On this week’s show we’re chatting with Peter Gutmann about a couple of things that have combined to form a legit problem: The abuse of the Lets-Encrypt domain validated certificate authority combined with recent UI changed in Chrome are a phishers wet dream. We chat with Peter about that. The tl;dr is the browser makers need to get off their asses and do something about that, pronto.
This week’s show is sponsored by Exabeam. They just took $30m in funding from a VC and Cisco and they’re looking at doing some really interesting stuff in the SIEM world with, you guessed it, machine learning! In this week’s sponsor interview we’re chatting with Exabeam co-founder Sylvain Gil about a few things – the conversation does veer a bit into their products but it actually stays interesting, mostly because he discusses things like Exabeam’s roadmap in terms of problems they’re trying to solve. So even if you have no desire to buy a new SIEM, you’ll still probably find that one interesting from an academic point of view.
Adam Boileau, as always, stops in to discuss the week’s news, and Jake Davis is back with a… reinterpretation(?!) of the Hacker Manifesto.
Links to items discussed in this week’s show have moved – they’re now included in this post, below.
- Hacks all the time. Engineers recently found Yahoo systems remained compromised | Ars Technica
- Verizon and Yahoo amend terms of definitive agreement
- Yahoo reveals more breachiness to users victimized by forged cookies [Updated] | Ars Technica
- Kim Dotcom and co-accused eligible for extradition to US, says High Court - National - NZ Herald News
- Who Ran Leakedsource.com? — Krebs on Security
- How to Bury a Major Breach Notification — Krebs on Security
- Hackers who took control of PC microphones siphon >600 GB from 70 targets | Ars Technica
- Trump’s apparent security faux-pas-palooza triggers call for House investigation | Ars Technica
- Trump Cybersecurity Head Tom Bossert Could Be a Voice of Reason | WIRED
- Car Apps Are Vulnerable To Hacks That Could Unlock Millions of Vehicles | WIRED
- A Glimpse Into How Much Google Knows About Russian Government Hackers - Motherboard
- Convicted TalkTalk Blackmailer Warns Young Hackers About Falling Into Crime - Motherboard
- CEO of Company Behind Tor Browser Exploit: 'I Wanted to Help Take a Person Down' - Motherboard
- The Best Defense: Threats to journalists' safety demand fresh approach - Committee to Protect Journalists
- SMTP STS Coming Soon to Gmail, Other Webmail Providers | Threatpost | The first stop for security news
- Google Discloses Unpatched Microsoft Vulnerability | Threatpost | The first stop for security news
- Aleksey Palazhchenko on Twitter: "TIL: There are bots on Github that create pull requests to projects using CI replacing all code with bitcoin-mining code."
- The CA's Role in Fighting Phishing and Malware - Let's Encrypt - Free SSL/TLS Certificates
- Patrick Gray on Twitter: "@KimDotcom Get some perspective dickhead."
- Certified Malice – text/plain
- Security Intelligence | Exabeam