Risky Business #407 -- Guests HD Moore, Dan Kaminsky, Grugq and Space Rogue

The Panama Papers, BadLock and more...
14 Apr 2016 » Risky Business

On this week's show we chat with HD Moore about the woeful state of security at Panamanian law firms. Mossack Fonseca isn't the only one that truly, truly sucks at security.

We also check in with Dan Kaminsky to get his reaction to the BadLock bug. Tenable Network Security's Cris "Space Rogue" Thomas joins us to talk about what we could expect this year when it comes to security startups. He's expecting quite a few of them to fold.

The Grugq joins the show this week to discuss the week's security news. He's filling in for Adam Boileau who's travelling in Australia.

Oh, and do add Patrick and Grugq on Twitter if that's your thing.

Show notes

Badlock Windows, Samba Man-in-the-Middle Vulnerability | Threatpost | The first stop for security news
https://threatpost.com/badlock-vulnerability-falls-flat-against-its-hype...

Hyping vulnerabilities is no longer helping application security awareness | TechCrunch
http://techcrunch.com/2016/04/11/hyping-vulnerabilities-is-no-longer-hel...

That 'Badlock' Bug Is More Hype Than Hurt | WIRED
http://www.wired.com/2016/04/badlock-bug-hype-hurt/

Yes, Badlock bug was shamelessly hyped, but the threat is real | Ars Technica
http://arstechnica.com/security/2016/04/yes-badlock-bug-was-shamelessly-...

How Reporters Pulled Off the Panama Papers, the Biggest Leak in Whistleblower History | WIRED
http://www.wired.com/2016/04/reporters-pulled-off-panama-papers-biggest-...

The Panama papers: Australia leads OECD response as crime links emerge | afr.com
http://www.afr.com/news/policy/tax/the-panama-papers-oecd-emergency-meet...

The Senate's Draft Encryption Bill Is 'Ludicrous, Dangerous, Technically Illiterate' | WIRED
http://www.wired.com/2016/04/senates-draft-encryption-bill-privacy-night...

Adobe patches Flash bug that's being exploited to install ransomware | Ars Technica
http://arstechnica.com/security/2016/04/adobe-flash-update-ransomware-wi...

OK, panic-newly evolved ransomware is bad news for everyone | Ars Technica
http://arstechnica.com/security/2016/04/ok-panic-newly-evolved-ransomwar...

Meet The Cryptoworm, The Future of Ransomware | Threatpost | The first stop for security news
https://threatpost.com/meet-the-cryptoworm-the-future-of-ransomware/117330/

Crypto ransomware targets called by name in spear-phishing blast | Ars Technica
http://arstechnica.com/security/2016/04/crypto-ransomware-targets-called...

Locky Ransomware Variant Changes C2, Spread Via Nuclear Exploit Kit | Threatpost | The first stop for security news
https://threatpost.com/locky-variant-changes-c2-communication-found-in-n...

Experts crack nasty ransomware that took crypto-extortion to new heights | Ars Technica
http://arstechnica.com/security/2016/04/experts-crack-nasty-ransomware-t...

Google Online Security Blog: Improvements to Safe Browsing Alerts for Network Administrators
https://security.googleblog.com/2016/04/improvements-to-safe-browsing-al...

Apple Bug Exposed Chat History With a Single Click
https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-...

FBI: $2.3 Billion Lost to CEO Email Scams - Krebs on Security
http://krebsonsecurity.com/2016/04/fbi-2-3-billion-lost-to-ceo-email-scams/

"This is the IRS regarding your tax filings" says trio of overseas robocallers | Ars Technica
http://arstechnica.com/information-technology/2016/04/three-overseas-fra...

Hack Brief: Turkey Breach Spills Info on More Than Half Its Citizens | WIRED
http://www.wired.com/2016/04/hack-brief-turkey-breach-spills-info-half-c...

Bug Bounty Guru Katie Moussouris Will Help Hackers and Companies Play Nice | WIRED
http://www.wired.com/2016/04/bug-bounty-guru-katie-moussouris-will-help-...

Researchers help shut down spam botnet that enslaved 4,000 Linux machines | Ars Technica
http://arstechnica.com/security/2016/04/researchers-help-shut-down-spam-...

Neutered random number generator let man rig million dollar lotteries | Ars Technica
http://arstechnica.com/security/2016/04/neutered-random-number-generator...

Nation-wide radio station hack airs hours of vulgar "furry sex" ramblings | Ars Technica
http://arstechnica.com/security/2016/04/nation-wide-radio-station-hack-a...

BREACH Revived to Steal Private Messages from Gmail, Facebook | Threatpost | The first stop for security news
https://threatpost.com/breach-attacks-revived-to-steal-private-messages-...

WhatsApp is now most widely used end-to-end crypto tool on the planet | Ars Technica
http://arstechnica.com/tech-policy/2016/04/whatsapp-is-now-most-widely-u...

Steam hacker says more vulnerabilities will be found, but not by him | Ars Technica
http://arstechnica.com/gaming/2016/04/steam-hacker-says-more-vulnerabili...

Sources: Trump Hotels Breached Again - Krebs on Security
http://krebsonsecurity.com/2016/04/sources-trump-hotels-breached-again/

New Threat Can Auto-Brick Apple Devices - Krebs on Security
http://krebsonsecurity.com/2016/04/new-threat-can-auto-brick-apple-devices/

centos7 - Recovering from a rm -rf / - Server Fault
https://serverfault.com/questions/769357/recovering-from-a-rm-rf

The 'Darth Vader' of Cyberwar Sold Services to Canada | VICE News
https://news.vice.com/article/the-darth-vader-of-cyberwar-sold-services-...

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: