On this week’s show we’ll be chatting with security researcher Ryan Duff about the rabbit hole that is the Tor Browser Bundle certificate pinning bug. The bug itself is interesting, but the questions it raises about how suitable Tor is for genuinely critical use are, you know, substantial. That’s a really, really interesting chat with Ryan Duff, coming up after the news.
This week’s show is brought to you by Hewlett Packard Enterprise Fortify! Of course HPE Fortify makes both static and dynamic analysis tools to help their customers weed out bugs in their software… but what are the relative strengths of static versus dynamic? Where should you use these tools? As this week’s sponsor guest Michael Farnum explains, the trend these days is to not only use both, but move them both as far to the left as possible in the development cycle. That’s this week’s sponsor interview, coming up a bit later.
Mark Piper is this week’s news guest.
Oh, and do add Patrick on Twitter if that’s your thing.
- Snowden Slammed by House Committee Report | Threatpost | The first stop for security news
- Researchers wirelessly hit the brakes in a Model S, Tesla patches quickly | Ars Technica
- North Korea Has Just 28 Websites | Motherboard
- How the FBI Could Have Hacked the San Bernardino Shooter’s iPhone | WIRED
- SWIFT hopes to thwart fraudsters with detection system in wake of bank heist | Ars Technica
- Hackers Hit ‘Some’ Cisco Customers With Leaked NSA Hacking Tools | Motherboard
- Ransomware Getting More Targeted, Expensive — Krebs on Security
- Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years — Krebs on Security
- KrebsOnSecurity Hit With Record DDoS — Krebs on Security
- DDoS Mitigation Firm Has History of Hijacks — Krebs on Security
- Someone Is Putting Malicious USB Sticks in Australian Mailboxes | Motherboard
- The Cryptographic Key That Secures the Web Is Being Changed for the First Time | Motherboard
- Undercover FBI Agent Busts Alleged Explosives Buyer on the Dark Web | Motherboard
- Florida Man Found Guilty of Running Child Porn Site ‘Playpen’ | Motherboard
- Alibaba fires employees for hacking their way to free mooncakes | Ars Technica
- Teenager uncovers route to free Web surfing on T-Mobile network | Ars Technica
- Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K | Threatpost | The first stop for security news
- Bugs in Signal Messaging App Corrupt Attachments, Crash App | Threatpost | The first stop for security news
- Bug that hit Firefox and Tor browsers was hard to spot—now we know why | Ars Technica
- Mozilla plans Firefox fix for same malware vulnerability that bit Tor [updated] | Ars Technica