Risky Business #513 -- The DPRK indictment, BA gets owned, Webauthn issues and more [CORRECTED]

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

[**PLEASE SEE BELOW FOR A CORRECTION**]

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • The DPRK indictment and subsequent fall out
  • British Airways gets owned
  • Webauthn hits some roadblocks
  • The latest action from Washington DC
  • Trend Micro has a bad time
  • Tesla pays out for key-fob clone attack
  • Tor browser 0day hits Twitter
  • Much, much more

We’ve got a great sponsor interview for you this week – we’ll be joined by Haroon Meer of Thinkst Canary. They did something unusual over the last couple of weeks – they removed a feature in their Canary product. We’ll be talking about that, and also about the tendency for security software to be too complicated and configurable.

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

CORRECTION:

The original release of this podcast included discussion of some rumours that turned out to amount to nothing. We had mentioned three data points:

  • The CISO of American Airlines, Dan Glass, departing a few weeks ago
  • Someone I know had their AA/Citi credit card re-issued, despite saying they only ever used that card to buy AA fares
  • A rumour an FBI computer crime investigator is on site at American Airlines

Well, it turns out Dan Glass is a listener, and he got in touch with us after the podcast ran to clear this up. He says the reason he left is actually because AA was offering some very attractive redundancy packages. Following AA’s merger with US Airways the combined group eventually found itself in the position of having too many executives. As many listeners will know, being a CISO is a pretty hardcore job so Dan jumped at the chance to bounce out and have some time off.

As for the FBI being on-site, Dan says that’s not unusual. They’re one of the largest airlines in the world so they’re frequently liaising with LE. As for my pal’s card getting re-issued… who knows?

The point is it looks like these rumours and data points don’t actually add up to much. This is why I rarely run rumour in the podcast and at least try to do some verification. In this case I just didn’t have time, but still, I just should have just held it over until I’d had a chance to make some basic enquiries. It was sloppy. Sorry.

In particular I’d like to apologise to the fraud teams who may have been asked to follow this up, the PR teams who’ve no doubt been fielding questions about this and also to Dan Glass. Although, it must be said Dan and I had a very nice chat and he didn’t seem upset. Thanks for being a chiller, Dan!

Again, I’m sorry. I’ll do better in the future.

Pat

Risky Business #513 -- The DPRK indictment, BA gets owned, Webauthn issues and more [CORRECTED]
0:00 / 0:00

Show notes

U.S. charges North Korean hacker over Sony, WannaCry incidents

US indicts North Korean agent for WannaCry, Sony attacks [Updated] | Ars Technica

Analysts expect Lazarus Group to evolve, clean up opsec

Don't Punish A North Korean Hacker Just For Following Orders

The North Korean Hacker Charges: Line-Drawing as a Necessary but not Sufficient Part of Deterrence - Lawfare

British Airways breach caused by the same group that hit Ticketmaster | ZDNet

Card-Skimming Malware Campaign Hits Dozens of Sites Daily

Worries arise about security of new WebAuthn protocol | ZDNet

A call for principle-based international agreements to govern law enforcement access to data - Microsoft on the Issues

Exclusive: Trump to target foreign meddling in U.S. elections with sanctions order - sources | Reuters

House passes deterrence bill that would call out nation-state hackers

First IoT security bill reaches governor's desk in California | ZDNet

DHS supply chain and CDM bills pass the House

Former Facebook security chief Alex Stamos: Being a CSO can be a ‘crappy job’ | TechCrunch

Alex Stamos: Pretty clear GRU's goal was to weaken a future Clinton presidency | ZDNet

'We simply haven't done enough': Facebook and Twitter execs testify on foreign influence campaigns

Trend Micro blames data collection issue on code library re-use

Apple Removes Top Security App For Stealing Data and Sending it to China

Tesla offers 'goodwill' to security researchers hacking its cars

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob | WIRED

U.S. extradites Russian accused in hack of JPMorgan Chase

Standard to protect against BGP hijack attacks gets first official draft | ZDNet

Exploit Affecting Tor Browser Burned In A Tweet

Exploit vendor drops Tor Browser zero-day on Twitter | ZDNet

Tor launches official anonymous Android browser

US government releases post-mortem report on Equifax hack | ZDNet

GAO-18-559, DATA PROTECTION: Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach

Thinkst Canary on Twitter: "This week we totally announced an un-feature. We are removing SNMP as an available service on Canaries. (Turns out its signal to noise ratio is terribad, and everyone we’ve ever caught through SNMP also tripped over other services too)… https://t.co/kiNx6GZPtj"