Risky Business #505 -- Sanger vs FireEye, Reality Winner cops a plea

PLUS: Microsoft pushes mandatory 2FA, property settlement hacks escalate and MOAR...
27 Jun 2018 » Risky Business

No feature interview in this week’s show, we go long on news instead. Adam Boileau joins the podcast to talk through the week’s infosec news, including:

  • Confusion reigns in David Sanger vs FireEye spat
  • Reality Winner pleads guilty
  • PEXA property settlement platform users fleeced
  • US Supreme Court decides location info requires a warrant
  • The Apple unlock bug that wasn’t

This week’s show is brought to you by Thinkst Canary. Thinkst’s very own Marco Slaviero joins us in this week’s sponsor segment to talk about how some vendors are derping out when it comes to creating needlessly complicated “deception platforms”.

Links to everything are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

FireEye denies 'hack back' claims detailed in new book
Kim Zetter on Twitter: "I wonder if Congress will hold a hearing to discuss the issue of a private US company taking on the role of the NSA to hack foreign military computers. This raises a lot of issues about potential national security blowback when a private company inserts itself in state matters. https://t.co/fBbyxMwjLZ"
Kim Zetter on Twitter: "Sanger's description of what he says Mandiant did vs. what Mandiant says it did. Sanger implies he saw videos of Chinese hackers wearing leather jackets and undershirts - that's not in video Mandiant published. Are there other videos? Did Sanger misinterpret? So many questions. https://t.co/q60mrH7IPg"
Former NSA contractor Reality Winner accepts guilty plea for leaking classified report
Supreme Court: Police Need Warrant for Mobile Location Data — Krebs on Security
Bail Bond Company Let Bounty Hunters Track Verizon, T-Mobile, Sprint, and AT&T Phones for $7.50 - Motherboard
PEXA account compromise sees family lose home sale funds - Security - iTnews
MasterChef: Dani Venn homeless after hackers steal $250K
Microsoft Forcing Multi-Factor Authentication on Azure AD Admin Accounts
Police officer guilty of assault, perverting the course of justice
Apple corrects the record on reported iPhone vulnerability
Cops May Unlock iPhones Without a Warrant to Beat Apple's New Security Feature - Motherboard
Firefox is adding 'Have I Been Pwned' alerts
VirusTotal launches Monitor tool to fight false positives - CyberScoop
New WPA3 Wi-Fi Standard Released
Lawmakers urge Google to end partnership with China's Huawei
‘Tick’ espionage group is likely trying to hop air gaps, researchers say
Bithumb, South Korea's largest cryptocurrency exchange, loses $30 million to hackers
Unpatched Flaw Disclosed in WordPress CMS Core
I discovered a browser bug - JakeArchibald.com
Project Zero: Detecting Kernel Memory Disclosure – Whitepaper
The $5 Million Surveillance Car That Hacks iPhones From 500 Meters
Canary — know when it matters