Risky Business Podcast
September 22, 2016
Risky Business #428 -- Cross-platform Tor Browser pwnership with Ryan Duff
Presented by
CEO and Publisher
Technology Editor
On this week’s show we’ll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That’s a really, really interesting chat with Ryan Duff, coming up after the news.
This week’s show is brought to you by Hewlett Packard Enterprise Fortify! Of course HPE Fortify makes both static and dynamic analysis tools to help their customers weed out bugs in their software… but what are the relative strengths of static versus dynamic? Where should you use these tools? As this week’s sponsor guest Michael Farnum explains, the trend these days is to not only use both, but move them both as far to the left as possible in the development cycle. That’s this week’s sponsor interview, coming up a bit later.
Mark Piper is this week’s news guest.
Oh, and do add Patrick on Twitter if that’s your thing.
Brought to you by HP Enterprise Fortify
Find and fix security issues early with the most accurate results in the industry
Show notes
Snowden Slammed by House Committee Report | Threatpost | The first stop for security news
Researchers wirelessly hit the brakes in a Model S, Tesla patches quickly | Ars Technica
North Korea Has Just 28 Websites | Motherboard
How the FBI Could Have Hacked the San Bernardino Shooter’s iPhone | WIRED
SWIFT hopes to thwart fraudsters with detection system in wake of bank heist | Ars Technica
Hackers Hit ‘Some’ Cisco Customers With Leaked NSA Hacking Tools | Motherboard
Ransomware Getting More Targeted, Expensive — Krebs on Security
Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years — Krebs on Security
KrebsOnSecurity Hit With Record DDoS — Krebs on Security
DDoS Mitigation Firm Has History of Hijacks — Krebs on Security
Someone Is Putting Malicious USB Sticks in Australian Mailboxes | Motherboard
The Cryptographic Key That Secures the Web Is Being Changed for the First Time | Motherboard
Undercover FBI Agent Busts Alleged Explosives Buyer on the Dark Web | Motherboard
Florida Man Found Guilty of Running Child Porn Site ‘Playpen’ | Motherboard
Alibaba fires employees for hacking their way to free mooncakes | Ars Technica
Teenager uncovers route to free Web surfing on T-Mobile network | Ars Technica
Bug that hit Firefox and Tor browsers was hard to spot—now we know why | Ars Technica
Mozilla plans Firefox fix for same malware vulnerability that bit Tor [updated] | Ars Technica