On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:
- The NSA isn’t that interested in phone metadata anymore
- More Chinese mass surveillance data leaks
- Chelsea Manning, David House subpoenaed over Wikileaks
- Quadriga cold wallets were actually empty at time of founder’s death
- NSA deployed “rm -rf / shark” at Internet Research Agency
- HackerOne follows Bugcrowd into pentesting
- NSA releases Ghidra
- Much, much more!
This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- The NSA has reportedly stopped data-mining Americans' phone and SMS records / Boing Boing
- House aide: NSA has shut down phone call record surveillance | Ars Technica
- China’s “democracy” includes mandatory apps, mass chat surveillance | Ars Technica
- China claims detained Canadians formed spy link
- As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations - The New York Times
- Disclosing Subpoena for Testimony, Chelsea Manning Vows to Fight - The New York Times
- WikiLeaks Veteran: I ‘Cooperated’ With Feds ‘in Exchange for Immunity’
- Mystery as Quadriga crypto-cash goes missing - BBC News
- NSA’s top policy advisor: It’s time to start putting teeth in cyber deterrence | Ars Technica
- US wiped hard drives at Russia's 'troll factory' in last year's hack | ZDNet
- Vulnerability exposes location of thousands of malware C&C servers | ZDNet
- Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard
- Coinbase Says Ex-Hacking Team Members Will ‘Transition Out’ After Users Protest - Motherboard
- HackerOne thinks its freelance hackers can conduct penetration tests better than actual pentesting companies
- New Software Helps to Mitigate Supply Chain Management Risk > National Security Agency | Central Security Service > Article View
- Ghidra
- Hacker Fantastic on Twitter: "Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 🤦♂️.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7"
- Backstory: An Alphabet Moon Shot Wants to Store the Security Industry's Data | WIRED
- BlackBerry Cylance Delivers First Proactive Behavioral Analytics Solution with CylancePERSONA
- Martijn Grooten on Twitter: "Shamir is of course right in his criticism of strict US visa procedures, but to add a sobering perspective, we have had speakers who couldn't get a visa when we had our conference in the US, Canada and the EU. For most of the world, visas for the West are really hard.… https://t.co/HRXh1Vr5pt"
- W3C finalizes Web Authentication (WebAuthn) standard | ZDNet
- Hackers have started attacks on Cisco RV110, RV130, and RV215 routers | ZDNet
- Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps | ZDNet
- Google Reveals "BuggyCow," a Rare MacOS Zero-Day Vulnerability | WIRED
- Adobe releases out-of-band update to patch ColdFusion zero-day | ZDNet
- PoC Buffer Overflow exploitation in the British Airways Entertainment System | LinkedIn