Risky Business #522 -- Alex Stamos co-hosts the show, reflects on Snowden disclosures

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We’ve got a slightly different edition of the show this week – Alex Stamos is filling in for Adam Boileau this week in the news slot.

Most of you know him as Facebook’s recently departed chief security officer. Alex also served as the CSO at Yahoo for a time, but his security career stretches back a long way. He co-founded iSEC Partners back in 2004, and before that he did some time with @Stake.

The @Stake mafia is everywhere.

These days Alex is an adjunct professor at Stanford University. He joined me to talk about the week’s security news, as well as to have a chat about the Edward Snowden disclosures, five years on.

This week’s show is brought to you by Thinkst Canary, big thanks to them for that. And instead of one of their staff being on the show this week in the sponsor chair, they asked me to interview this week’s sponsor guest, their customer, Mike Ruth, a security engineer with Cruise Automation.

Mike did a presentation at a conference called QCon recently all about automating the deployment of canary tokens at scale using some nifty CI/CD tricks. He’ll be joining us after the news to tell us all about that.

Items discussed in this week’s news:

  • NSO Group busted to selling to Saudi Arabia
  • NSO malware targets Mexican journalists
  • Edward Snowden claims NSO connection in Khashoggi case
  • Australia’s AA Bill latest
  • npm supply-chain attack targets Bitcoiners
  • Guardian reports Manafort met Assange, denials, lawsuits flying already
  • UK parliament seizes Facebook documents
  • Uber fined over 2016 breach coverup
  • UK cops decline to charge bug reporter
  • USPS finally fixes data exposure after Krebs intervention
  • Rowhammer attack bypasses ECC protections
  • Bloomberg is investigating its own reporting on Supermicro
  • Magecart is everywhere
  • Google, Mozilla plan browser access to file systems

Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.

Risky Business #522 -- Alex Stamos co-hosts the show, reflects on Snowden disclosures
0:00 / 0:00

Show notes

Israeli hacking firm NSO Group offered Saudis cellphone spy tools - report | The Times of Israel

Edward Snowden: Israeli spyware was used to track and eventually kill Jamal Khashoggi | Business Insider

A Journalist Was Killed in Mexico. Then His Colleagues Were Hacked. - The New York Times

Home Affairs attempts to allay concerns about Australian exporters for encryption-busting Bill | ZDNet

Widely used open source software contained bitcoin-stealing backdoor | Ars Technica

I don't know what to say. · Issue #116 · dominictarr/event-stream · GitHub

Manafort held secret talks with Assange in Ecuadorian embassy, sources say | US news | The Guardian

UK parliament seizes cache of internal Facebook documents to further privacy probe | TechCrunch

Uber fined $1.17 million by U.K., Dutch authorities for 2016 breach

UK cops won't go after researcher who reported security issue to York city officials | ZDNet

USPS Site Exposed Data on 60 Million Users — Krebs on Security

Potentially disastrous Rowhammer bitflips can bypass ECC protections | Ars Technica

Bloomberg is still reporting on challenged story regarding China hardware hack - The Washington Post

Magecart group hilariously sabotages competitor | ZDNet

Amazon admits it exposed customer email addresses, but refuses to give details | TechCrunch

Google, Mozilla working on letting web apps edit files despite warning it could be 'abused in terrible ways' - TechRepublic

Germany proposes router security guidelines | ZDNet

Half of all Phishing Sites Now Have the Padlock — Krebs on Security

The Snowden Legacy, part one: What’s changed, really? | Ars Technica

QConSF18 - Canaries - Google Drive

Canary — know when it matters