Risky Business Podcast

January 25, 2017

Risky Business #440 -- Matt "PwnAllTheThings" Tait on the politicisation of infosec

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we check in with Matt Tait, who’s probably better known by his Twitter handle: pwnallthethings. And we’ll be talking about the politicisation of infosec and the science of attribution.

This week’s show is brought to you by Bugcrowd. Bugcrowd’s CEO and co-founder Casey Ellis will be along in this week’s sponsor interview to talk about his adventures running a MongoDB honeypot. Bugcrowd are pretty interested in talking about all those poor MongoDBs getting hosed because, well, if you’ve got a bug bounty program running, open DBs are the sorts of things that tend to get reported.

As you’ll hear in that interview, the attackers who made some fast cash taking control of MongoDBs are now going after other stuff – elasticsearch, Hadoop.

Adam Boileau, as always, joins the show to discuss the week’s security news, and our good buddy Jake Davis is back for another edition of Story Corner.

Links to everything are in this week’s show notes.

Oh, and do add Patrick, Jake or Adam on Twitter if that’s your thing.

Risky Business #440 -- Matt "PwnAllTheThings" Tait on the politicisation of infosec
0:00 / 0:00

Show notes

Coalition of Cryptographers, Researchers Urge Guardian to Retract WhatsApp Story | Threatpost | The first stop for security news

AG Nominee Backs Law Enforcement's Ability to 'Overcome' Encryption | Threatpost | The first stop for security news

Who is Anna-Senpai, the Mirai Worm Author? — Krebs on Security

Widely used WebEx plugin for Chrome will execute attack code—patch now! | Ars Technica

1096 - Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution - project-zero - Monorail

Already on probation, Symantec issues more illegit HTTPS certificates | Ars Technica

Newly discovered Mac malware found in the wild also works well on Linux | Ars Technica

Secure Email Service Lavabit Relaunches | Threatpost | The first stop for security news

Tor Found a Way To Make the Dark Web Even More Secret | WIRED

Scammers Say They Got Uber to Pay Them With Fake Rides and Drivers | Motherboard

Virulent Android malware returns, gets >2 million downloads on Google Play | Ars Technica

Hacker Says He Attempted to Extort UK Bank Lloyds With DDoS | Motherboard

The US Postal Service Wants to Hunt Down Dark Web Criminals | Motherboard

Learning Securely | November 2016 | Communications of the ACM

Hackers Hack Hacking Forum As Soon As It's Launched | Motherboard

This Popular Anime Selfies App Is ‘Crapware’ That Collects Private Data | Motherboard

It’s shockingly easy to hijack a Samsung SmartCam camera | Ars Technica

We reverse engineered 16k apps, here’s what we found

ISC Software Defect and Security Vulnerability Disclosure Policy | Internet Systems Consortium Knowledge Base

Heartbleed Persists on 200,000 Servers, Devices | Threatpost | The first stop for security news

Pwn All The Things (@pwnallthethings) | Twitter