Risky Business Podcast

September 05, 2018

Risky Business #512 -- Five Eyes nations send clear message on encryption

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • Five Eyes nations send a clear message on encryption
  • Massive Azure outage
  • FBI releases political campaign security guidance
  • Google wants to kill the URL
  • MEGA.nz plugin owned sideways
  • Final “Celebgate” hacker sentenced
  • Google launches font fuzzing tool
  • Chinese-made Google/Feitian U2F keys under scrutiny
  • Some interesting TPM research
  • MUCH MORE

This week’s podcast is brought to you by AttackIQ.

AttackIQ founder Stephan Chenette will be along in this week’s sponsor interview to talk to us about a few things – the MITRE attack matrix being one. He’ll also share with us his view that EDR is the most commonly misconfigured security technology he sees out there, and he has pretty good visibilty into things like that because AttackIQ, of course, makes attack simulation software designed to measure the efficacy of these types of solutions.

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #512 -- Five Eyes nations send clear message on encryption
0:00 / 0:00

Show notes

Five Eyes’ data access warning - InnovationsAus.com

Patrick Gray on Twitter: "Five Eyes officially warns the tech world: build interception capabilities voluntarily or we’ll legislate. https://t.co/XEbzKSliId… https://t.co/ax5mDE7buw"

Statement of Principles on Access to Evidence and Encryption

Azure status

FBI to political campaigns: Up your 'cyber hygiene' - ABC News

Protected Voices — FBI

Google Wants to Kill the URL | WIRED

MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys | ZDNet

Germany launches new cybersecurity research agency modeled after DARPA

Fourth man receives prison sentence in 'Celebgate' photo leak

Google open-sources internal tool for finding font-related security bugs | ZDNet

Experts Call for Transparency Around Google’s Chinese-Made Security Keys - Motherboard

Google Notifies People Targeted by Secret FBI Investigation - Motherboard

Public IP Addresses of Tor Sites Exposed via SSL Certificates

Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day

Researchers Detail Two New Attacks on TPM Chips

New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers | ZDNet

Two Birds, One STONE PANDA

Xipiter/Senrio exploitation training

MITRE ATT&CK Module