Risky Business #410 -- Mainframe security: Too big to fail?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with Chad Rikansrud about mainframe security. Yes, they're old school, but there are many, many reasons why large organisations still use these hunks of big iron. And as you'll hear, because they're so important to the companies they basically run, management can get a bit twitchy when you want to do crazy stuff to them, like, you know, pentest them. We'll find out what mainframe security issues look like with Chad Rikansrud, after this week's news.

In this week's sponsor interview we're chatting with Jack Daniel about this year's Data Breach Investigation Report. If I'm being honest, and with total respect to Verizon's RISK team, this year's report was a little dull and contained some really bizarre numbers regarding vulnerability exploitation. We'll get Jack's thoughts on that in this week's sponsor interview.

As (mostly) always, Adam Boileau joins the show to discuss this week's news. Also the not news. About certain people not being the creators of certain cryptocurrencies.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Craig Wright is not Satoshi Nakamoto - New Web Order
https://www.nikcub.com/posts/craig-wright-is-not-satoshi-nakamoto/

Extraordinary Claims Require Extraordinary Proof - Dr. Craig Wright BlogDr. Craig Wright Blog
http://www.drcraigwright.net/extraordinary-claims-require-extraordinary-...

I am Craig Wright, inventor of Craig Wright \u2022 The Register
http://www.theregister.co.uk/2016/05/03/bitcoin_craig_wright/

ImageMagick Security Issue - ImageMagick
https://www.imagemagick.org/discourse-server/viewtopic.php?t=29588

Public Exploits Available for ImageMagick Vulnerabilities | Threatpost | The first stop for security news
https://threatpost.com/public-exploits-available-for-imagemagick-vulnera...

Bipartisan Committee Leaders Seek Briefings from Communications Providers on Vulnerabilities of SS7 | Energy and Commerce Committee
https://energycommerce.house.gov/news-center/press-releases/bipartisan-c...

So \u2026 Now the Government Wants to Hack Cybercrime Victims | WIRED
https://www.wired.com/2016/05/now-government-wants-hack-cybercrime-victims/

Tuesday 10 May: Lauri Love ruling may create dangerous new police powers | Courage Love
https://freelauri.com/2016/04/28/tuesday-10-may-lauri-love-ruling-may-cr...

Eurocops get new cyber powers to hunt down terrorists, criminals | Ars Technica
http://arstechnica.com/tech-policy/2016/05/eurocops-get-new-cyber-powers...

Brazilian Judge Overturns 72-Hour WhatsApp Suspension | Threatpost | The first stop for security news
https://threatpost.com/brazilian-judge-overturns-72-hour-whatsapp-suspen...

Privacy Activists Cheer Passage of Email Privacy Act, Brace for Senate Battle | Threatpost | The first stop for security news
https://threatpost.com/privacy-activists-cheer-passage-of-email-privacy-...

Please Don't Pay Ransoms, FBI Urges - DataBreachToday
http://www.databreachtoday.com/blogs/please-dont-pay-ransoms-fbi-urges-p...

Hacking Slack accounts: As easy as searching GitHub | Ars Technica
http://arstechnica.com/security/2016/04/hacking-slack-accounts-as-easy-a...

Rainbow Six: Siege reportedly reveals your IP address to potential attackers | Ars Technica
http://arstechnica.com/gaming/2016/04/rainbow-six-siege-reportedly-revea...

Fraudsters Steal Tax, Salary Data From ADP - Krebs on Security
http://krebsonsecurity.com/2016/05/fraudsters-steal-tax-salary-data-from...

How the Pwnedlist Got Pwned - Krebs on Security
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/

A Dramatic Rise in ATM Skimming Attacks - Krebs on Security
http://krebsonsecurity.com/2016/04/a-dramatic-rise-in-atm-skimming-attacks/

Dental Assn Mails Malware to Members - Krebs on Security
http://krebsonsecurity.com/2016/04/dental-assn-mails-malware-to-members/

10-Year-Old Hacks Instagram; Wins $10K From Facebook - Forbes
http://www.forbes.com/sites/thomasbrewster/2016/05/03/facebook-10-year-o...

Unskilled Pro-ISIS Hackers A Growing Threat | Threatpost | The first stop for security news
https://threatpost.com/unskilled-pro-isis-hackers-a-growing-threat/117726/

Q1 Summary from Chrome Security - Google Groups
https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/2e-bkPdHvfE

Scourge of Android Overlay Malware on Rise | Threatpost | The first stop for security news
https://threatpost.com/scourge-of-android-overlay-malware-on-rise/117720/

Google Patches More Trouble in Mediaserver | Threatpost | The first stop for security news
https://threatpost.com/google-patches-more-trouble-in-mediaserver/117758/

Office 365 Vulnerability Exposed Any Federated Account | Threatpost | The first stop for security news
https://threatpost.com/office-365-vulnerability-exposed-any-federated-ac...

Microsoft Expands Bug Bounty Program, Preps Windows Server 2016 for Final Release | Threatpost | The first stop for security news
https://threatpost.com/nano-server-added-to-microsoft-bug-bounty-program...

Linux Foundation Badge Program Boost Open Source Security | Threatpost | The first stop for security news
https://threatpost.com/linux-foundation-badge-program-to-boost-open-sour...

Aging and bloated OpenSSL is purged of 2 high-severity bugs | Ars Technica
http://arstechnica.com/security/2016/05/aging-and-bloated-openssl-is-pur...

Commercial software chokkas with ancient brutal open source vulns \u2022 The Register
http://www.theregister.co.uk/2016/05/04/commercial_software_chokkas_with...

NIST readies 'post-quantum' crypto competition \u2022 The Register
http://www.theregister.co.uk/2016/05/04/nist_readies_postquantum_crypto_...

Flaws in Samsung's 'Smart' Home Let Hackers Unlock Doors and Set Off Fire Alarms | WIRED
https://www.wired.com/2016/05/flaws-samsungs-smart-home-let-hackers-unlo...

Defence bankrolls Oz Govt's infosec threat sharing strategy \u2022 The Register
http://www.theregister.co.uk/2016/05/04/defence_bankrolls_oz_govts_infos...

Wi-Fi network named 'mobile detonation device' grounds plane \u2022 The Register
http://www.theregister.co.uk/2016/05/03/wifi_hotspot_named_mobile_detona...

A Note on the Verizon DBIR 2016 Vulnerabilities Claims | OSVDB
https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulner...

Collaborative Data Science - Inside the 2016 Verizon DBIR Vulnerability Section. - Kenna Blog
http://blog.kennasecurity.com/2016/05/collaborative-data-science-inside-...

Risky Business #410 -- Mainframe security: Too big to fail?
0:00 / 0:00