Risky Business #520 -- Tanya Janca talks security in the curriculum

PLUS all the week's security news with Adam Boileau...
31 Oct 2018 » Risky Business

We’ve got a great podcast for you this week. Tanya Janca will be talking about some volunteer work she’s been doing with a Canadian government panel on getting security content into children’s school curriculums.

In this week’s sponsor interview we’ll be talking with Ferruh Mavituna of Netsparker.

They launched Netsparker Cloud a while ago so now they have some decent telemetry I wanted to ask Ferruh what he’s found surprising now he’s sitting on a mountain of scan results. The types of bugs being turned up aren’t really a surprise, but the extent to which old software is a problem was actually pretty surprising to him. He knew it was bad, he says, but he didn’t know it’s this bad.

Adam Boileau, as usual, joins the show this week to talk about all the week’s security news:

  • More Chinese MSS officers indicted by the US DoJ
  • ASD chief speaks publicly on 5G Huawei ban
  • China playing funny buggers with BGP
  • Russia is still messing with the US during the midterms
  • Facebook boots more Iranian influence pages
  • New privacy features in Signal
  • Plus much, much more!

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years | OPA | Department of Justice
U.S. charges Chinese intelligence officers for jet engine data hack
Huawei's ban to 5G network 'supported by technical advice', spy agency chief says - ABC News (Australian Broadcasting Corporation)
Canadian security boss ain't afraid of no Huawei, sees no reason for ban • The Register
US bans exports to Chinese DRAM maker citing national security risk | ZDNet
China has been 'hijacking the vital internet backbone of western countries' | ZDNet
Russia Is Meddling In The Midterms. The White House Just Isn't Talking About It.
The Crisis of Election Security - The New York Times
DHS: Election officials inundated, confused by free cyber-security offerings | ZDNet
Facebook removes more Iran-linked accounts, this time targeting the US & UK | ZDNet
We posed as 100 senators to run ads on Facebook. Facebook approved all of them. – VICE News
NYT: Chinese and Russian spies routinely eavesdrop on Trump’s iPhone calls | Ars Technica
North Korea blamed for two cryptocurrency scams, five trading platform hacks | ZDNet
New Signal privacy feature removes sender ID from metadata | Ars Technica
Windows Defender becomes first antivirus to run inside a sandbox | ZDNet
Pakistani bank denies losing $6 million in country's 'biggest cyber attack' | ZDNet
Many CMS plugins are disabling TLS certificate validation... and that's very bad | ZDNet
Twelve malicious Python libraries found and removed from PyPI | ZDNet
How ‘Mr. Hashtag’ Helped Saudi Arabia Spy on Dissidents - Motherboard
Government Spyware Vendor Left Customer, Victim Data Online for Everyone to See - Motherboard
Apple's T2 Security Chip Makes It Harder to Tap MacBook Mics | WIRED
Microsoft Windows zero-day disclosed on Twitter, again | ZDNet
Digital DASH – ICTC - Focus on Information Technology (FIT)