Risky Business Podcast

July 12, 2017

Risky Business #461 -- AWS security with Atlassian's Daniel Grzelak

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we chat with Atlassian’s head of security, Daniel Grzelak, all about some AWS security tools he’s come up with. He also previews a new tool for generating AWS access key honeytokens at scale, which is really neat.

This week’s show is brought to you by Veracode!

Veracode’s director of developer engagement, Peter Chestna, will be along in this week’s sponsor interview to have a yarn about some common misunderstandings between security people and developers. We look at misunderstandings both ways.

Adam Boileau is this week’s news guest. We talk about all the latest dark markets drama, plus the Great Nuclear Hax Freakout of 2017.

See links to show notes below, and follow Patrick or Adam on Twitter if that’s your thing!

Risky Business #461 -- AWS security with Atlassian's Daniel Grzelak
0:00 / 0:00

Show notes

Hackers Are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say - The New York Times

FBI-DHS “amber” alert warns energy industry of attacks on nuke plant operators | Ars Technica

As World's Largest Dark Web Market Vanishes, Dodgy Links Promise a Way Back In - Motherboard

AlphaBay: Drug Site Remains Shut as Fears of Exit Scam Grow | Fortune.com

South Korean Cryptocurrency Exchange Bithumb to Compensate Users Following the Hacking

Dark Web Hosting Service Hacked, Some Data Was Stolen

Head of Mt Gox bitcoin exchange on trial for embezzlement and loss of millions | Technology | The Guardian

Owners of "VirusTotal-for-Crooks" Service Arrested

iPhone Bugs Are Too Valuable to Report to Apple - Motherboard

Kaspersky under scrutiny after Bloomberg story claims close links to FSB | Ars Technica

Russian Cybersecurity CEO Offers Source Code for U.S. Inspection | Fortune.com

Russians now need a passport to watch Pornhub – VICE News

International Investigatory Group Also Target of Government Spyware | Threatpost | The first stop for security news

Sabre Consumer Website - Home

Hackers stole credit card info from Trump hotel guests for months | TheHill

Let's Encrypt to Offer Wildcard Certificates in 2018 | Threatpost | The first stop for security news

Decryption Key to Original Petya Ransomware Released | Threatpost | The first stop for security news

Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica

Hackers Linked to NotPetya Ransomware Decrypted a File for Us - Motherboard

Broadpwn Bug Affects Millions of Android and iOS Devices

OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux, Windows?

Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks | Threatpost | The first stop for security news

The Time I Got Recruited to Collude with the Russians - Lawfare

2016-07-08 Security Notice

GitHub - dagrz/aws_pwn: A collection of AWS penetration testing junk

Application Security | Veracode