Risky Business Podcast

March 29, 2017

Risky Business #449 -- Machine Learning: Woot or woo?

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show I’ll be playing part two of my interview with In-Q-Tel’s chief security officer Dan Geer. That’s all about machine learning in infosec. Is it actually going to turn into something? Or is it just another infosec thought bubble?

This week’s sponsor interview is with Dan Guido of Trail of Bits.

Trail of Bits is a New York-based security engineering and testing company that does very interesting work. They don’t just break apps, they actually work on securing them. With that in mind, Dan’s team has been looking at implementing control flow integrity protections to various software projects. So we speak to him about the llvm versus Microsoft control flow guard approach, which is achievable. We also speak to him about mcsema, a tool they developed for reversing binaries into an intermediate language.

Adam Boileau, as always, joins us to talk about the week’s security news.

Links to items discussed in this week’s show have moved – they’re now included in this post, below.

Oh, and do add Patrick, or Adam on Twitter if that’s your thing.

Risky Business #449 -- Machine Learning: Woot or woo?
0:00 / 0:00

Show notes

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated] | Ars Technica

Here’s the Data Republicans Just Allowed ISPs to Sell Without Your Consent - Motherboard

Did China Just Help North Korea Steal $81M From The Fed?

New WikiLeaks dump: The CIA built Thunderbolt exploit, implants to target Macs | Ars Technica

WikiLeaks Dark Matter Release Shows CIA Interdiction of iPhone Supply Chain | Threatpost | The first stop for security news

Think Tank: Cyber Firm at Center of Russian Hacking Charges Misread Data

Cyber Firm Rewrites Part of Disputed Russian Hacking Report

Michael Koziarski on Twitter: "FedEx’s web tech is so old they’re offering you $5 to enable flash… https://t.co/HRAj1Qgrjq cc @riskybusiness"

eBay Asks Users to Downgrade Security — Krebs on Security

Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly | Ars Technica

Android Security Is Better But Still Has a Long Way to Go | WIRED

Shielding MAC addresses from stalkers is hard and Android fails miserably at it | Ars Technica

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users | Ars Technica

Potent LastPass exploit underscores the dark side of password managers | Ars Technica

APT29 Used Domain Fronting, Tor to Execute Backdoor | Threatpost | The first stop for security news

Experts Doubt Hacker’s Claim Of Millions Of Breached Apple Credentials | Threatpost | The first stop for security news

Whoops: The DOJ May Have Confirmed Some of the Wikileaks CIA Dump - Motherboard

Apple Just Banned the App That Tracks US Drone Strikes, Again - Motherboard

A Hackable Dishwasher Is Connecting Hospitals to the Internet of Shit - Motherboard

McSema: I’m liftin’ it | Trail of Bits Blog

The Challenges of Deploying Security Mitigations | Trail of Bits Blog