Risky Business #465 -- Charlie Miller on autonomous car security

PLUS Stephen Ridley with some hints for researchers...
16 Aug 2017 » Risky Business

On this week’s show we chat with Charlie Miller all about the security of autonomous vehicles. As you’ll hear, he says autonomous vehicle security all comes down to some security fundamentals that are, in fact, being taken seriously by carmakers.

We’ve got an absolutely fantastic sponsor interview for you this week. This week’s show is brought to you by Senrio. They make an IoT network monitoring solution that’s actually really good. Stephen Ridley is the founder and head honcho at Senrio. He’s a very well known researcher and he joins us this week to talk about a few things.

First up he recaps the gSOAP library bugs the Senrio team found. They were a big deal in July, but as you’ll hear, people kinda missed the point. The affected gSOAP library is absolutely everywhere, including in, ahem, browsers. So yeaaaaah. There’s that.

Then we move on to the more sponsor-y part of the sponsor interview, talking about Senrio’s experience running the IoT hacking village at DEFCON. It was a great time for them, throwing their product at the most hostile IoT network the world has ever seen. To round out the Stephen Ridley omnibus experience we’ll also hear about a few training courses he’s offering on Android hacking and software exploitation via hardware exploitation.

Adam Boileau joins the show to talk about the week’s security news, links to everything are below.

Oh, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The U.S. Is Trying to Seize 1.3 Million Visitor Logs, DreamHost Says - The Atlantic
We Fight for the Users - DreamHost.blog
After Shutdown, Daily Stormer Users Are Moving to a Dark Web Version of Site - Motherboard
Someone Appears to Be DDoSing the Dark Web Version of The Daily Stormer - Motherboard
Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware - Motherboard
Top Security Firm May Be Leaking 'Terabytes' Of Confidential Data From Fortune 100 Companies | Gizmodo Australia
Beware of Security by Press Release — Krebs on Security
The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription, Researcher Says - Motherboard
HBO offered hackers $250,000 'bug bounty', leaked email claims | Technology | The Guardian
Russian Hackers Are Targeting Hotels Across Europe, Researchers Say - Motherboard
Attackers Backdoor NetSarang Software Update Mechanism | Threatpost | The first stop for security news
Seven More Chrome Extensions Compromised | Threatpost | The first stop for security news
Blizzard Entertainment Hit With Weekend DDoS Attack | Threatpost | The first stop for security news
Cyberattack leaves millions without mobile phone service in Venezuela — Technology — The Guardian Nigeria Newspaper – Nigeria and World News
Smart Locks Bricked by Bad Update | Threatpost | The first stop for security news
IMSI Catcher Detection Apps Might Not Be All That Good, Research Suggests - Motherboard
Ukrainian Man Arrested, Charged in NotPetya Distribution | Threatpost | The first stop for security news
Juniper Issues Security Alert Tied to Routers and Switches | Threatpost | The first stop for security news
From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks | USENIX
Legal Hacking Tools Can Be Useful for Journalists, Too - Motherboard
Experts in Lather Over ‘gSOAP’ Security Flaw — Krebs on Security
Devil's Ivy - Senrio