Risky Business #480 -- Uber, Kaspersky woes continue

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we’ll be having a look at the latest OWASP top 10. As many of you would know, the new list is out. A couple of items have been dropped and a couple of items have been introduced. But we’re really using this new top 10 as an excuse to have a broader chat about the top 10 and the OWASP mission more generally.

As you’ll hear, everyone seems to agree the list is a good thing, but maybe OWASP needs to sharpen its communication strategy a little to make itself more accessible to the developers it’s trying to help.

We’ll hear from OWASP Bristol chapter leader and Veracode consultant Katy Anton on that, as well as Safestack head honcho Laura Bell and penetration tester and founder of Matchme consulting Pam O’Shea.

This week’s show is brought to you by a first time sponsor, VMRAY. They make malware analysis software that’s very popular with CERTs, but I suspect a lot of listeners out there in IR will also be interested in what they’re doing. The core offering is a cloud malware analyser that isn’t public, so if you don’t want to fire off a sample to VirusTotal and let the bad guys know you’re on to them, VMRAY is a better option.

VMRAY didn’t actually get one of its staff into this week’s sponsor slot, it chose one of its users instead – Koen Van Impe. He pops along to talk through what he uses VMRAY for and to give us a bit of an overview of what it does.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #480 -- Uber, Kaspersky woes continue
0:00 / 0:00

Show notes

Uber security executives leave company amid lawsuit and breach investigation

Proposed law would jail execs who fail to report data breaches – Naked Security

U.K. cyber agency tells government to handle Russian anti-virus software with caution

Former N.S.A. Employee Pleads Guilty to Taking Classified Information - The New York Times

Ex-NSA Hackers Worry China And Russia Will Try to Arrest Them - Motherboard

The US Should Modernize Election Systems to Prevent Hacking | WIRED

Russia Wants to Launch Backup DNS System by August 1, 2018

How DJI fumbled its bug bounty program and created a PR nightmare

DHS: Drone Maker "Likely" Helping China Spy on US

The EU Will Foot the Bill for VLC Player's Public Bug Bounty Program

Privacy regulator warns MPs over shared passwords - BBC News

SEC Halts a Silly Initial Coin Offering - Bloomberg

‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs | WIRED

Andromeda botnet mastermind arrested in Belarus, identified by his ICQ number

Hacked Password Service Leakbase Goes Dark — Krebs on Security

Dell, Other Vendors Start Shipping Laptops With Intel ME Firmware Disabled

Satori Botnet Has Sudden Awakening With Over 280,000 Active Bots

Cisco Patches Critical Playback Bugs in WebEx Players | Threatpost | The first stop for security news

Flaw Found In Dirty COW Patch | Threatpost | The first stop for security news

GitHub will soon warn developers of insecure dependencies, adds news feed, team chat and more

Man Hacks Jail Computer Network to Get Friend Released Early

Malware Detection & Malware Sandbox Analysis | VMRay

Securing Ethereum at Empire Hacking | Trail of Bits Blog

Careers at Fitbit