Risky Business #416 -- Post holiday carnage edition

DNC hack, Ethereum lulz, Dan Guido and MOAR...
01 Jul 2016 » Risky Business

On this week's show we'll be catching up on the news of the last few weeks with Adam Boileau, then it's straight into the sponsor segment.

And we're really lucky this week to have Dan Guido joining us from the sponsor's chair. Dan is a semi regular feature guest on Risky Business. He is of course the head honcho over at Trail of Bits, a very interesting security problem solving organisation. He'll be along to talk about some developer tools they've just open sourced for iOS, to preview DARPA's Cyber Grand challenge final at DEFCON and to discuss an investment hack/secure has made into a company building serious host based protection agents out of osquery, the endpoint visibility tool created by Facebook.

One of Trail of Bits current gigs is actually developing osquery for Facebook, and Dan is pretty excited about it. Find out why after the news...

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

If you only read one item from this week's notes, make it this excellent write up from Matt Levine on the DAO fiasco:
http://www.bloomberg.com/view/articles/2016-06-17/blockchain-company-s-s...

Hackers invade Dems' servers, steal entire Trump opposition file | Ars Technica
http://arstechnica.com/security/2016/06/hackers-invade-dems-servers-stea...

"Guccifer" leak of DNC Trump research has a Russian's fingerprints on it | Ars Technica
http://arstechnica.com/security/2016/06/guccifer-leak-of-dnc-trump-resea...

A Chaotic Whodunnit Follows the DNC's Trump Research Hack | WIRED
https://www.wired.com/2016/06/chaotic-whodunnit-follows-dncs-trump-resea...

Hack Brief: Russia's Breach of the DNC Is About More Than Trump's Dirt | WIRED
https://www.wired.com/2016/06/hack-brief-russias-breach-dnc-trumps-dirt/

EXCLUSIVE: Brexit '2nd Referendum Petition' A 4 Chan Prank: BBC Report It As Real | Heat Street
https://heatst.com/uk/exclusive-brexit-2nd-referendum-petition-a-4-chan-...

Bitcoin rival Ethereum fights for its survival after $50 million heist | Ars Technica
http://arstechnica.com/security/2016/06/bitcoin-rival-ethereum-fights-fo...

Anti-Surveillance Measure Quashed: Orlando Massacre Cited as Reason | Threatpost | The first stop for security news
https://threatpost.com/anti-surveillance-measure-quashed-orlando-massacr...

Senate Narrowly Rejects Controversial FBI Surveillance Expansion-For Now
https://theintercept.com/2016/06/22/senate-narrowly-rejects-controversia...

Bangladesh unlikely to extend FireEye contract for heist probe | Reuters
http://www.reuters.com/article/us-cyber-heist-bangladesh-idUSKCN0Z81U6

Ukrainian bank cyber-heist: Hackers take off with $10m
http://www.ibtimes.co.uk/ukrainian-bank-cyber-heist-hackers-compromise-s...

Authorities Arrest an IT Worker From the Panama Papers Law Firm | WIRED
https://www.wired.com/2016/06/worker-panama-papers-law-firm-arrested/

800-pound Comodo tries to trademark upstart rival's "Let's Encrypt" name | Ars Technica
http://arstechnica.com/tech-policy/2016/06/800-pound-comodo-tries-to-tra...

IRS Re-Enables 'Get Transcript' Feature - Krebs on Security
http://krebsonsecurity.com/2016/06/irs-re-enables-get-transcript-feature/

Rise of Darknet Stokes Fear of The Insider - Krebs on Security
http://krebsonsecurity.com/2016/06/rise-of-darknet-stokes-fear-of-the-in...

Citing Attack, GoToMyPC Resets All Passwords - Krebs on Security
http://krebsonsecurity.com/2016/06/citing-attack-gotomypc-resets-all-pas...

Thousands of Hacked Government and Corporate Servers Selling for $6 on Black Market | WIRED
https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/

655,000 Healthcare Records Being Sold on Dark Web | Threatpost | The first stop for security news
https://threatpost.com/655000-healthcare-records-being-sold-on-dark-web/...

Large botnet of CCTV devices knock the snot out of jewelry website | Ars Technica
http://arstechnica.com/security/2016/06/large-botnet-of-cctv-devices-kno...

Report: FBI Doing Poor Job Securing 411 Million Facial Recognition Photos | Threatpost | The first stop for security news
https://threatpost.com/report-fbi-doing-poor-job-securing-411-million-fa...

iOS 10 beta still encrypts user data, but not the kernel | Ars Technica
http://arstechnica.com/apple/2016/06/ios-10-beta-still-encrypts-user-dat...

"Godless" apps, some found in Google Play, can root 90% of Android phones | Ars Technica
http://arstechnica.com/security/2016/06/godless-apps-some-found-in-googl...

$90K Windows Zero Day Gets a Price Cut | Threatpost | The first stop for security news
https://threatpost.com/90k-windows-zero-day-gets-a-price-cut/118594/

Patched BadTunnel Windows Bug Has 'Extensive' Impact | Threatpost | The first stop for security news
https://threatpost.com/patched-badtunnel-windows-bug-has-extensive-impac...

High-severity bugs in 25 Symantec/Norton products imperil millions | Ars Technica
http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wor...

Apple Patches AirPort Remote Code Execution Flaw | Threatpost | The first stop for security news
https://threatpost.com/apple-patches-airport-remote-code-execution-flaw/...

A Bug in Chrome Makes It Easy to Pirate Movies | WIRED
https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies/

7 Ways the Cops Will Bust You on the Dark Web | Motherboard
http://motherboard.vice.com/read/7-ways-the-cops-will-bust-you-on-the-da...

Trail of bits stuff, including links to new open source dev tools:
----------------------------------------------------------------------------

Trail of Bits | Home
https://www.trailofbits.com/

Trail of Bits | Products
https://www.trailofbits.com/products/#mast

Tidas \xb7 GitHub
https://github.com/tidas

GitHub - trailofbits/SecureEnclaveCrypto: Crypto with the Secure Enclave
https://github.com/trailofbits/SecureEnclaveCrypto