Risky Business #445 -- Amazon, CloudFlare and Microsoft join "having a bad week club"

PLUS: Troy Hunt and Haroon Meer!
01 Mar 2017 » Risky Business

We’ve got a real bread and butter show for you this week. Troy Hunt will be along to talk about the Cloudflare bug and why everyone freaked out about it, and Haroon Meer of Thinks Canary will be along to talk about RSA.

This week’s show is, of course, brought to you by Canary.Tools, and Haroon will tell us about his first ever RSA conference experience. That’s actually a really fun chat. Funny in parts, too.

Adam Boileau is along to discuss the week’s news. Microsoft, Amazon and a handful of Russians are all having an awful, awful week, and he’ll be talking all about that.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

Show notes

Amazon S3 Outage Has Broken A Large Chunk Of The Internet
Amazon Web Services on Twitter: "The dashboard not changing color is related to S3 issue. See the banner at the top of the dashboard for updates."
Treason charges against Russian cyber experts linked to seven-year-old accusations | Reuters
At death’s door for years, widely used SHA1 function is now dead | Ars Technica
Watershed SHA1 collision just broke the WebKit repository, others may follow | Ars Technica
Police Have Arrested a Suspect in a Massive ‘Internet of Things’ Attack - Motherboard
BKA - List page for press releases 2017 - The prosecutor's office in Cologne and the Federal Criminal Police Office have been arrested with suspected telecom hackers in London
Google reports “high-severity” bug in Edge/IE, no patch available | Ars Technica
Unpatched SMB Zero Day Easily Exploitable | Threatpost | The first stop for security news
Troy Hunt: Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messages
Apple deleted server supplier after finding infected firmware in servers [Updated] | Ars Technica
A Fake Dark Web Hitman Site is Linked to a Real Murder - Motherboard
Paranoid Spouses Can Spy on Partners' iOS 10 Devices with iCloud Backups - Motherboard
How to Protect Yourself from Creepy, Phone Snooping Spyware - Motherboard
The FBI Is Sharing Seized TorMail Data with the DEA - Motherboard
iPhone Robbers Try to iPhish Victims — Krebs on Security
Researchers Uncover New Leads Behind Shamoon2 | Threatpost | The first stop for security news
Policy Experts Push To Make Vulnerability Equities Process Law | Threatpost | The first stop for security news
Java, Python FTP Injection Attacks Bypass Firewalls | Threatpost | The first stop for security news
Researchers find “severe” flaw in WordPress plugin with 1 million installs | Ars Technica
Serious Cloudflare bug exposed a potpourri of secret customer data | Ars Technica
Hacking Unicorns with Web Bluetooth
Troy Hunt: Pragmatic thoughts on #CloudBleed
Cloudbleed Retrospective – Medium
Automated Reasoning and Amazon s2n | AWS Security Blog
s2n Is Now Handling 100 Percent of SSL Traffic for Amazon S3 | AWS Security Blog
Canary — know when it matters