This is the last weekly Risky Business podcast for 2018. We’ll be posting a Soap Box edition early next week then going on break until January 9.
In this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:
- Huawei’s CFO arrested over sanctions violations
- BT in the UK removes Huawei equipment from 4G network
- Australia passes controversial surveillance law
- US House Oversight Committee blasts Equifax in scathing report
- Bloomberg plays word-games on Super Micro story
- MOAR
This week’s show is sponsored by Bugcrowd. In this week’s sponsor interview Bugcrowd’s CTO and founder Casey Ellis tells us why his company is launching “pay for effort” products to run alongside bounty programs.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- US, China executives grow wary about travel after Huawei arrest
- Canadian court grants bail to CFO of China's Huawei | Reuters
- Michael Kovrig: Canadian ex-diplomat 'held in China' - BBC News
- BT removing Huawei equipment from parts of 4G network | Technology | The Guardian
- China's cyber-espionage against U.S. is 'more audacious,' NSA official says amid Huawei flap
- China spied on African Union headquarters for five years — Quartz Africa
- House panel: Equifax breach was ‘entirely preventable’
- Committee Releases Report Revealing New Information on Equifax Data Breach - United States House Committee on Oversight and Government Reform
- Experian Exposes Apparent Customer Data in Training Manuals - Motherboard
- NotPetya leads to unprecedented insurance coverage dispute
- Over 40,000 credentials for government portals found online | ZDNet
- What's actually in Australia's encryption laws? Everything you need to know | ZDNet
- Australia's encryption laws will fall foul of differing definitions | ZDNet
- Australia Just Became The Testing Ground For Breaking Into Encryption
- Matthew Green on Twitter: "GCHQ has proposal to surveill encrypted messaging and phone calls. The idea is to use weaknesses in the “identity system” to create a surveillance backdoor. This is a bad idea for so many reasons. Thread. 1/ https://t.co/rnmo0eOWus"
- Melbourne terror attack plot suspects arrested in police raids over mass shooting fears - ABC News (Australian Broadcasting Corporation)
- Why Scott Morrison is right on encryption but wrong on Muslims
- Super Micro Says Third-Party Test Found No Malicious Hardware - Bloomberg
- Someone Defaced Linux.org Website With ‘Goatse’ And Anti-Diversity Tirade - Motherboard
- Nearly 250 Pages of Devastating Internal Facebook Documents Posted Online By UK Parliament - Motherboard
- Internal Documents Show Facebook Has Never Deserved Our Trust or Our Data - Motherboard
- Google+ Exposed Data of 52.5 Million Users and Will Shut Down in April | WIRED
- Iranians indicted in Atlanta city government ransomware attack | Ars Technica
- Report: FBI opens criminal investigation into net neutrality comment fraud | Ars Technica
- Police arrest hacker behind WeChat ransomware attack - CGTN
- A bug in Microsoft’s login system made it easy to hijack anyone’s Office account | TechCrunch
- For the fourth month in a row, Microsoft patches Windows zero-day used in the wild | ZDNet
- Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter | ZDNet
- OpSec mistake brings down network of Dark Web money counterfeiter | ZDNet
- Google CEO Says No Plan to ‘Launch’ Censored Search Engine in China - Motherboard
- Marriott to reimburse some guests for new passports after massive data breach | ZDNet
- Eastern European banks lose tens of millions of dollars in Hollywood-style hacks | ZDNet
- Industrial espionage fears arise over Chrome extension caught stealing browsing history | ZDNet
- Hacker Fantastic on Twitter: ""open-source is more secure than closed-source because you can view the source code" ... GNU inetutils <= 1.9.4 telnet.c multiple overflows https://t.co/O88psTlS1X"
- Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret - The New York Times
- APPSEC CALIFORNIA 2019 - OWASP AppSec California 2019
- Next Gen Pen Testing