On this week’s show we’ll be chatting with information security’s enfant terrible Nathaniel Wakelam about some recon tricks he’s been using in bug bounty programs. He uses some nice tricks to rapidly identify ephemeral resources that often result in some spectacular hacks, like, say, being able to download all of REDACTED’s source code. That one was cool because it was a temporary resource that got popped – that’s something you have to watch these days.
This week’s show is brought to you by Cylance! Cylance makes machine learning-based AV software that by all reports works really well. Cylance CTO and co-founder Ryan Permeh is this week’s feature guest and we’re talking about something that we touched on last week – gaming machine learning. Does Cylance worry that a determined attacker will be able to gradually input bad data into Cylance’s learning set and game the whole system? Well, no, they’re not worried about it, but it’s definitely something they pay attention to. That’s really interesting stuff and it’s coming up after this week’s feature interview.
Adam Boileau, as always, pops in for this week’s news.
Links to everything are in this week’s show notes.
- Reports: Arrested Russian intel officer allegedly spied for U.S.
- A Shakeup in Russia’s Top Cybercrime Unit — Krebs on Security
- Russians Charged With Treason Worked in Office Linked to Election Hacking - The New York Times
- Kaspersky Lab’s top investigator reportedly arrested in treason probe | Ars Technica
- Kevin Rothrock on Twitter: "Bombshell scoop by Rosbalt: @b0ltai2′s leader was allegedly arrested last October, and he’s the one who ratted out the two FSB agents."
- Арестованных офицеров ФСБ обвинили в сотрудничестве с ЦРУ — Meduza
- Agenti FBI míří do Prahy vyslechnout ruského hackera Nikulina — ČT24 — Česká televize
- President Trump is still using his “old, unsecured Android phone” | Ars Technica
- Detenido el presunto autor del ‘hackeo’ de los datos de 5.500 ‘mossos’ | Cataluña | EL PAÍS
- Notorious Hacker Phineas Fisher: I'm Alive and Well | Motherboard
- Site that sold access to 3.1 billion passwords vanishes after reported raid | Ars Technica
- Hotel ransomed by hackers as guests locked out of rooms - The Local
- DC police surveillance cameras were infected with ransomware before inauguration | Ars Technica
- Now there’s a better way to prevent Facebook account takeovers | Ars Technica
- Forgotten passwords are bane of the Internet. Facebook wants to fix that | Ars Technica
- Majority of Android VPNs can’t be trusted to make users more secure | Ars Technica
- It might be time to stop using antivirus | Ars Technica
- Dridex Returns With Windows UAC Bypass Method | Threatpost | The first stop for security news
- Forget Recounts. Next Election, Encrypt the Vote Instead | WIRED
- Cryptocurrency Monero Is Skyrocketing Thanks to Darknet Druglords | WIRED
- Telemarketing Firm Leaks 400,000 Recorded Calls | Threatpost | The first stop for security news
- Google to Operate its Own Root CA | Threatpost | The first stop for security news
- Google Is Battling a Russian Spammer Over the Use of the Letter 'G' | Motherboard