Risky Business #497 -- Silvio's greatest hits

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week’s Risky Business is kind of going back to its roots a bit. As much as we love talking about policy and the intersection of cyber security with global affairs, sometimes it pays to remember that computer security is actually about computers.

With that in mind this week we’ve got two fantastic interviews for you. We’ll be chatting with Dr. Silvio Cesare in this week’s feature interview. Silvio’s dusted off his bug hunting hat and he’s taken to Twitch-streaming his auditing sessions. Dave Aitel described watching Silvio’s Twitch stream as like seeing a Titan ransack a small Greek village. Five months, 100 bugs, 50 of them in kernel stuff.

He’s doing this for a couple of reasons – he wants to show people how it’s done, and he wants people to realise there are still lots of bugs out there to be found. We’ll chat to him about that in this week’s feature.

This week’s sponsor interview is with another old school hacker, Stephen Ridley. Stephen is the founder of Senrio, which is technically an IoT security play, but the thing is the tech he’s developed has turned out to be useful for all sorts of other stuff too.

Senrio is another one of those hacker-led startups in the spirit of Duo Security or Thinkst Canary. Stephen is a really well respected guy and this week he’s joining us to talk about a bunch of stuff. A lot of it is related to the unexpected uses for Senrio’s monitoring platform. He built a classifier for network-connected devices as a part of Senrio’s IoT security platform, and it turns out it’s actually running rings around a bunch of Enterprise Asset Management tools. People are actually using his IoT security monitoring solution to do asset management and figure out install gaps for their EDR solutions.

Totally not what he intended people to use it for, but hey, a win’s a win. So Stephen joins us this week to talk about that, also to talk about recent developments in the IoT space and really a bunch more stuff.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Risky Business #497 -- Silvio's greatest hits
0:00 / 0:00

Show notes

Amazon Web Services starts blocking domain-fronting, following Google’s lead - The Verge

Iran blocks Telegram, pushes replacement with “Death to America” emoji | Ars Technica

Chinese Authorities Accidentally Admit to Accessing Deleted WeChat Messages

As two Koreas shake hands, Hidden Cobra hackers wage espionage campaign | Ars Technica

North Korea's Elites Are Ditching Facebook for Chinese Social Networks

After data “clash” report, WhatsApp founder says he’s leaving Facebook | Ars Technica

Can This System of Unlocking Phones Crack the Crypto War?

Ray Ozzie’s plan for unlocking encrypted phones gets a chilly reception | Ars Technica

Matthew Green on Twitter: "This article on WhatsApp suggests that WhatsApp might be weakening its encryption, but doesn’t give any details. That’s pretty worrying. https://t.co/2LfWeqMMPt https://t.co/3n8GDxVLcT"

Tens of Thousands of Malicious Apps Using Facebook APIs | Threatpost | The first stop for security news

Intel Committee blasts FBI for not notifying Russian hacking victims - Cyberscoop

Startup Offers $3 Million to Anyone Who Can Hack the iPhone - Motherboard

This Russian Company Sells Zero-Day Exploits for Hospital Software - Motherboard

Google and Microsoft ask Georgia governor to veto 'hack back' bill

Joy Reid Blames Hackers, Just Like Everyone Else | WIRED

Security Trade-Offs in the New EU Privacy Law — Krebs on Security

A One-Minute Attack Let Hackers Spoof Hotel Master Keys | WIRED

Volkswagen and Audi Cars Vulnerable to Remote Hacking

Charlie Miller on Twitter: "Cool new research out on car hacking: https://t.co/sZ2v0GpwWy. Hang on or mute as I'll give my thoughts on it."

Lojack Becomes a Double-Agent

Europol shuts down one of the largest DDoS marketplaces in the world - CyberScoop

Police Have Seized Revenge Porn Site Anon-IB - Motherboard

Chinese Police Arrest 15 People Who Hid Malware Inside PUBG Cheat Apps

GitHub Accidentally Recorded Some Plaintext Passwords in Its Internal Logs

Starting Today, Google Chrome Will Show Warnings for Non-Logged SSL Certificates

Long Prison Sentence for Man Who Hacked Jail Computer System to Bust Out Friend

State threat-sharing center warns of multiple PHP vulnerabilities - CyberScoop

Escalating Privileges with CylancePROTECT — Atredis Partners

Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch

silviocesare - Twitch

Senrio