Risky Business #480 -- Uber, Kaspersky woes continue

PLUS: A look at the new OWASP top 10...
06 Dec 2017 » Risky Business

On this week’s show we’ll be having a look at the latest OWASP top 10. As many of you would know, the new list is out. A couple of items have been dropped and a couple of items have been introduced. But we’re really using this new top 10 as an excuse to have a broader chat about the top 10 and the OWASP mission more generally.

As you’ll hear, everyone seems to agree the list is a good thing, but maybe OWASP needs to sharpen its communication strategy a little to make itself more accessible to the developers it’s trying to help.

We’ll hear from OWASP Bristol chapter leader and Veracode consultant Katy Anton on that, as well as Safestack head honcho Laura Bell and penetration tester and founder of Matchme consulting Pam O’Shea.

This week’s show is brought to you by a first time sponsor, VMRAY. They make malware analysis software that’s very popular with CERTs, but I suspect a lot of listeners out there in IR will also be interested in what they’re doing. The core offering is a cloud malware analyser that isn’t public, so if you don’t want to fire off a sample to VirusTotal and let the bad guys know you’re on to them, VMRAY is a better option.

VMRAY didn’t actually get one of its staff into this week’s sponsor slot, it chose one of its users instead – Koen Van Impe. He pops along to talk through what he uses VMRAY for and to give us a bit of an overview of what it does.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Uber security executives leave company amid lawsuit and breach investigation
Proposed law would jail execs who fail to report data breaches – Naked Security
U.K. cyber agency tells government to handle Russian anti-virus software with caution
Former N.S.A. Employee Pleads Guilty to Taking Classified Information - The New York Times
Ex-NSA Hackers Worry China And Russia Will Try to Arrest Them - Motherboard
The US Should Modernize Election Systems to Prevent Hacking | WIRED
Russia Wants to Launch Backup DNS System by August 1, 2018
How DJI fumbled its bug bounty program and created a PR nightmare
DHS: Drone Maker "Likely" Helping China Spy on US
The EU Will Foot the Bill for VLC Player's Public Bug Bounty Program
Privacy regulator warns MPs over shared passwords - BBC News
SEC Halts a Silly Initial Coin Offering - Bloomberg
‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs | WIRED
Andromeda botnet mastermind arrested in Belarus, identified by his ICQ number
Hacked Password Service Leakbase Goes Dark — Krebs on Security
Dell, Other Vendors Start Shipping Laptops With Intel ME Firmware Disabled
Satori Botnet Has Sudden Awakening With Over 280,000 Active Bots
Cisco Patches Critical Playback Bugs in WebEx Players | Threatpost | The first stop for security news
Flaw Found In Dirty COW Patch | Threatpost | The first stop for security news
GitHub will soon warn developers of insecure dependencies, adds news feed, team chat and more
Man Hacks Jail Computer Network to Get Friend Released Early
Malware Detection & Malware Sandbox Analysis | VMRay
Securing Ethereum at Empire Hacking | Trail of Bits Blog
Careers at Fitbit