Risky Business #430 -- LulzSec's Tflow talks NSA exploits, justice and remorse

Mustafa Al-Bassam joins Risky Business...
06 Oct 2016 » Risky Business

On this week’s show we are catching up with Mustafa Al-Bassam. He’s a lovely young chap from England who was once upon a time one of the LulzSec crew. Like all the other guys in that crew he got busted, but he didn’t spend any time in prison and these days he is doing really well. He has finished his undergrad, works with some blockchain technology and is about to start a PhD. He joins us this week to talk about his in depth analysis of the Shadowbrokers dump, as well as to reflect on his crimes. As you’ll hear, he has some regrets.

This week’s show is brought to you by Bromium! And last week you might have caught an announcement that Microsoft has moved virtualisation based security up into the app stack. The Edge browser is getting thrown into a micro VM in certain circumstances. Of course Microsoft worked with Bromium on all this stuff, so Bromium CTO, Simon Crosby will be along to talk about what Microsoft has actually done here. Bromium, of course, makes fully featured micro VM security software in addition to helping Microsoft improve windows, so that chat is interesting stuff and it’s coming up after this week’s feature.

Adam Boileau is this week’s news guest.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

Show notes

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources | Reuters
Yahoo scan by U.S. fell under foreign spy law expiring next year: sources | Reuters
Yahoo Was Ordered to Search Email for Digital 'Signature,' Source Says - The New York Times
Yahoo Slams Email Surveillance Story: Experts Demand Details | Threatpost | The first stop for security news
How Did the Feds Get Past Yahoo’s Encryption? Yahoo! | WIRED
Yahoo Challenged on Claims Breach Was State-Sponsored Attack | Threatpost | The first stop for security news
Facebook Finishes Its 'Secret Conversations' Encryption Rollout to Messenger Users | WIRED
Subpoena for Signal Messaging Data Renders Little | Threatpost | The first stop for security news
Guccifer 2.0 posts DCCC docs, says they’re from Clinton Foundation | Ars Technica
'Guccifer 2.0' Is Bullshitting Us About His Alleged Clinton Foundation Hack | Motherboard
Feds charge NSA contractor with taking top secret documents | WIRED
Source Code for IoT Botnet ‘Mirai’ Released — Krebs on Security
Who Makes the IoT Things Under Attack? — Krebs on Security
How hard is it to hack the average DVR? Sadly, not hard at all | Ars Technica
Backdoored D-Link Router Should be Trashed, Researcher Says | Threatpost | The first stop for security news
Researchers Show How to 'Steal' AI from Amazon's Machine Learning Service | WIRED
Academics Put Another Dent in Online Anonymity | Threatpost | The first stop for security news
Emergency Alert Texts Get Upgrade From FCC | WIRED
iPhone exploit bounty surges to an eye-popping $1.5 million | Ars Technica
More than 400 malicious apps infiltrate Google Play | Ars Technica
Apple To Block WoSign Intermediate Certificates | Threatpost | The first stop for security news
Researchers Break MarsJoke Ransomware Encryption | Threatpost | The first stop for security news
Hackers Hit Buzzfeed, Claim to Have Database | Motherboard
Security company finds five “zero-day” flaws in EMC management console | Ars Technica
Buy One Get One Discount: O'Reilly Security Conference, October 30 - November 2, 2016, New York, NY