Risky Business Podcast
November 29, 2017
Risky Business #479 -- Oh, Uber. Oh, Apple.
Presented by
CEO and Publisher
Technology Editor
On this week’s show we’re speaking with Susan Hennessey, a Fellow in National Security in Governance Studies at the Brookings Institution and managing editor of Lawfare. We’re talking to her about cross-border law enforcement in the Internet age.
We hear a lot of people in the infosec community expressing some discomfort with the FBI’s use of Network Investigative Techniques designed to de-cloak Tor users. Susan pops by to explain why the FBI and other law enforcement bodies aren’t worried about the international ramifications of dropping de-cloaking technique on the whole planet.
We also cover off a few of the other issues around how data can be turned over to various governments. It’s a fascinating chat and it’s coming up after the news.
This week’s show is brought to you by Tenable Security. In this week’s sponsor slot we’ll be hearing from Ray Komar, Tenable’s VP of technical alliances. We’re talking to Ray about a partnership Tenable has formed with Siemens. They’re trying to tackle the issue of tracking vulnerabilities in industrial control system equipment, but as you’ll hear, people aren’t actually buying it so much for the vulnerability tracking side, they’re buying it for the visibility side. It turns out dropping a passive scanner on your ICS network is a good way to know what’s actually ON your ICS network.
As always, Adam Boileau pops in to discuss the security news. We cover:
- The Uber hack
- Apple’s comedy “root” bug
- Krebs on possible Shadowbrokers link
- Charges against more Chinese APT operators and Iranian HBO attacker
- More “hack back” legislation action
- Intel ME bug details
- Golden SAML
- MOAR
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
Brought to you by Tenable Security
Comprehensive Cybersecurity and Exposure Management
Show notes
Uber Hid 57-Million User Data Breach For Over a Year | WIRED
Lawmakers demand answers from Uber after massive data breach - Cyberscoop
Apple MacOS High Sierra Security Flaw Lets Anyone Get Root Access, No Password Required | WIRED
DOJ reveals indictment against Chinese cyber spies that stole U.S. business secrets
China hides homegrown hacks from its vulnerability disclosure process
Feds Indict Iranian for HBO Hack—But Extradition Isn't Likely | WIRED
Guilty plea for Canadian charged in 2014 Yahoo hacking case
Rep. Graves: 'Active defense' bill will launch a new industry
Intel Management Engine Flaws Leave Millions of PCs Exposed | WIRED
mjg59 | Potential impact of the Intel ME vulnerability
Researcher discovers classified Army intel app, data on open public AWS bucket | Ars Technica
How Bots Broke the FCC's Public Comment System During the Net Neutrality Debate | WIRED
Fund Targets Victims Scammed Via Western Union — Krebs on Security
No Patch Available for RCE Bug Affecting Half of the Internet's Email Servers
Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps - CyberArk