | Threatpost | The first stop for security news
http://threatpost.com/malicious-android-app-impersonates-microsoft-word-...
XcodeGhost Malware Supports iOS9 | Threatpost | The first stop for security news
http://threatpost.com/updated-xcodeghost-adds-ios9-support/115244/
November 2015 Android Security Bulletin | Threatpost | The first stop for security news
http://threatpost.com/monthly-android-security-update-patches-more-stage...
Tinba Variant Spotted Targeting Russian, Japanese Banks | Threatpost | The first stop for security news
http://threatpost.com/new-tinba-variant-spotted-targeting-russian-japane...
PageFair Hack Serves Up Fake Flash Update to 500 Sites | Threatpost | The first stop for security news
http://threatpost.com/pagefair-hack-serves-up-fake-flash-update-to-500-s...
Xen patches 7-year-old bug that shattered hypervisor security | Ars Technica
http://arstechnica.com/security/2015/10/xen-patches-7-year-old-bug-that-...
Latest EMET Bypass Targets WoW64 Windows Subsystem | Threatpost | The first stop for security news
http://threatpost.com/latest-emet-bypass-targets-wow64-windows-subsystem...
FireEye growth slows as China attacks reportedly abate, stock plunges - MarketWatch
http://www.marketwatch.com/story/fireeye-growth-slows-as-china-attacks-r...
Hackers gonna hack, but why? Maybe Freud has the answer | Technology | The Guardian
http://www.theguardian.com/technology/2015/nov/03/hackers-gonna-hack-but...
Troy Hunt: Breaches, traders, plain text passwords, ethical disclosure and 000webhost
http://www.troyhunt.com/2015/10/breaches-traders-plain-text-passwords.html
Music | PLTS
https://pltsmusic.bandcamp.com/
Also, you should absolutely check out Context's Blog. It's really quite good.
http://www.contextis.com/resources/blog/1/