Risky Business #461 -- AWS security with Atlassian's Daniel Grzelak

Plus all the drama from the dark web...
12 Jul 2017 » Risky Business

On this week’s show we chat with Atlassian’s head of security, Daniel Grzelak, all about some AWS security tools he’s come up with. He also previews a new tool for generating AWS access key honeytokens at scale, which is really neat.

This week’s show is brought to you by Veracode!

Veracode’s director of developer engagement, Peter Chestna, will be along in this week’s sponsor interview to have a yarn about some common misunderstandings between security people and developers. We look at misunderstandings both ways.

Adam Boileau is this week’s news guest. We talk about all the latest dark markets drama, plus the Great Nuclear Hax Freakout of 2017.

See links to show notes below, and follow Patrick or Adam on Twitter if that’s your thing!

Show notes

Hackers Are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say - The New York Times
FBI-DHS “amber” alert warns energy industry of attacks on nuke plant operators | Ars Technica
As World's Largest Dark Web Market Vanishes, Dodgy Links Promise a Way Back In - Motherboard
AlphaBay: Drug Site Remains Shut as Fears of Exit Scam Grow | Fortune.com
South Korean Cryptocurrency Exchange Bithumb to Compensate Users Following the Hacking
Dark Web Hosting Service Hacked, Some Data Was Stolen
Head of Mt Gox bitcoin exchange on trial for embezzlement and loss of millions | Technology | The Guardian
Owners of "VirusTotal-for-Crooks" Service Arrested
iPhone Bugs Are Too Valuable to Report to Apple - Motherboard
Kaspersky under scrutiny after Bloomberg story claims close links to FSB | Ars Technica
Russian Cybersecurity CEO Offers Source Code for U.S. Inspection | Fortune.com
Russians now need a passport to watch Pornhub – VICE News
International Investigatory Group Also Target of Government Spyware | Threatpost | The first stop for security news
Sabre Consumer Website - Home
Hackers stole credit card info from Trump hotel guests for months | TheHill
Let's Encrypt to Offer Wildcard Certificates in 2018 | Threatpost | The first stop for security news
Decryption Key to Original Petya Ransomware Released | Threatpost | The first stop for security news
Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica
Hackers Linked to NotPetya Ransomware Decrypted a File for Us - Motherboard
Broadpwn Bug Affects Millions of Android and iOS Devices
OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux, Windows?
Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks | Threatpost | The first stop for security news
The Time I Got Recruited to Collude with the Russians - Lawfare
2016-07-08 Security Notice
GitHub - dagrz/aws_pwn: A collection of AWS penetration testing junk
Application Security | Veracode