Risky Business #506 -- How security teams can work with PR

Tell the world about all your great work!
04 Jul 2018 » Risky Business

On this week’s show we’re chatting with a PR pro who specialises in information security. Melanie Ensign currently works at Uber, but she also served as a security PR for Facebook and before that, AT&T. She drops in this week to talk about how you can work with the PR professionals in your organisation to help tell your security story to the wider world. She also has some great tips for infosec professionals who might be a bit nervous about dealing with journalists.

In this week’s sponsor interview we’re joined by Julian Fay, the CTO of Senetas.

Senetas has a long history of making layer 2 network encryptors, but they are branching out in all sorts of ways these days. One thing they’re doing now is working on approaches to network encryption that play nicely with software-defined WAN. The days of hauling all your network traffic back to a single choke point are numbered – Julian thinks in the near future you’ll have some sort of CPE device that actually implements different types of encryption on different types of traffic crossing your border. So, Senetas has actually built that gear and we’ll be hearing about why.

Adam Boileau joins the show to talk about the week’s security news:

  • Some very cool LTE research
  • Equifax manager charged with insider trading
  • Ticketmaster’s bad week
  • The US DoD’s very own app store
  • Weird, maybe, possibly-but-probably-not OPM-related fraud
  • MOAR Rowhammer stuff affecting ‘droid handsets

Links to everything are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

Show notes

LTE wireless connections used by billions aren’t as secure as we thought | Ars Technica
SEC.gov | Former Equifax Manager Charged With Insider Trading
Trump calls out NSA for deleting data: Here are the facts - CBS News
Startup bank Monzo: We warned Ticketmaster months ago of site fraud • The Register
Ticketmaster UK trades blame with chat app provider over payment data breach
Bill would call on White House to develop its own list of APT groups
Private sector isn’t sharing data with DHS’s threat portal
U.S. poised to deny China Mobile access to American market due to spying fears
How the Pentagon Keeps Its App Store Secure | WIRED
Lawmakers demand answers in wake of strange OPM identity fraud lawsuit
DNC pushes employees, campaigns to embrace email security habits ahead of midterms
Feds Pose as Cryptocurrency Money Launderer to Bust Alleged Dark Web Dealers - Motherboard
Cryptocurrency Transactions May Uncover Sales of Shadow Broker Hacking Tools - Motherboard
DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident
Brave browser adds private tabs with Tor for 'enhanced privacy protection'
Rash of Fortnite cheaters infected by malware that breaks HTTPS encryption | Ars Technica
New RAMpage exploit revives Rowhammer attack to root Android devices | Ars Technica
adidas - adidas alerts certain consumers of potential data security incident
Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records | WIRED
Sadly, Ross Ulbricht's Case Will Not Be Heard by the Supreme Court - Hit & Run : Reason.com
Two Zero-Day Exploits Found After Someone Uploaded 'Unarmed' PoC to VirusTotal
Gentoo GitHub organization hacked - partially resolved - Gentoo infrastructure status
Samsung Investigates Claims of Spontaneous Texting of Images to Contacts | The first stop for security news | Threatpost
Senetas - a leading provider of high-assurance encryption
Risky Biz Annual Black Hat Party w/ Signal Sciences, Remediant and Bugcrowd Tickets, Tue, Aug 7, 2018 at 7:00 PM | Eventbrite