Risky Business Podcast
May 04, 2017
Risky Business #453 -- The Intel bugs: How freaked out should you be?
Presented by
CEO and Publisher
Technology Editor
On this week’s show we’re looking at an issue that kicked up last week when creepware scumbags Flexispy announced they were moving their bug bounty program to HackerOne. VICE journalist Joseph Cox asked HackerOne CEO Marten Mickos if he’d be happy to host their program, and his answer is as follows:
“Any company that operates legally within its jurisdiction, treats our hackers with respect and takes vulnerability disclosure seriously is generally welcome to run their program on the HackerOne platform. Improving the integrity of all connected software is to the benefit of the digital society.”
A lot of people, myself included, didn’t react so well to that line of thinking. HackerOne CTO Alex Rice suggested he come on the show to talk about the company’s stance. As you’ll hear, Alex is pushing a much softer line than his CEO, but still says this is complicated. Stay tuned for that, at times, excruciating interview.
This week’s sponsor interview is with Signal Sciences CSO and co-founder Zane Lackey. Zane was the head of security at Etsy, but he moved on to found Signal Sciences, a company that is making webapp security software that by all reports is pretty damn good.
He joins us in the sponsor slot this week to talk about Devops, WAFs and a whole bunch of other fun stuff.
Adam Boileau, as usual, drops by to discuss the week’s news.
Links to items discussed in this week’s show have moved – they’re now included in this post, below.
Oh, and do add Patrick, or Adam on Twitter if that’s your thing.
Brought to you by Fastly
Modern web app and API security, anywhere
Show notes
Intel patches remote hijacking vulnerability that lurked in chips for 7 years | Ars Technica
Hacker leaks Orange is the New Black new season after ransom demands ignored | Ars Technica
Meet the Hackers Holding Netflix to Ransom - Motherboard
All your Googles are belong to us: Look out for the Google Docs phishing worm | Ars Technica
Facebook enters war against “information operations,” acknowledges election hijinx | Ars Technica
Russian-controlled telecom hijacks financial services’ Internet traffic | Ars Technica
Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol | Ars Technica
Blind Trust in Email Could Cost You Your Home — Krebs on Security
Google and Facebook scammed out of $100M in elaborate phishing attack
Watch Hackers Sabotage an Industrial Robot Arm | WIRED
geer.tinho.net/geer.source.27iv17.txt
A vigilante is putting a huge amount of work into infecting IoT devices | Ars Technica
An Obscure App Flaw Creates Backdoors In Millions of Smartphones | WIRED
Apple Revokes Certificate Used By OSX/Dok Malware | Threatpost | The first stop for security news
IBM: Destroy USBs Infected with Malware Dropper | Threatpost | The first stop for security news
Picture this: Senate staffers’ ID cards have photo of smart chip, no security | Ars Technica
nomx: The world's most secure communications protocol
Wanna Know If Someone Planted Spyware on Your Computer? - Motherboard
Winston Smith on Twitter: "@x0rz @cryptoishard Sorry that was me lol"