We’ve got a real bread-and-butter show for you this week. Adam is along in this week’s news segment to talk about the latest on the Intel AMT bugs, Tavis Ormandy’s horror-show Windows Defender bug, the Macron email dump and more.
In this week’s feature interview we speak with Adobe security engineer and OAuth 2 in Action co-author Antonio Sanso about what companies like Google might be able to do to make their OAuth implementations a little safer for users… Which, you know, might be something worth considering given an OAuth-based phishing attack was able to compromise something like a million Google accounts the other week.
This week’s show is brought to you by Thinkst Canary! Canary is of course the wonderful little hardware honeypot device Thinkst makes that you can plug into your network that’ll let you know when you have attackers on your LAN. Thinkst’s head of development, Macro Slaviero, joins the show this week to talk about the CIA’s leaked watermarking solution Scribbles, as well as to talk a little about Thinkst’s so-called “bird guide”. It’s a document (linked below) with a bunch of advice for those of you considering using Honeypots.
Links to items discussed in this week’s show have moved – they’re now included in this post, below.
Oh, and do add Patrick, or Adam on Twitter if that’s your thing.
Show notes
- The hijacking flaw that lurked in Intel chips is worse than anyone thought | Ars Technica
- mjg59 | Intel AMT on wireless networks
- Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable | Ars Technica
- Emergency Update Patches Zero Day in Microsoft Malware Protection Engine | Threatpost | The first stop for security news
- Microsoft’s recent success in blocking in-the-wild attacks is eerily good | Ars Technica
- Veritas - Security Response Advisories
- Hacked Macron Emails Leak Online Ahead of French Presidential Runoff Election | WIRED
- The NSA Confirms It: Russia Hacked French Election ‘Infrastructure’ | WIRED
- Patrick Gray on Twitter: "I'm not convinced this is true. At all. Will discuss on this week's show! https://t.co/cvyRahSaxr"
- Press releases - National Commission for the Control of the Campaign for the Presidential Election
- Here's How Easy It Is to Get Trump Officials to Click on a Fake Link in Email
- F.B.I. Director James Comey Is Fired by Trump - The New York Times
- Google's OSS-Fuzz Finds 1,000 Open Source Bugs | Threatpost | The first stop for security news
- Ultrasonic Beacons Are Tracking Your Every Movement | Threatpost | The first stop for security news
- Dark Web Suspects Busted After Visiting Image Sharing Site Outside of Tor - Motherboard
- Cisco kills leaked CIA 0-day that let attackers commandeer 318 switch models | Ars Technica
- grugq is creating analysis on applied security, cyber, operational, and otherwise. | Patreon
- Canarytokens
- Thinkst Canary Bird Guide: