Risky Business #468 -- Marcus Hutchins gets "Krebsed," the ICO bubble and more

PLUS: Kenya's election scuttled over hacking fears and Kaspersky's latest drama...
06 Sep 2017 » Risky Business

On this week’s show we’re going to take a look at the ICO bubble. We’ll hear some excerpts from a chat I had with Coinjar CEO Asher Tan and then Adam and I are going to talk about what the hell is happening with all this crypto madness. We also take a look at the scuttling of the Kenyan election over hacking fears, the latest drama with Kaspersky being caught in the middle of geopolitical intrigue, the FSB’s unconventional BBQ in San Francisco and more.

This week’s show is brought to you by Netsparker.

Netsparker makes an automated webapp testing tool, you can kinda dial up the level of automation you want. They have a few nice tricks in their suite, too, like auto proof of concept exploitation of some bug classes so you can actually prove people need to fix stuff while you drink coffee, that’s nice.

In this week’s sponsor interview we’re speaking with Ferruh Mavituna, the founder and CEO of Netsparker, about automated testing at scale. It’s a sponsor interview, but it’s also a pretty generic chat about how you tackle that problem. Basically he says when you’re doing this scanning at scale you really can start with the bad, dumb stuff, because if you’re in an enterprise of any sort of size at all your automated testing is going to spit out a horror-show list.

Links to everything are below.

Oh, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Who Is Marcus Hutchins? — Krebs on Security
Solaris update plan is real, but future looks cloudy by design • The Register
Bye Bye Solaris, it seems. | Hackaday
Kenya's Supreme Court declares presidential election result null
Kenyan Elections and Alleged Hacking: A Look at the available evidence | CIPIT Blog
The Russian Company That Is a Danger to Our Security - The New York Times
Chinese Agency Linked to Cyber-Espionage Operations Will Review Source Code of Foreign Firms
Russia's San Francisco consulate is mysteriously burning stuff before it is shut down — Quartz
Man Who Refused to Decrypt Hard Drives Still in Prison After Two Years
Four Million Time Warner Cable Records Left on Misconfigured AWS S3 | Threatpost | The first stop for security news
Military Contractor's Vendor Leaks Resumes in Misconfigured AWS S3 | Threatpost | The first stop for security news
Mastercard Internet Gateway Service: Hashing Design Flaw – Tinyhack.com
Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims
Vulnerabilities Discovered in Mobile Bootloaders of Major Vendors
Banking Trojan Now Targets Coinbase Users, Not Just Banking Portals
Chinese Man Sentenced to Nine Months in Prison for Selling VPN Software
Bitcoin falls as China bans initial coin offerings | Ars Technica
ICO Bubble? Startups Are Raising Hundreds of Millions of Dollars Via Initial Coin Offerings | Inc.com
Coinschedule - Cryptocurrency ICO Statistics
SEC's ICO Ruling: What It Means for Investors and Blockchain | Fortune.com
The Paris Coin Got it Right | txsrb
Ethereum ICO: people invested thousands of dollars in "Useless Ethereum Token" (UET) — Quartz
Digital assets in Ethereum blockchain
Scaling-Up & Automating Web Application Security (Infosecurity Europe 2017 Tech Talk) - YouTube