Risky Business #448 -- Dan Geer on cloud providers: Too big to fail?

PLUS Mike Hanley of Duo Security talks BeyondCorp...
22 Mar 2017 » Risky Business

We’ve got a great show for you this week. In-Q-Tel CSO Dan Geer will be along for a very interesting conversation about the major cloud providers. Are they too big to fail the same way some banks are? Does the efficiency of highly concentrated ownership of a large chunk of the world’s Internet service capacity make it less resilient? We talk about that and more in this week’s feature interview.

This week’s sponsor interview is also an absolute cracker. We’re speaking with Mike Hanley of Duo Security. Mike is the senior director of security at Duo, and he’s along this week to talk about Google’s BeyondCorp initiative.

BeyondCorp is Google’s vision for the next generation of enterprise environments and it has a lot to do with deperimiterisation. Mike is along this week to talk about that concept and how solid authentication is basically the first step in moving towards that vision. It’s really, really solid stuff, so do stick around for that one.

Adam Boileau, as always, joins us to talk about the week’s security news.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

Show notes

Comey Confirms a Trump-Russia FBI Investigation Began Last July | WIRED
Laptop ban: UK, US ban electronics in carry-on luggage from Middle East airports amid terrorist bomb fears - ABC News (Australian Broadcasting Corporation)
Patrick Gray on Twitter: "I've seen a couple of people float this theory and FWIW I think it's bullshit. https://t.co/8PeV3IxdVJ"
WikiLeaks Won’t Tell Tech Companies How to Patch CIA Zero-Days Until Its Demands Are Met - Motherboard
Patrick Gray on Twitter: "Staff holding clearances didn't stop Microsoft fixing Stuxnet 0days or the Flame md5 collision. More grandstanding bullshit from Assange. 🙄 https://t.co/tRkmzPDm5V"
Dan Guido on Twitter: "The US Government needs to suck it up and report these bugs to the vendors themselves to short circuit this mess. https://t.co/1ZUkwc7bfV"
Microsoft’s silence over unprecedented patch delay doesn’t smell right | Ars Technica
A simple command allows the CIA to commandeer 318 models of Cisco switches | Ars Technica
Four Men Charged With Hacking 500M Yahoo Accounts — Krebs on Security
How did Yahoo get breached? Employee got spear phished, FBI suggests | Ars Technica
WhatsApp and Telegram Vulnerability Should Warn Wary Encrypted Chat Users Off the Web | WIRED
Intel, Microsoft Announce New Bug Bounties | Threatpost | The first stop for security news
GitHub Code Execution Bug Fetches $18,000 Bounty | Threatpost | The first stop for security news
Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated] | Ars Technica
Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom - Motherboard
Student Aid Tool Held Key for Tax Fraudsters — Krebs on Security
Some Dark Web 'Crackdowns' Are Just Hot Air - Motherboard
Where Have All The Exploit Kits Gone? | Threatpost | The first stop for security news
Carnegie Mellon Helped the Government Access a Terror-Linked iPhone, Source Says - Motherboard
US-CERT Warns HTTPS Inspection May Degrade TLS Security | Threatpost | The first stop for security news
Fileless Malware Campaigns Tied to Same Attacker | Threatpost | The first stop for security news
How to Protect Yourself From Third-Party Twitter App Hacks - Motherboard
Tavis Ormandy on Twitter: "It looks like LastPass consider the RCE vulnerability I reported yesterday resolved, here are the full details. https://t.co/roB0JXa25G"
Code Execution Vulnerability Found in Libpurple IM Library | Threatpost | The first stop for security news
(9) Patrick Gray on Twitter: "This actually happened. I have socks older than these kids and they're popping real 0day in the CTF gear. Awesome. https://t.co/s8nq7r8EDh"
BeyondCorp | Run Zero Trust Security Like Google
BeyondCorp For The Rest Of Us | Duo Security