Risky Business #443 -- CrowdStrike and NSS face off, Hal Martin charged and more

PLUS: A new type of security event that shows great promise...
15 Feb 2017 » Risky Business

On this week’s show we’ll be chatting with two of the organisers of an event that was held here in Australia – PlatyPus con. As you’ll hear, it wasn’t really a typical security con – attendees had to bring laptops and had to participate. The whole thing was centred around workshops. Everyone I know who went said it was brilliant, and I personally think this is an idea that is going to catch on outside of Australia. We’ll be speaking with Snail and Lin_s about that one in this week’s feature interview.

This week’s show is brought to you by Veracode, big thanks to them. In this week’s sponsor interview we’ll be chatting with Veracode’s senior product innovation manager Colin Domony about a couple of things. Veracode did a pretty interesting survey recently that really shows that developers are, in fact, finally, becoming security aware in a big way. Not only that, but Veracode has made some pretty significant changes to its products to reflect this switch. Static analysis software security tools are becoming something the developers themselves use, they’re not just for the security teams these days. So we’ll talk about the rationale behind Veracode’s recent release of a scanner that plugs into IDEs: Veracode Greenlight.

Adam Boileau joins us, as always, to talk about the week’s security news.

Oh, and do add Patrick, Jake or Adam on Twitter if that’s your thing.

Show notes

The Alleged NSA Thief Stole Information Impacting At Least Five US Agencies - Motherboard
CrowdStrike Initiates Legal Action Against NSS Labs For Misappropriation of Intellectual Property and Engaging in a Sham Transaction to Illegally Obtain Access To Our Falcon Software
CrowdStrike attempts to sue NSS Labs to prevent test release, court denies request | CSO Online
Explain! yourself! US! senators! yell! at! Yahoo! • The Register
Senators Question Yahoo’s Candor on Data Breach - WSJ
How to not do presidential opsec: Crisis management over dinner in public | Ars Technica
The Cybersecurity Executive Orders: A Tale of Two Trumps |
Amnesty International uncovers phishing campaign against human rights activists | Ars Technica
A rash of invisible, fileless malware is infecting banks around the globe | Ars Technica
Nation States Distancing Themselves from APTs | Threatpost | The first stop for security news
A New Type of Malware Can Lock Power Plant Computers For Ransom - Motherboard
Mac malware is still crude, but it’s slowly catching up to its Windows rivals | Ars Technica
New Mac malware pinned on same Russian group blamed for election hacks | Ars Technica
Virally growing attacks on unpatched WordPress sites affect ~2m pages | Ars Technica
Hacking Team Hacker Phineas Fisher Is Taking a Break Because of Stress - Motherboard
Now sites can fingerprint you online even when you use multiple browsers | Ars Technica
BeyondCorp For The Rest Of Us | Duo Security
Leave Spicer alone! (Or, why DNS registration is horrible) | Ars Technica
New Tool Takes Mere Minutes to Create Dark Web Version of Any Site - Motherboard
Sophos to assimilate Invincea's intelligent machine tech to fight malware • The Register
How to Get Past Customs Without Giving Up Your Digital Privacy | WIRED
Uber Debuts SSH Key Authentication Module | Threatpost | The first stop for security news
Newly discovered flaw undermines HTTPS connections for almost 1,000 sites | Ars Technica
Greenlight - IDE-Based Security Unit Testing | Veracode