On this week’s show we’re going to chat with Katie Moussouris about her testimony before a Senate Subcommittee last week. She fronted a session on Consumer Protection, Product Safety, Insurance, and Data Security titled, “Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers. We’ll hear from her on how all that went and what she hopes the US government learned from the committee panel.
Also this week we’ll be hearing from Mark Maunder of Wordfence, that’s this week’s sponsor interview. Wordfence sells a Wordpress security plugin. There have been some interesting developments in the Wordpress world over the last week that are definitely worth covering. Wordpress actually pushed an update to core that actually disables future auto updates. Yikes.
We’ll find out how long that update was out, what percentage of the Wordpress ecosystem swallowed it, and we’ll also talk about about a couple of dysfunctional things happening in the Wordpress ecosystem.
The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.
Show notes
- Researchers: We Found the Olympic-Disrupting Malware - Motherboard
- Equifax says more private data was stolen in 2017 breach than first revealed | ZDNet
- How a Low-Level Apple Employee Leaked Some of the iPhone's Most Sensitive Code - Motherboard
- That mega-vulnerability Cisco dropped is now under exploit | Ars Technica
- Two Bills Introduced to Ban US Government from Using Chinese Equipment
- Highlights of the French cybersecurity strategy
- Accused “In fraud we trust” kingpin arrested while vacationing in Thailand | Ars Technica
- U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust — Krebs on Security
- From July on, Chrome will brand plain old HTTP as “Not secure” | Ars Technica
- Critical Telegram flaw under attack disguised malware as benign images | Ars Technica
- Cryptocurrency Mining Hack That Compromised Thousands of Sites ‘Could Have Been a Catastrophe’ - Motherboard
- BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million
- XRballer comments on The Stolen XRB has already been Redistributed/Sold Off
- ‘BuckHacker’ Search Engine Lets You Easily Dig Through Exposed Amazon Servers - Motherboard
- How a Tiny Startup Became the Most Important Hacking Shop You’ve Never Heard Of - Motherboard
- European Cops Welcome Spy Vendor That Sold to Assad Regime - Motherboard
- Intel releases new Spectre microcode update for Skylake; other chips remain in beta | Ars Technica
- Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards | Intel Newsroom
- Microsoft Rolls Out Windows Analytics Update to Aid Meltdown & Spectre Patching
- Microsoft February Patch Tuesday Fixes 50 Security Issues
- Until last week, you could pwn KDE Linux desktop with a USB stick • The Register
- WordPress users – do an update now, and do it by hand! – Naked Security
- Atlassian Security Engineering Team Lead | SmartRecruiters
- Atlassian Sr. Manager of Global Security Engineering | SmartRecruiters
- Speakers | WordCamp Atlanta 2018
- Wordfence Signup - Wordfence
- Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers - Hearings - U.S. Senate Committee On Commerce, Science, & Transportation
