On this week’s show we check in with Matt Tait, who’s probably better known by his Twitter handle: pwnallthethings. And we’ll be talking about the politicisation of infosec and the science of attribution.
This week’s show is brought to you by Bugcrowd. Bugcrowd’s CEO and co-founder Casey Ellis will be along in this week’s sponsor interview to talk about his adventures running a MongoDB honeypot. Bugcrowd are pretty interested in talking about all those poor MongoDBs getting hosed because, well, if you’ve got a bug bounty program running, open DBs are the sorts of things that tend to get reported.
As you’ll hear in that interview, the attackers who made some fast cash taking control of MongoDBs are now going after other stuff – elasticsearch, Hadoop.
Adam Boileau, as always, joins the show to discuss the week’s security news, and our good buddy Jake Davis is back for another edition of Story Corner.
Links to everything are in this week’s show notes.
- Coalition of Cryptographers, Researchers Urge Guardian to Retract WhatsApp Story | Threatpost | The first stop for security news
- AG Nominee Backs Law Enforcement's Ability to 'Overcome' Encryption | Threatpost | The first stop for security news
- Who is Anna-Senpai, the Mirai Worm Author? — Krebs on Security
- Widely used WebEx plugin for Chrome will execute attack code—patch now! | Ars Technica
- 1096 - Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution - project-zero - Monorail
- Already on probation, Symantec issues more illegit HTTPS certificates | Ars Technica
- Newly discovered Mac malware found in the wild also works well on Linux | Ars Technica
- Secure Email Service Lavabit Relaunches | Threatpost | The first stop for security news
- Tor Found a Way To Make the Dark Web Even More Secret | WIRED
- Scammers Say They Got Uber to Pay Them With Fake Rides and Drivers | Motherboard
- Virulent Android malware returns, gets >2 million downloads on Google Play | Ars Technica
- Hacker Says He Attempted to Extort UK Bank Lloyds With DDoS | Motherboard
- The US Postal Service Wants to Hunt Down Dark Web Criminals | Motherboard
- Learning Securely | November 2016 | Communications of the ACM
- Hackers Hack Hacking Forum As Soon As It's Launched | Motherboard
- This Popular Anime Selfies App Is ‘Crapware’ That Collects Private Data | Motherboard
- It’s shockingly easy to hijack a Samsung SmartCam camera | Ars Technica
- We reverse engineered 16k apps, here’s what we found
- ISC Software Defect and Security Vulnerability Disclosure Policy | Internet Systems Consortium Knowledge Base
- Heartbleed Persists on 200,000 Servers, Devices | Threatpost | The first stop for security news
- Pwn All The Things (@pwnallthethings) | Twitter