Risky Business #524 -- Huawei CFO arrested, US Government dumps on Equifax

PLUS: Australia's surveillance bill becomes law...
12 Dec 2018 » Risky Business

This is the last weekly Risky Business podcast for 2018. We’ll be posting a Soap Box edition early next week then going on break until January 9.

In this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:

  • Huawei’s CFO arrested over sanctions violations
  • BT in the UK removes Huawei equipment from 4G network
  • Australia passes controversial surveillance law
  • US House Oversight Committee blasts Equifax in scathing report
  • Bloomberg plays word-games on Super Micro story
  • MOAR

This week’s show is sponsored by Bugcrowd. In this week’s sponsor interview Bugcrowd’s CTO and founder Casey Ellis tells us why his company is launching “pay for effort” products to run alongside bounty programs.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US, China executives grow wary about travel after Huawei arrest
Canadian court grants bail to CFO of China's Huawei | Reuters
Michael Kovrig: Canadian ex-diplomat 'held in China' - BBC News
BT removing Huawei equipment from parts of 4G network | Technology | The Guardian
China's cyber-espionage against U.S. is 'more audacious,' NSA official says amid Huawei flap
China spied on African Union headquarters for five years — Quartz Africa
House panel: Equifax breach was ‘entirely preventable’
Committee Releases Report Revealing New Information on Equifax Data Breach - United States House Committee on Oversight and Government Reform
Experian Exposes Apparent Customer Data in Training Manuals - Motherboard
NotPetya leads to unprecedented insurance coverage dispute
Over 40,000 credentials for government portals found online | ZDNet
What's actually in Australia's encryption laws? Everything you need to know | ZDNet
Australia's encryption laws will fall foul of differing definitions | ZDNet
Australia Just Became The Testing Ground For Breaking Into Encryption
Matthew Green on Twitter: "GCHQ has proposal to surveill encrypted messaging and phone calls. The idea is to use weaknesses in the “identity system” to create a surveillance backdoor. This is a bad idea for so many reasons. Thread. 1/ https://t.co/rnmo0eOWus"
Melbourne terror attack plot suspects arrested in police raids over mass shooting fears - ABC News (Australian Broadcasting Corporation)
Why Scott Morrison is right on encryption but wrong on Muslims
Super Micro Says Third-Party Test Found No Malicious Hardware - Bloomberg
Someone Defaced Linux.org Website With ‘Goatse’ And Anti-Diversity Tirade - Motherboard
Nearly 250 Pages of Devastating Internal Facebook Documents Posted Online By UK Parliament - Motherboard
Internal Documents Show Facebook Has Never Deserved Our Trust or Our Data - Motherboard
Google+ Exposed Data of 52.5 Million Users and Will Shut Down in April | WIRED
Iranians indicted in Atlanta city government ransomware attack | Ars Technica
Report: FBI opens criminal investigation into net neutrality comment fraud | Ars Technica
Police arrest hacker behind WeChat ransomware attack - CGTN
A bug in Microsoft’s login system made it easy to hijack anyone’s Office account | TechCrunch
For the fourth month in a row, Microsoft patches Windows zero-day used in the wild | ZDNet
Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter | ZDNet
OpSec mistake brings down network of Dark Web money counterfeiter | ZDNet
Google CEO Says No Plan to ‘Launch’ Censored Search Engine in China - Motherboard
Marriott to reimburse some guests for new passports after massive data breach | ZDNet
Eastern European banks lose tens of millions of dollars in Hollywood-style hacks | ZDNet
Industrial espionage fears arise over Chrome extension caught stealing browsing history | ZDNet
Hacker Fantastic on Twitter: ""open-source is more secure than closed-source because you can view the source code" ... GNU inetutils <= 1.9.4 telnet.c multiple overflows https://t.co/O88psTlS1X"
Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret - The New York Times
APPSEC CALIFORNIA 2019 - OWASP AppSec California 2019
Next Gen Pen Testing