On this week's show we're chatting with Darren Kemp of Duo Security. He's one of the authors of a post about the latest example of computer manufacturer shitware introducing catastrophic vulnerabilities into shipped systems. This time it's Dell's turn.
If you haven't heard what they actually did you'll hardly even believe it. That's this week's feature interview.
This week's sponsor guest is Tenable's very own Brian "Jericho" Martin. He's a guy who knows a thing or two about vulnerabilities and the software supply chain. We dodged a bullet with those libpng vulnerabilities of a few weeks ago not really being exploitable. But what if they were? How do you prepare your organisation for some serious bugs dropping in libraries when you're not even sure if you're using that code?
Don't forget you can now support the Risky Business page via our Patreon campaign.
Oh, and do add Patrick and Adam on Twitter if that's your thing.
Show notes
Clinton Says the US Needs Silicon Valley's Help to Defeat ISIS | WIRED
http://www.wired.com/2015/11/clinton-says-us-needs-silicon-valleys-help-...
Security Manual Reveals the OPSEC Advice ISIS Gives Recruits | WIRED
http://www.wired.com/2015/11/isis-opsec-encryption-manuals-reveal-terror...
The Secret ISIS Cyber Guide Was Actually Just An Arabic Guide For Activists - BuzzFeed News
http://www.buzzfeed.com/sheerafrenkel/the-secret-isis-cyber-guide-was-ac...
Bangladesh mulls blocking WhatsApp and Viber to prevent terror activities
http://www.ibtimes.co.in/bangladesh-mulls-blocking-whatsapp-viber-preven...
Iranian military spear-phish of State Department employees detected first by Facebook | Ars Technica
http://arstechnica.com/security/2015/11/iranian-military-spear-phish-of-...
Breach at IT Automation Firm LANDESK - Krebs on Security
http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk/
54 Starwood Hotels Hit By Point of Sale Malware | Threatpost | The first stop for security news
https://threatpost.com/starwood-hotel-chain-hit-by-point-of-sale-malware...
Hilton Acknowledges Credit Card Breach - Krebs on Security
http://krebsonsecurity.com/2015/11/hilton-acknowledges-credit-card-breach/
A $10 Tool Can Guess (And Steal) Your Next Credit Card Number | WIRED
http://www.wired.com/2015/11/samy-kamkar-10-dollar-tool-can-guess-and-st...
Certifications Tracking System Outage and Data Exposure - The Cisco Learning Network
https://learningnetwork.cisco.com/blogs/community_cafe/2015/11/21/certif...
FBI Warns Public Officials of Doxing Threat | Threatpost | The first stop for security news
https://threatpost.com/fbi-warns-public-officials-of-doxing-threat/115429/
The Doctor on a Quest to Save Our Medical Devices From Hackers | WIRED
http://www.wired.com/2015/11/the-doctor-on-a-quest-to-save-our-medical-d...
TrueCrypt is safer than previously reported, detailed analysis concludes | Ars Technica
http://arstechnica.com/security/2015/11/truecrypt-is-safer-than-previous...
GlassRAT Remote Access Trojan | Threatpost | The first stop for security news
https://threatpost.com/stealthy-glassrat-spies-on-commercial-targets/115...
VirusTotal Mac OS X App Sandbox Support | Threatpost | The first stop for security news
https://threatpost.com/virustotal-adds-sandbox-execution-for-os-x-apps/1...
Amazon resets account passwords feared compromised - report \u2022 The Register
http://www.theregister.co.uk/2015/11/25/amazon_password_reset/
United Airlines Slow to Patch Mobile App Vulnerability | Threatpost | The first stop for security news
https://threatpost.com/united-airlines-slow-to-patch-mobile-app-vulnerab...
Lenovo Patches Vulnerabilities in System Update Service | Threatpost | The first stop for security news
https://threatpost.com/lenovo-patches-vulnerabilities-in-system-update-s...
600,000 Arris Modems Plagued by 'Backdoor in a Backdoor' | Threatpost | The first stop for security news
https://threatpost.com/backdoor-in-a-backdoor-identified-in-600000-arris...
VMware Patches Pesky XXE Bug in Flex BlazeDS | Threatpost | The first stop for security news
https://threatpost.com/vmware-patches-pesky-xxe-bug-in-flex-blazeds/115443/
Sony employees on the hack, one year later.
http://www.slate.com/articles/technology/users/2015/11/sony_employees_on...
Dell apologizes for HTTPS certificate fiasco, provides removal tool | Ars Technica
http://arstechnica.com/security/2015/11/dell-apologizes-for-https-certif...
Joe Nord personal blog: New Dell computer comes with a eDellRoot trusted root certificate
http://joenord.blogspot.in/2015/11/new-dell-computer-comes-with-edellroo...
Dude, You Got Dell'd: Publishing Your Privates - Blog - Duo Security
https://www.duosecurity.com/blog/dude-you-got-dell-d-publishing-your-pri...
bluejuice - The Reductionist - YouTube
https://www.youtube.com/watch?v=v0N7DDDKsqw