Risky Business #485 -- Infosec startups overfunded, good exits unlikely

Kelly Shortridge joins the show to discuss disturbing investment trends...
31 Jan 2018 » Risky Business

On this week’s show we’re checking in with Kelly Shortridge and the topic is zombies. Not the botnet kind, the heavily-VC-backed kind.

A recent report from the Reuters news agency highlighted the amount of VC pouring into the so-called “cyber” industry vs the amount of money actually coming out of it in the form of profitable exits isn’t matching up. The industry is filling up with so-called zombie companies – they’ll never exit, but they’re not going to completely die, either.

As it turns out, Kelly recently did a presentation on precisely this topic, so in this week’s feature we get her take on why this is happening and what’s likely to change. The tl;dr is something will have to give in the next couple of years, and it’s going to be ugly.

In this week’s sponsor interview we check in with Jordan Wright of Duo Security. Jordan has done some research into phishing kits. While phishing isn’t the sexiest topic, the team at Duo has actually done some pretty comprehensive research here – they looked at thousands of kits and pulled out some interesting stats.

We’ll talk to him about that, and also about the likelihood that U2F hardware will soon be baked into consumer devices. That’s really going to change things in years to come.

Adam Boileau, as always, pops in to discuss the week’s news. We cover the:

  • Strava heatmap
  • Dutch infiltration of Cozy Bear
  • Possible nationalisation of the US 5G network on security grounds
  • Microsoft disabling Intel Spectre patches
  • Google’s Chronicle announcement
  • US$400m Cyptocurrency ownage
  • MOAR

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

Strava Data Heat Maps Expose Military Base Locations Around the World | WIRED
Strava’s heatmap data lets anyone see the names of people exercising on military bases | WIRED UK
“Heatmap” for social athlete’s app reveals secret bases, secret places | Ars Technica
Dutch Spies Snooped on Russia's Elite Hackers, and More Security News This Week | WIRED
To counter China, White House memo suggests a nationalized 5G network | Ars Technica
Microsoft rushes Windows patch disabling Intel’s Spectre fixes due to instability
Intel: Meltdown, Spectre silicon fixes coming 2018; 3D XPoint RAM, not so much | Ars Technica
Chronicle: A Meteor Aimed At Planet Threat Intel? — Krebs on Security
Two new cryptocurrency heists make off with over $400M worth of blockchange | Ars Technica
Ethereum Startup Vanishes After Seemingly Making $11, Leaves Message: ‘Penis’ - Motherboard
Now even YouTube serves ads with CPU-draining cryptocurrency miners | Ars Technica
New Ads Policy: Improving Integrity and Security of Financial Product and Services Ads | Facebook Business
Drugs Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US — Krebs on Security
U.S. economy could lose billions if attack shut down major cloud providers, report says
DNC hires first ever CSO ahead of 2018 midterms
Huawei loses another carrier deal as spying fears impede its US growth | Ars Technica
DCShadow explained – Alsid blog
Cisco patches a perfect 10.0 'critical' flaw in its popular security appliance
Oracle issues patches for 10 'virtual machine escape' flaws in VirtualBox
Under threat: Cyber security startups fall on harder times
Phish in a Barrel