Risky Business #426 -- House Oversight Committee drops OPM breach report PLUS St Jude sues MedSec

Mark Piper joins Risky Business with the week's security news...
08 Sep 2016 » Risky Business

In this week’s feature interview we chat with Stephen Ridley about all things IoT. Stephen is a researcher turned entrepreneur and he’ll be along to talk about the platform consolidation we’re going to see when it comes to “things”. Once that settles, he argues, we’ll get a better idea of the security risks we should really, actually be worried about. In this week’s sponsor interview we’re chatting with Simon Galbally at Senetas.

Senetas, of course, makes high assurance network encryptors and Simon joins us this week to talk about where certification schemes might be headed. Did you know there are no sunset clauses on many of the certification schemes out there? So yeah, you can be using a FIPS certified box that’s riddled with known bugs and yep, it’s still certified. Certifications could start moving towards more continuous models.

Insomnia Security’s Mark Piper is this week’s news guest.

Oh, and do add Patrick on Twitter if that’s your thing.

Show notes

St Jude Medical - St. Jude Medical Brings Legal Action Against Muddy Waters and MedSec
Surprise! House Oversight report blames OPM leadership for breach of records | Ars Technica
OPM Hackers Used Marvel Superhero Nicknames to Hide Their Tracks | Motherboard
Feds pin brazen kernel.org intrusion on 27-year-old programmer | Ars Technica
Activists to FBI: Show Us Your Warrant for Mass Hack of TorMail Users | Motherboard
FBI Denies Making Dark Web Child Porn Site Run Faster | Motherboard
Dark Web Market Bans Synthetic Opioid Fentanyl After Recent Deaths | Motherboard
Porn Sites Feel Exposed by Flash, Get It on With HTML5 | Motherboard
Nearly 800,000 Brazzers Porn Site Accounts Exposed in Forum Hack | Motherboard
Over 40 million usernames, passwords from 2012 breach of Last.fm surface | Ars Technica
After Breaches At Other Services, Spotify Is Resetting Users' Passwords | Motherboard
More passwords, please: 98 million leaked from 2012 breach of “Russia’s Yahoo” | Ars Technica
Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops • The Register
L0phtCrack's back! Crack hack app whacks Windows 10 trash hashes • The Register
So much for counter-phishing training: Half of people click anything sent to them | Ars Technica
George W Bush hacker Guccifer to spend 52 months in the big house • The Register
Golden State Warriors Android app constantly listens to nearby audio, fan says [Updated] | Ars Technica
OpenOffice, after years of neglect, could shut down | Ars Technica
Number of Devices Sharing Private Crypto Keys Up Sharply | Threatpost | The first stop for security news
Data Stealing Mac OS X Backdoor Uncovered | Threatpost | The first stop for security news
Google Shuts Down Potentially Massive Android Bug | Threatpost | The first stop for security news
New OS X security updates patch same zero-days as iOS 9.3.5 | Ars Technica
Critical Flaws Found in Network Management Systems | Threatpost | The first stop for security news
Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs | Threatpost | The first stop for security news
Hello, Fortinet? Could you patch these vulns please? • The Register
Google’s Clever Plan to Stop Aspiring ISIS Recruits | WIRED
Jaggi paper highlights benefits of high-assurance encryption