Risky Business #425 -- MedSec CEO Justine Bone on the Muddy Waters short

It's a... different... path to disclosing bugs, that's for sure...
01 Sep 2016 » Risky Business

On this week's show we've landed what looks to be a fairly exclusive interview -- at least as far as the tech press is concerned. Justine Bone will be joining us to explain why the company she works with, MedSec, decided to use vulnerability information on implantable medical devices to drive a short-selling scheme in partnership with Muddy Waters.

This week's show is sponsored by Tenable Network Security. We're doing something a bit different in this week's sponsor interview -- we're chatting with one of Tenable's customers, City of San Diego CISO Gary Hayslip.

They've just invested heavily in Nessus, among other things. Gary drops by to explain what he's been doing since he took the CISO position a few years ago. If you're a CISO it's actually a pretty interesting interview. That team has to deal with everything from embedded devices in cop cars to control systems to its very own POS network. Hey, citizens have to pay for government services somehow, right?

Trail of Bits head honcho Dan Guido is this week's news guest.

Oh, and do add Patrick and Dan on Twitter if that's your thing.

Show notes

Trading in stock of medical device paused after hackers team with short seller | Ars Technica
The 'Million Dollar Dissident' Is a Magnet for Government Spyware | Motherboard
British Companies Are Selling Advanced Spy Tech to Authoritarian Regimes | Motherboard
Exclusive: SWIFT discloses more cyber thefts, pressures banks on security | Reuters
Officials blame "sophisticated" Russian hackers for voter system attacks | Ars Technica
After Illinois hack, FBI warns of more attacks on state election board systems | Ars Technica
Voter Records Get Hacked a Lot, And You Can Just Buy Them Anyway | Motherboard
Military submarine maker springs leak after "hack'd" -- India, Oz hit dive alarm | Ars Technica
Congressman to FCC: Fix phone network flaw that allows eavesdropping | Ars Technica
France, Germany Call for European Decryption Law | Threatpost | The first stop for security news
Hackers Stole Account Details for Over 60 Million Dropbox Users | Motherboard
Ransomware Targets UK Hospitals, But NHS Won't Pay Up | Motherboard
Tens of Thousands of Infowars Accounts Hacked | Motherboard
1.7 Million Opera Browser Users Told To Reset Passwords | Threatpost | The first stop for security news
Hacker who stole 2.9 million credit card numbers is Russian lawmaker's son | Ars Technica
Hackers attack site of Ghostbusters star Leslie Jones, post racist abuse | Ars Technica
Lurk Criminal Gang Also Behind Angler Exploit Kit | Threatpost | The first stop for security news
Keystroke Recognition Uses Wi-Fi Signals To Snoop | Threatpost | The first stop for security news
Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?) | WIRED
HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica
Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica
RIPPER ATM Malware Uses Malicious EMV Chip | Threatpost | The first stop for security news
BASHLITE Family Of Malware Infects 1 Million IoT Devices | Threatpost | The first stop for security news
Leaked ShadowBrokers Attack Upgraded to Target Current Versions of Cisco ASA | Threatpost | The first stop for security news
HostSailor Threatens to Sue KrebsOnSecurity - Krebs on Security
Whoops! Hotel Left Thousand of Customers' Credit Cards Online For All To See | Motherboard
Muddy Waters is Short St. Jude Medical, Inc. (STJ:US)