Risky Business Podcast

August 22, 2018

Risky Business #510 -- Hacky hack hack

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show we’ll be running through the week’s security news, then diving right on in to a sponsor interview with Lauren Pearl of Trail of Bits. She’s joining us to talk about something Trail of Bits have been up to lately: adding features to open source software – and auditing open source software – on behalf of its customers.

I do have a feature interview this week, but it’s a long one so I’ll be breaking that out in to a separate podcast. It’s a nice long chat with Bob Lord, the CSO for the Democratic National Committee. You know, the guy who hid “the server”.

The news we’re covering this week:

  • Melbourne teenager hacky-hack hacks Apple
  • Facebook nukes Iranian and RU influence ops
  • Report: Sealed court order seeks Facebook Messenger E2E intercept
  • USG ditches PPD-20 equities process
  • A look at “Intrusion Truth” CN operator doxing ring
  • Microsoft kills RU phishing domains
  • PLUS MOAR

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #510 -- Hacky hack hack
0:00 / 0:00

Show notes

Melbourne teen hacked into Apple's secure computer network, court told

Apple reassures customers after Australian media reports hack by teen

Taking Down More Coordinated Inauthentic Behavior | Facebook Newsroom

Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East « Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East | FireEye Inc

Exclusive: U.S. government seeks Facebook help to wiretap Messenger - sources | Reuters

PPD-20 elimination opens arguments over how U.S. should conduct offensive hacking operations

Bobby Chesney on Twitter: "Glad the dual-hat seems likely to hang on for at least a while. With no brakes at NSC, & now change to PPD-20 reducing interagency vetting of offensive mil cyber ops, the deconfliction of T10 & T50 equities that happens organically w/the NSA/CYBERCOM dual-hat looms even larger.… https://t.co/XPvF7nbcLP"

China's National Cybersecurity Standards Considered a Risk for Foreign Firms

Meet 'Intrusion Truth,' the Mysterious Group Doxing Chinese Intel Hackers - Motherboard

Microsoft Just Took Down Six Phishing Domains The Russian Government Was Using To Target US Politics

Google Sued Over Misleading Location Tracking Setting

Gmail's Confidential Mode Lets You Send Self-Destructing Emails

Skype's End-to-End Encryption Goes Live

Hackers Made Half a Million Dollars Pretending They Watched You Watch Porn - Motherboard

Apple Cleans Chinese App Store of Thousands of Fake Apps

GoDaddy Revocation Disclosure - Google Groups

JavaScript Web Apps and Servers Vulnerable to ReDoS Attacks

GitHub - sola-da/ReDoS-vulnerabilities: A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.

Cloud Product Accidentally Exposes Users' TLS Certificate Private Keys

Zero-Day In Microsoft's VBScript Engine Used By Darkhotel APT

PHP Deserialization Issue Left Unfixed in WordPress CMS

Get an open-source security multiplier | Trail of Bits Blog