Risky Business #440 -- Matt "PwnAllTheThings" Tait on the politicisation of infosec

PLUS All the latest news and Story Corner with Jake Davis...
25 Jan 2017 » Risky Business

On this week’s show we check in with Matt Tait, who’s probably better known by his Twitter handle: pwnallthethings. And we’ll be talking about the politicisation of infosec and the science of attribution.

This week’s show is brought to you by Bugcrowd. Bugcrowd’s CEO and co-founder Casey Ellis will be along in this week’s sponsor interview to talk about his adventures running a MongoDB honeypot. Bugcrowd are pretty interested in talking about all those poor MongoDBs getting hosed because, well, if you’ve got a bug bounty program running, open DBs are the sorts of things that tend to get reported.

As you’ll hear in that interview, the attackers who made some fast cash taking control of MongoDBs are now going after other stuff – elasticsearch, Hadoop.

Adam Boileau, as always, joins the show to discuss the week’s security news, and our good buddy Jake Davis is back for another edition of Story Corner.

Links to everything are in this week’s show notes.

Oh, and do add Patrick, Jake or Adam on Twitter if that’s your thing.

Show notes

Coalition of Cryptographers, Researchers Urge Guardian to Retract WhatsApp Story | Threatpost | The first stop for security news
AG Nominee Backs Law Enforcement's Ability to 'Overcome' Encryption | Threatpost | The first stop for security news
Who is Anna-Senpai, the Mirai Worm Author? — Krebs on Security
Widely used WebEx plugin for Chrome will execute attack code—patch now! | Ars Technica
1096 - Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution - project-zero - Monorail
Already on probation, Symantec issues more illegit HTTPS certificates | Ars Technica
Newly discovered Mac malware found in the wild also works well on Linux | Ars Technica
Secure Email Service Lavabit Relaunches | Threatpost | The first stop for security news
Tor Found a Way To Make the Dark Web Even More Secret | WIRED
Scammers Say They Got Uber to Pay Them With Fake Rides and Drivers | Motherboard
Virulent Android malware returns, gets >2 million downloads on Google Play | Ars Technica
Hacker Says He Attempted to Extort UK Bank Lloyds With DDoS | Motherboard
The US Postal Service Wants to Hunt Down Dark Web Criminals | Motherboard
Learning Securely | November 2016 | Communications of the ACM
Hackers Hack Hacking Forum As Soon As It's Launched | Motherboard
This Popular Anime Selfies App Is ‘Crapware’ That Collects Private Data | Motherboard
It’s shockingly easy to hijack a Samsung SmartCam camera | Ars Technica
We reverse engineered 16k apps, here’s what we found
ISC Software Defect and Security Vulnerability Disclosure Policy | Internet Systems Consortium Knowledge Base
Heartbleed Persists on 200,000 Servers, Devices | Threatpost | The first stop for security news
Pwn All The Things (@pwnallthethings) | Twitter