Risky Business #443 -- CrowdStrike and NSS face off, Hal Martin charged and more

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we’ll be chatting with two of the organisers of an event that was held here in Australia – PlatyPus con. As you’ll hear, it wasn’t really a typical security con – attendees had to bring laptops and had to participate. The whole thing was centred around workshops. Everyone I know who went said it was brilliant, and I personally think this is an idea that is going to catch on outside of Australia. We’ll be speaking with Snail and Lin_s about that one in this week’s feature interview.

This week’s show is brought to you by Veracode, big thanks to them. In this week’s sponsor interview we’ll be chatting with Veracode’s senior product innovation manager Colin Domony about a couple of things. Veracode did a pretty interesting survey recently that really shows that developers are, in fact, finally, becoming security aware in a big way. Not only that, but Veracode has made some pretty significant changes to its products to reflect this switch. Static analysis software security tools are becoming something the developers themselves use, they’re not just for the security teams these days. So we’ll talk about the rationale behind Veracode’s recent release of a scanner that plugs into IDEs: Veracode Greenlight.

Adam Boileau joins us, as always, to talk about the week’s security news.

Oh, and do add Patrick, Jake or Adam on Twitter if that’s your thing.

Risky Business #443 -- CrowdStrike and NSS face off, Hal Martin charged and more
0:00 / 0:00

Show notes

The Alleged NSA Thief Stole Information Impacting At Least Five US Agencies - Motherboard

CrowdStrike Initiates Legal Action Against NSS Labs For Misappropriation of Intellectual Property and Engaging in a Sham Transaction to Illegally Obtain Access To Our Falcon Software

CrowdStrike attempts to sue NSS Labs to prevent test release, court denies request | CSO Online

Explain! yourself! US! senators! yell! at! Yahoo! • The Register

Senators Question Yahoo’s Candor on Data Breach - WSJ

How to not do presidential opsec: Crisis management over dinner in public | Ars Technica

The Cybersecurity Executive Orders: A Tale of Two Trumps |

Amnesty International uncovers phishing campaign against human rights activists | Ars Technica

A rash of invisible, fileless malware is infecting banks around the globe | Ars Technica

Nation States Distancing Themselves from APTs | Threatpost | The first stop for security news

A New Type of Malware Can Lock Power Plant Computers For Ransom - Motherboard

Mac malware is still crude, but it’s slowly catching up to its Windows rivals | Ars Technica

New Mac malware pinned on same Russian group blamed for election hacks | Ars Technica

Virally growing attacks on unpatched WordPress sites affect ~2m pages | Ars Technica

Hacking Team Hacker Phineas Fisher Is Taking a Break Because of Stress - Motherboard

Now sites can fingerprint you online even when you use multiple browsers | Ars Technica

BeyondCorp For The Rest Of Us | Duo Security

Leave Spicer alone! (Or, why DNS registration is horrible) | Ars Technica

New Tool Takes Mere Minutes to Create Dark Web Version of Any Site - Motherboard

Sophos to assimilate Invincea's intelligent machine tech to fight malware • The Register

How to Get Past Customs Without Giving Up Your Digital Privacy | WIRED

Uber Debuts SSH Key Authentication Module | Threatpost | The first stop for security news

Newly discovered flaw undermines HTTPS connections for almost 1,000 sites | Ars Technica

Greenlight - IDE-Based Security Unit Testing | Veracode