Risky Business #487 -- Guest Katie Moussouris on her recent Senate Subcommittee testimony

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we’re going to chat with Katie Moussouris about her testimony before a Senate Subcommittee last week. She fronted a session on Consumer Protection, Product Safety, Insurance, and Data Security titled, “Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers. We’ll hear from her on how all that went and what she hopes the US government learned from the committee panel.

Also this week we’ll be hearing from Mark Maunder of Wordfence, that’s this week’s sponsor interview. Wordfence sells a Wordpress security plugin. There have been some interesting developments in the Wordpress world over the last week that are definitely worth covering. Wordpress actually pushed an update to core that actually disables future auto updates. Yikes.

We’ll find out how long that update was out, what percentage of the Wordpress ecosystem swallowed it, and we’ll also talk about about a couple of dysfunctional things happening in the Wordpress ecosystem.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Risky Business #487 -- Guest Katie Moussouris on her recent Senate Subcommittee testimony
0:00 / 0:00

Show notes

Researchers: We Found the Olympic-Disrupting Malware - Motherboard

Equifax says more private data was stolen in 2017 breach than first revealed | ZDNet

How a Low-Level Apple Employee Leaked Some of the iPhone's Most Sensitive Code - Motherboard

That mega-vulnerability Cisco dropped is now under exploit | Ars Technica

Two Bills Introduced to Ban US Government from Using Chinese Equipment

Highlights of the French cybersecurity strategy

Accused “In fraud we trust” kingpin arrested while vacationing in Thailand | Ars Technica

U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust — Krebs on Security

From July on, Chrome will brand plain old HTTP as “Not secure” | Ars Technica

Critical Telegram flaw under attack disguised malware as benign images | Ars Technica

Cryptocurrency Mining Hack That Compromised Thousands of Sites ‘Could Have Been a Catastrophe’ - Motherboard

BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million

XRballer comments on The Stolen XRB has already been Redistributed/Sold Off

‘BuckHacker’ Search Engine Lets You Easily Dig Through Exposed Amazon Servers - Motherboard

How a Tiny Startup Became the Most Important Hacking Shop You’ve Never Heard Of - Motherboard

European Cops Welcome Spy Vendor That Sold to Assad Regime - Motherboard

Intel releases new Spectre microcode update for Skylake; other chips remain in beta | Ars Technica

Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards | Intel Newsroom

Microsoft Rolls Out Windows Analytics Update to Aid Meltdown & Spectre Patching

Microsoft February Patch Tuesday Fixes 50 Security Issues

Until last week, you could pwn KDE Linux desktop with a USB stick • The Register

WordPress users – do an update now, and do it by hand! – Naked Security

Atlassian Security Engineering Team Lead | SmartRecruiters

Atlassian Sr. Manager of Global Security Engineering | SmartRecruiters

Speakers | WordCamp Atlanta 2018

Wordfence Signup - Wordfence

Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers - Hearings - U.S. Senate Committee On Commerce, Science, & Transportation