Risky Business Podcast

November 15, 2017

Risky Business #478 -- Why a "Digital Geneva Convention" won't work

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we check in with Mara Tam. She’ll be telling us why the idea of a so-called “Digital Geneva Convention” is silly.

Then, after that, Rich Smith of Duo Security will be in the sponsor chair.

You may have heard about some recent research Duo Labs did into Apple EFI patches basically not working/sticking. Rich walks us through that research, why Duo did it, how they did it, and what it can tell us. It might be Mac research but the real worry, as you’ll hear, is around Wintel firmware.

Adam Boileau pops by for this week’s news discussion. We’ll be covering:

  • Facebook’s plan to combat “non-consensual intimate imagery”
  • Wikileaks Vault8 leaks
  • Assange sending a “guessed” password to Donald Trump Jnr
  • NYTimes reports on the Shadowbears
  • Cracking FaceID with a rubber mask
  • MOAR

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #478 -- Why a "Digital Geneva Convention" won't work
0:00 / 0:00

Show notes

Facebook Workers, Not an Algorithm, Will Look at Volunteered Nude Photos First to Stop Revenge Porn

The Facts: Non-Consensual Intimate Image Pilot | Facebook Newsroom

If Facebook Actually Wants to Be Transparent, It Should Talk to Journalists - Motherboard

WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools - Motherboard

Donald Trump Jr. and WikiLeaks Talking Privately on Twitter Makes Perfect Sense | WIRED

WikiLeaks on Twitter: "New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company https://t.co/EvE8GdyAmM https://t.co/geigDgIDsk"

Donald Trump Jr. on Twitter: "Here is the entire chain of messages with @wikileaks (with my whopping 3 responses) which one of the congressional committees has chosen to… https://t.co/4C0d2vBOkq"

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core - The New York Times

Hackers say they broke Apple’s Face ID. Here’s why we’re not convinced | Ars Technica

Hackers Say Plastic Surgeon to the Stars Hacked Back at Them

Uber drivers in Lagos, Nigeria use fake Lockito app to boost fares — Quartz

CEO who presided over Mt. Gox’s collapse could end up with massive profits | Ars Technica

Google Begins Removing Play Store Apps Misusing Android Accessibility Services | Hackbusters

OnePlus inadvertently left a backdoor on its phones

Muslim activists hack Isis mailing list hours after terrorists claimed it was unhackable | The Independent

This AI Bot That Messes With Email Scammers As Long As Possible Is Brilliant - Digg

The FBI Blindly Hacked Computers in Russia, China, and Iran

Huddle's 'highly secure' work tool exposed KPMG and BBC files - BBC News

Microsoft Provides Guidance on Mitigating DDE Attacks | Threatpost | The first stop for security news

How AV can open you to attacks that otherwise wouldn’t be possible | Ars Technica

Cryptojacking craze that drains your CPU now done by 2,500 sites | Ars Technica

Crooks sending fake Apple emails in order to unlock stolen iPhones

Hacker Wannabes Fooled by Backdoored IP Scanner

Cyber Security | Global Cyber Security Services Provider

About the security content of iOS 11 - Apple Support

Microsoft's Smith adds 'cyber Red Cross' to his 'digital Geneva Convention' call

thinkst Thoughts...: A Geneva convention, for Software

thinkst Thoughts...: On anti-patterns for ICT security and international law

The need for a Digital Geneva Convention - Microsoft on the Issues

The Apple of Your EFI: Mac Firmware Security Research | Duo Security