Risky Business Podcast

March 01, 2017

Risky Business #445 -- Amazon, CloudFlare and Microsoft join "having a bad week club"

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We’ve got a real bread and butter show for you this week. Troy Hunt will be along to talk about the Cloudflare bug and why everyone freaked out about it, and Haroon Meer of Thinks Canary will be along to talk about RSA.

This week’s show is, of course, brought to you by Canary.Tools, and Haroon will tell us about his first ever RSA conference experience. That’s actually a really fun chat. Funny in parts, too.

Adam Boileau is along to discuss the week’s news. Microsoft, Amazon and a handful of Russians are all having an awful, awful week, and he’ll be talking all about that.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

Risky Business #445 -- Amazon, CloudFlare and Microsoft join "having a bad week club"
0:00 / 0:00

Show notes

Amazon S3 Outage Has Broken A Large Chunk Of The Internet

Amazon Web Services on Twitter: "The dashboard not changing color is related to S3 issue. See the banner at the top of the dashboard for updates."

Treason charges against Russian cyber experts linked to seven-year-old accusations | Reuters

At death’s door for years, widely used SHA1 function is now dead | Ars Technica

Watershed SHA1 collision just broke the WebKit repository, others may follow | Ars Technica

Police Have Arrested a Suspect in a Massive ‘Internet of Things’ Attack - Motherboard

BKA - List page for press releases 2017 - The prosecutor's office in Cologne and the Federal Criminal Police Office have been arrested with suspected telecom hackers in London

Google reports “high-severity” bug in Edge/IE, no patch available | Ars Technica

Unpatched SMB Zero Day Easily Exploitable | Threatpost | The first stop for security news

Troy Hunt: Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messages

Apple deleted server supplier after finding infected firmware in servers [Updated] | Ars Technica

A Fake Dark Web Hitman Site is Linked to a Real Murder - Motherboard

Paranoid Spouses Can Spy on Partners' iOS 10 Devices with iCloud Backups - Motherboard

How to Protect Yourself from Creepy, Phone Snooping Spyware - Motherboard

The FBI Is Sharing Seized TorMail Data with the DEA - Motherboard

iPhone Robbers Try to iPhish Victims — Krebs on Security

Researchers Uncover New Leads Behind Shamoon2 | Threatpost | The first stop for security news

Policy Experts Push To Make Vulnerability Equities Process Law | Threatpost | The first stop for security news

Java, Python FTP Injection Attacks Bypass Firewalls | Threatpost | The first stop for security news

Researchers find “severe” flaw in WordPress plugin with 1 million installs | Ars Technica

Serious Cloudflare bug exposed a potpourri of secret customer data | Ars Technica

Hacking Unicorns with Web Bluetooth

Troy Hunt: Pragmatic thoughts on #CloudBleed

Cloudbleed Retrospective – Medium

Automated Reasoning and Amazon s2n | AWS Security Blog

s2n Is Now Handling 100 Percent of SSL Traffic for Amazon S3 | AWS Security Blog

Canary — know when it matters