Risky Business #434 -- Mirai v2 is coming, Shadowbrokers latest and more

PLUS Special Guest Rob Graham on Trump's "covert email server"...
03 Nov 2016 » Risky Business

On this week’s show we chat with Errata Security’s Robert Graham about a ridiculous non-story that had readers in the USA convinced that Slate magazine had uncovered a covert communication channel between Donald Trump and a state-linked Russian bank. The basis of this jaw-dropping conclusion? Cherry-picked DNS query logs. We’ll find out why that story was total, utter bullshit in this week’s feature.

In this week’s sponsor interview we’re chatting with the former CEO and CTOs of Flawcheck, a company that made vulnerability scanning tools for Docker containers. Flawcheck has been acquired by this week’s sponsor, Tenable Network Security, and it’s a really handy thing to use if your company makes use of Docker. You can actually register for a free trial of Flawcheck here. We’ll find out why you need specialist kit to do container scanning.

Adam Boileau is this week’s news guest. Links to everything are in this week’s show notes.

Oh, and do add Patrick and Adam on Twitter if that’s your thing.

Show notes

Wannabe Hackers Are Adding ‘Terrible’ and ‘Stupid’ Features to Mirai | Motherboard
Researchers expose Mirai vuln that could be used to hack back against botnet • The Register
Dyn DDoS Could Have Topped 1 Tbps | Threatpost | The first stop for security news
Hackforums Shutters Booter Service Bazaar — Krebs on Security
New, more-powerful IoT botnet infects 3,500 devices in 5 days | Ars Technica
NSA Hackers The Shadow Brokers Dump More Files | Motherboard
You Can Legally Hack Your Own Car, Pacemaker, or Smartphone Now | WIRED
Some hacked e-mails, documents from Putin advisor confirmed as genuine | Ars Technica
UK government vows to sink $2.3 billion into new cybersecurity plan | Ars Technica
Computer Virus Cripples UK Hospital System — Krebs on Security
Bypassing Two-Factor Authentication on OWA & Office365 Portals – Black Hills Information Security
Google teaches “AIs” to invent their own crypto and avoid eavesdropping | Ars Technica
Weakness of 2G mobile phone networks revealed - A*STAR Research
Sundown Exploit Kit 'Larger Threat Than People Realize' | Threatpost | The first stop for security news
36-year-old Pennsylvania man gets 18 months for phishing nude celebrity pics | Ars Technica
Google to Distrust WoSign, StartCom Certs in 2017 | Threatpost | The first stop for security news
Google Security Engineer Claims Android Is Now As Secure as the iPhone | Motherboard
Trick or Treat! Google issues warning of critical Windows vulnerability in wild | Ars Technica
Windows zero-day exploited by same group behind DNC hack | Ars Technica
Google discloses Windows zero-day, Microsoft argues disclosure ethics | CSO Online
Critical MySQL Vulnerabilities Can Lead to Server Compromise | Threatpost | The first stop for security news
Was a server registered to the Trump Organization communicating with Russia’s Alfa Bank?
Tenable Acquires FlawCheck | Tenable Network Security