On this week’s show I’ll be playing part two of my interview with In-Q-Tel’s chief security officer Dan Geer. That’s all about machine learning in infosec. Is it actually going to turn into something? Or is it just another infosec thought bubble?
This week’s sponsor interview is with Dan Guido of Trail of Bits.
Trail of Bits is a New York-based security engineering and testing company that does very interesting work. They don’t just break apps, they actually work on securing them. With that in mind, Dan’s team has been looking at implementing control flow integrity protections to various software projects. So we speak to him about the llvm versus Microsoft control flow guard approach, which is achievable. We also speak to him about mcsema, a tool they developed for reversing binaries into an intermediate language.
Adam Boileau, as always, joins us to talk about the week’s security news.
Links to items discussed in this week’s show have moved – they’re now included in this post, below.
Oh, and do add Patrick, or Adam on Twitter if that’s your thing.
- Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated] | Ars Technica
- Here’s the Data Republicans Just Allowed ISPs to Sell Without Your Consent - Motherboard
- Did China Just Help North Korea Steal $81M From The Fed?
- New WikiLeaks dump: The CIA built Thunderbolt exploit, implants to target Macs | Ars Technica
- WikiLeaks Dark Matter Release Shows CIA Interdiction of iPhone Supply Chain | Threatpost | The first stop for security news
- Think Tank: Cyber Firm at Center of Russian Hacking Charges Misread Data
- Cyber Firm Rewrites Part of Disputed Russian Hacking Report
- Michael Koziarski on Twitter: "FedEx’s web tech is so old they’re offering you $5 to enable flash… https://t.co/HRAj1Qgrjq cc @riskybusiness"
- eBay Asks Users to Downgrade Security — Krebs on Security
- Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly | Ars Technica
- Android Security Is Better But Still Has a Long Way to Go | WIRED
- Shielding MAC addresses from stalkers is hard and Android fails miserably at it | Ars Technica
- Ransomware scammers exploited Safari bug to extort porn-viewing iOS users | Ars Technica
- Potent LastPass exploit underscores the dark side of password managers | Ars Technica
- APT29 Used Domain Fronting, Tor to Execute Backdoor | Threatpost | The first stop for security news
- Experts Doubt Hacker’s Claim Of Millions Of Breached Apple Credentials | Threatpost | The first stop for security news
- Whoops: The DOJ May Have Confirmed Some of the Wikileaks CIA Dump - Motherboard
- Apple Just Banned the App That Tracks US Drone Strikes, Again - Motherboard
- A Hackable Dishwasher Is Connecting Hospitals to the Internet of Shit - Motherboard
- McSema: I’m liftin’ it | Trail of Bits Blog
- The Challenges of Deploying Security Mitigations | Trail of Bits Blog