This week’s podcast features Patrick and Adam talking about the week’s security news, including:
- Huawei staffer arrested for spying in Poland
- Conviction in DPRK SWIFT hack against Bangladesh central bank
- El Chapo used Flexispy to spy on mistresses and staff
- NSO group on charm offensive
- Iran hijacking DNS entries, conducting PITM with DV certs
- Kaspersky tipped NSA on Hal Martin
- US government certificates expire amid shutdown
- Idiot sentenced to 10 years prison for DDoSing children’s hospital
This week’s show is brought to you by Trail of Bits! Trail of Bits is a security engineering firm and consultancy based in New York. They aren’t a typical pen-testing firm, they build as well as break.
In this week’s sponsor interview JP Smith from Trail of Bits joins us to talk about the work he put in to CSAW. Not the Centre for Sustainable Architecture with Wood, which is a thing, but the Cyber Security Awareness Worldwide CTF.
JP is a sick man. He’s sick. You’ll hear about the mind-bending CTF challenges he put together for CSAW. Remarkably, some teams were actually able to solve his problems, some of which featured complex numbers mapped to a four dimensional unit sphere being used to drive the rotation of a virtual IBM Selectric typewriter golfball in Second Life. As I say, he’s a sick, sick man.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Poland spy arrest: China telecoms firm Huawei sacks employee - BBC News
- Ex-RCBC manager guilty in $81-M heist | The Manila Times Online
- Alan Feuer on Twitter: "Chapo would play a little game. He would call people who had the “special” phones and chat with them a while then hang up, secretly activate the mic and listen to what they said about him."
- Chapo’s I.T. Guy: Working for a Kingpin Can Cause a Nervous Breakdown - The New York Times
- Exclusive: How Mexican drug baron El Chapo was brought down by technology made in Israel
- A Worldwide Hacking Spree Uses DNS Trickery to Nab Data | WIRED
- Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale | FireEye Inc
- Exclusive: How a Russian firm helped catch an alleged NSA data thief - POLITICO
- .gov security falters during U.S. shutdown | Netcraft
- Senators Call on FCC To Investigate T-Mobile, AT&T, and Sprint Selling Location Data to Bounty Hunters - Motherboard
- Google Demanded That T-Mobile, Sprint Not Sell Google Fi Customers' Location Data - Motherboard
- AT&T to Stop Selling Location Data to Third Parties After Motherboard Investigation - Motherboard
- Feds Can't Force You To Unlock Your iPhone With Finger Or Face, Judge Rules
- Ryuk ransomware gang probably Russian, not North Korean | ZDNet
- Man gets 10 years for cyberattack on Boston Children's Hospital | Boston.com
- Hacker 'BestBuy' sentenced to prison for operating Mirai DDoS botnet | ZDNet
- Police get report of a shooting only to find out it was a prank - Palo Alto Daily Post
- Scooter startup Bird tried to silence a journalist. It did not go well. | TechCrunch
- Yet another Qld cop charged with hacking - Security - iTnews
- Some of the biggest web hosting sites were vulnerable to simple account takeover hacks | TechCrunch
- $900,000 On Offer For Anyone Who Can Hack A Tesla Model 3
- SCP implementations impacted by 36-years-old security flaws | ZDNet
- Google Chrome's built-in ad blocker to roll out worldwide on July 9 | ZDNet
- Gaining access to Uber's user data through AMPScript evaluation – Assetnote
- Rahul Sridhar on Twitter: "Here's a short story about cryptography in 2018 in five tweets:"