Risky Business #478 -- Why a "Digital Geneva Convention" won't work

PLUS: Facebook wants yer nudes...
15 Nov 2017 » Risky Business

On this week’s show we check in with Mara Tam. She’ll be telling us why the idea of a so-called “Digital Geneva Convention” is silly.

Then, after that, Rich Smith of Duo Security will be in the sponsor chair.

You may have heard about some recent research Duo Labs did into Apple EFI patches basically not working/sticking. Rich walks us through that research, why Duo did it, how they did it, and what it can tell us. It might be Mac research but the real worry, as you’ll hear, is around Wintel firmware.

Adam Boileau pops by for this week’s news discussion. We’ll be covering:

  • Facebook’s plan to combat “non-consensual intimate imagery”
  • Wikileaks Vault8 leaks
  • Assange sending a “guessed” password to Donald Trump Jnr
  • NYTimes reports on the Shadowbears
  • Cracking FaceID with a rubber mask
  • MOAR

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Facebook Workers, Not an Algorithm, Will Look at Volunteered Nude Photos First to Stop Revenge Porn
The Facts: Non-Consensual Intimate Image Pilot | Facebook Newsroom
If Facebook Actually Wants to Be Transparent, It Should Talk to Journalists - Motherboard
WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools - Motherboard
Donald Trump Jr. and WikiLeaks Talking Privately on Twitter Makes Perfect Sense | WIRED
WikiLeaks on Twitter: "New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company https://t.co/EvE8GdyAmM https://t.co/geigDgIDsk"
Donald Trump Jr. on Twitter: "Here is the entire chain of messages with @wikileaks (with my whopping 3 responses) which one of the congressional committees has chosen to… https://t.co/4C0d2vBOkq"
Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core - The New York Times
Hackers say they broke Apple’s Face ID. Here’s why we’re not convinced | Ars Technica
Hackers Say Plastic Surgeon to the Stars Hacked Back at Them
Uber drivers in Lagos, Nigeria use fake Lockito app to boost fares — Quartz
CEO who presided over Mt. Gox’s collapse could end up with massive profits | Ars Technica
Google Begins Removing Play Store Apps Misusing Android Accessibility Services | Hackbusters
OnePlus inadvertently left a backdoor on its phones
Muslim activists hack Isis mailing list hours after terrorists claimed it was unhackable | The Independent
This AI Bot That Messes With Email Scammers As Long As Possible Is Brilliant - Digg
The FBI Blindly Hacked Computers in Russia, China, and Iran
Huddle's 'highly secure' work tool exposed KPMG and BBC files - BBC News
Microsoft Provides Guidance on Mitigating DDE Attacks | Threatpost | The first stop for security news
How AV can open you to attacks that otherwise wouldn’t be possible | Ars Technica
Cryptojacking craze that drains your CPU now done by 2,500 sites | Ars Technica
Crooks sending fake Apple emails in order to unlock stolen iPhones
Hacker Wannabes Fooled by Backdoored IP Scanner
Cyber Security | Global Cyber Security Services Provider
About the security content of iOS 11 - Apple Support
Microsoft's Smith adds 'cyber Red Cross' to his 'digital Geneva Convention' call
thinkst Thoughts...: A Geneva convention, for Software
thinkst Thoughts...: On anti-patterns for ICT security and international law
The need for a Digital Geneva Convention - Microsoft on the Issues
The Apple of Your EFI: Mac Firmware Security Research | Duo Security