Risky Business Podcast
October 11, 2017
Risky Business #473 -- Kaspersky is officially toast
Presented by
CEO and Publisher
Technology Editor
On this week’s show we’re taking a deep dive into the latest news about Kaspersky and its alleged ties to Russian security services. The New York Times has just published an absolutely blockbuster piece that claims Israeli intelligence infiltrated Kaspersky’s network in 2014 and uncovered slam dunk evidence the company was operating espionage campaigns on behalf of the Russian government. We’ll jump into that in a minute, then in this week’s feature I’ll chat with Dave Aitel of Immunity Inc and get his feelings on the Kaspersky controversy.
Casey Ellis is this week’s sponsor guest. He’s joining us this week to talk about how people running their own bug bounties can avoid false negatives. A couple of weeks back we ran a feature here on the show about a guy who had a pretty hard time reporting a legitimate security bug to Microsoft. Casey will be along with some ideas on how companies might do better when managing a lot of inbound bug reports, many of which are bogus. How do you sort the wheat from the chaff.
Links to everything are below.
Oh, and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Bugcrowd
#1 Crowdsourced Cybersecurity Platform
Show notes
How Israel Caught Russian Hackers Scouring the World for U.S. Secrets - The New York Times
Ex-NSA Hackers Are Not Surprised by Bombshell Kaspersky Report - Motherboard
Office Depot, Best Buy Pull Kaspersky Products From Shelves
Kaspersky and the Third Major Breach of NSA’s Hacking Tools – emptywheel
Russia reportedly stole NSA secrets with help of Kaspersky—what we know now | Ars Technica
Australian police posed as child abusers for a dark web sting
North Korea hacked South's secret joint US war plans – reports | World news | The Guardian
Hacking North Korea Won't Stop Its Nuclear Program | WIRED
Report: Facebook removed references to Russia from fake-news report | Ars Technica
SEC hack came as internal security team begged for funding | Ars Technica
Meet Danny, the Guy Authorities Say Is Selling Encrypted Phones to Organized Crime
Cellebrite: Hacking into iPhones is harder than ever
In-progress email threads were hacked to spearphish private companies, report says
Disqus confirms 2012 database breach impacting 17.5 million users
Report: John Kelly's personal phone was compromised for months
Market Research Firm Forrester Says Hackers Stole Sensitive Reports
Over 37,000 Chrome Users Installed a Fake AdBlock Plus Extension
New NIST and DHS Standards Get Ready to Tackle BGP Hijacks
Russia Says It Will Ban Cryptocurrency Exchanges
‘Dark Overlord’ Hackers Text Death Threats to Students, Then Dump Voicemails From Victims
Critical Windows DNS vulnerability gives hackers the 'keys to the kingdom'
SensePost | Macro-less code exec in msword
The confrontation that fueled the fallout between Kaspersky and the U.S. government - Cyberscoop
Understanding the Equifax Data Breach | Anna Slomovic| Managing Personal Data
Equation Group: The Crown Creator of Cyber-Espionage | Kaspersky Lab