This episode sponsored by Duo Security.We’ve got a great show for you this week. In-Q-Tel CSO Dan Geer will be along for a very interesting conversation about the major cloud providers. Are they too big to fail the same way some banks are? Does the efficiency of highly concentrated ownership of a large chunk of the world’s Internet service capacity make it less resilient? We talk about that and more in this week’s feature interview.
This week’s sponsor interview is also an absolute cracker. We’re speaking with Mike Hanley of Duo Security. Mike is the senior director of security at Duo, and he’s along this week to talk about Google’s BeyondCorp initiative.
BeyondCorp is Google’s vision for the next generation of enterprise environments and it has a lot to do with deperimiterisation. Mike is along this week to talk about that concept and how solid authentication is basically the first step in moving towards that vision. It’s really, really solid stuff, so do stick around for that one.
Adam Boileau, as always, joins us to talk about the week’s security news.
Links to items discussed in this week’s show have moved – they’re now included in this post, below.
Oh, and do add Patrick, or Adam on Twitter if that’s your thing.
Show notes
- Comey Confirms a Trump-Russia FBI Investigation Began Last July | WIRED
- Laptop ban: UK, US ban electronics in carry-on luggage from Middle East airports amid terrorist bomb fears - ABC News (Australian Broadcasting Corporation)
- Patrick Gray on Twitter: "I've seen a couple of people float this theory and FWIW I think it's bullshit. https://t.co/8PeV3IxdVJ"
- WikiLeaks Won’t Tell Tech Companies How to Patch CIA Zero-Days Until Its Demands Are Met - Motherboard
- Patrick Gray on Twitter: "Staff holding clearances didn't stop Microsoft fixing Stuxnet 0days or the Flame md5 collision. More grandstanding bullshit from Assange. 🙄 https://t.co/tRkmzPDm5V"
- Dan Guido on Twitter: "The US Government needs to suck it up and report these bugs to the vendors themselves to short circuit this mess. https://t.co/1ZUkwc7bfV"
- Microsoft’s silence over unprecedented patch delay doesn’t smell right | Ars Technica
- A simple command allows the CIA to commandeer 318 models of Cisco switches | Ars Technica
- Four Men Charged With Hacking 500M Yahoo Accounts — Krebs on Security
- How did Yahoo get breached? Employee got spear phished, FBI suggests | Ars Technica
- WhatsApp and Telegram Vulnerability Should Warn Wary Encrypted Chat Users Off the Web | WIRED
- Intel, Microsoft Announce New Bug Bounties | Threatpost | The first stop for security news
- GitHub Code Execution Bug Fetches $18,000 Bounty | Threatpost | The first stop for security news
- Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated] | Ars Technica
- Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom - Motherboard
- Student Aid Tool Held Key for Tax Fraudsters — Krebs on Security
- Some Dark Web 'Crackdowns' Are Just Hot Air - Motherboard
- Where Have All The Exploit Kits Gone? | Threatpost | The first stop for security news
- Carnegie Mellon Helped the Government Access a Terror-Linked iPhone, Source Says - Motherboard
- US-CERT Warns HTTPS Inspection May Degrade TLS Security | Threatpost | The first stop for security news
- Fileless Malware Campaigns Tied to Same Attacker | Threatpost | The first stop for security news
- How to Protect Yourself From Third-Party Twitter App Hacks - Motherboard
- Tavis Ormandy on Twitter: "It looks like LastPass consider the RCE vulnerability I reported yesterday resolved, here are the full details. https://t.co/roB0JXa25G"
- Code Execution Vulnerability Found in Libpurple IM Library | Threatpost | The first stop for security news
- (9) Patrick Gray on Twitter: "This actually happened. I have socks older than these kids and they're popping real 0day in the CTF gear. Awesome. https://t.co/s8nq7r8EDh"
- BeyondCorp | Run Zero Trust Security Like Google
- BeyondCorp For The Rest Of Us | Duo Security
