On this week’s show we’ll be running through the week’s security news, then diving right on in to a sponsor interview with Lauren Pearl of Trail of Bits. She’s joining us to talk about something Trail of Bits have been up to lately: adding features to open source software – and auditing open source software – on behalf of its customers.
I do have a feature interview this week, but it’s a long one so I’ll be breaking that out in to a separate podcast. It’s a nice long chat with Bob Lord, the CSO for the Democratic National Committee. You know, the guy who hid “the server”.
The news we’re covering this week:
- Melbourne teenager hacky-hack hacks Apple
- Facebook nukes Iranian and RU influence ops
- Report: Sealed court order seeks Facebook Messenger E2E intercept
- USG ditches PPD-20 equities process
- A look at “Intrusion Truth” CN operator doxing ring
- Microsoft kills RU phishing domains
- PLUS MOAR
Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.
- Melbourne teen hacked into Apple's secure computer network, court told
- Apple reassures customers after Australian media reports hack by teen
- Taking Down More Coordinated Inauthentic Behavior | Facebook Newsroom
- Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East « Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East | FireEye Inc
- Exclusive: U.S. government seeks Facebook help to wiretap Messenger - sources | Reuters
- PPD-20 elimination opens arguments over how U.S. should conduct offensive hacking operations
- Bobby Chesney on Twitter: "Glad the dual-hat seems likely to hang on for at least a while. With no brakes at NSC, & now change to PPD-20 reducing interagency vetting of offensive mil cyber ops, the deconfliction of T10 & T50 equities that happens organically w/the NSA/CYBERCOM dual-hat looms even larger.… https://t.co/XPvF7nbcLP"
- China's National Cybersecurity Standards Considered a Risk for Foreign Firms
- Meet 'Intrusion Truth,' the Mysterious Group Doxing Chinese Intel Hackers - Motherboard
- Microsoft Just Took Down Six Phishing Domains The Russian Government Was Using To Target US Politics
- Google Sued Over Misleading Location Tracking Setting
- Gmail's Confidential Mode Lets You Send Self-Destructing Emails
- Skype's End-to-End Encryption Goes Live
- Hackers Made Half a Million Dollars Pretending They Watched You Watch Porn - Motherboard
- Apple Cleans Chinese App Store of Thousands of Fake Apps
- GoDaddy Revocation Disclosure - Google Groups
- GitHub - sola-da/ReDoS-vulnerabilities: A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.
- Cloud Product Accidentally Exposes Users' TLS Certificate Private Keys
- Zero-Day In Microsoft's VBScript Engine Used By Darkhotel APT
- PHP Deserialization Issue Left Unfixed in WordPress CMS
- Get an open-source security multiplier | Trail of Bits Blog