Risky Business #487 -- Guest Katie Moussouris on her recent Senate Subcommittee testimony

Plus Mark Maunder of Wordfence on challenges in the Wordpress ecosystem...
15 Feb 2018 » Risky Business

On this week’s show we’re going to chat with Katie Moussouris about her testimony before a Senate Subcommittee last week. She fronted a session on Consumer Protection, Product Safety, Insurance, and Data Security titled, “Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers. We’ll hear from her on how all that went and what she hopes the US government learned from the committee panel.

Also this week we’ll be hearing from Mark Maunder of Wordfence, that’s this week’s sponsor interview. Wordfence sells a Wordpress security plugin. There have been some interesting developments in the Wordpress world over the last week that are definitely worth covering. Wordpress actually pushed an update to core that actually disables future auto updates. Yikes.

We’ll find out how long that update was out, what percentage of the Wordpress ecosystem swallowed it, and we’ll also talk about about a couple of dysfunctional things happening in the Wordpress ecosystem.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

Researchers: We Found the Olympic-Disrupting Malware - Motherboard
Equifax says more private data was stolen in 2017 breach than first revealed | ZDNet
How a Low-Level Apple Employee Leaked Some of the iPhone's Most Sensitive Code - Motherboard
That mega-vulnerability Cisco dropped is now under exploit | Ars Technica
Two Bills Introduced to Ban US Government from Using Chinese Equipment
Highlights of the French cybersecurity strategy
Accused “In fraud we trust” kingpin arrested while vacationing in Thailand | Ars Technica
U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust — Krebs on Security
From July on, Chrome will brand plain old HTTP as “Not secure” | Ars Technica
Critical Telegram flaw under attack disguised malware as benign images | Ars Technica
Cryptocurrency Mining Hack That Compromised Thousands of Sites ‘Could Have Been a Catastrophe’ - Motherboard
BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million
XRballer comments on The Stolen XRB has already been Redistributed/Sold Off
‘BuckHacker’ Search Engine Lets You Easily Dig Through Exposed Amazon Servers - Motherboard
How a Tiny Startup Became the Most Important Hacking Shop You’ve Never Heard Of - Motherboard
European Cops Welcome Spy Vendor That Sold to Assad Regime - Motherboard
Intel releases new Spectre microcode update for Skylake; other chips remain in beta | Ars Technica
Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards | Intel Newsroom
Microsoft Rolls Out Windows Analytics Update to Aid Meltdown & Spectre Patching
Microsoft February Patch Tuesday Fixes 50 Security Issues
Until last week, you could pwn KDE Linux desktop with a USB stick • The Register
WordPress users – do an update now, and do it by hand! – Naked Security
Atlassian Security Engineering Team Lead | SmartRecruiters
Atlassian Sr. Manager of Global Security Engineering | SmartRecruiters
Speakers | WordCamp Atlanta 2018
Wordfence Signup - Wordfence
Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers - Hearings - U.S. Senate Committee On Commerce, Science, & Transportation