Risky Business Podcast

March 06, 2019

Risky Business #533 -- Ghidra release, NSA discontinues metadata program and more

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

  • The NSA isn’t that interested in phone metadata anymore
  • More Chinese mass surveillance data leaks
  • Chelsea Manning, David House subpoenaed over Wikileaks
  • Quadriga cold wallets were actually empty at time of founder’s death
  • NSA deployed “rm -rf / shark” at Internet Research Agency
  • HackerOne follows Bugcrowd into pentesting
  • NSA releases Ghidra
  • Much, much more!

This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #533 -- Ghidra release, NSA discontinues metadata program and more
0:00 / 0:00

Show notes

The NSA has reportedly stopped data-mining Americans' phone and SMS records / Boing Boing

House aide: NSA has shut down phone call record surveillance | Ars Technica

China’s “democracy” includes mandatory apps, mass chat surveillance | Ars Technica

China claims detained Canadians formed spy link

As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations - The New York Times

Disclosing Subpoena for Testimony, Chelsea Manning Vows to Fight - The New York Times

WikiLeaks Veteran: I ‘Cooperated’ With Feds ‘in Exchange for Immunity’

Mystery as Quadriga crypto-cash goes missing - BBC News

NSA’s top policy advisor: It’s time to start putting teeth in cyber deterrence | Ars Technica

US wiped hard drives at Russia's 'troll factory' in last year's hack | ZDNet

Vulnerability exposes location of thousands of malware C&C servers | ZDNet

Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard

Coinbase Says Ex-Hacking Team Members Will ‘Transition Out’ After Users Protest - Motherboard

HackerOne thinks its freelance hackers can conduct penetration tests better than actual pentesting companies

New Software Helps to Mitigate Supply Chain Management Risk > National Security Agency | Central Security Service > Article View

Ghidra

Hacker Fantastic on Twitter: "Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely 🤦‍♂️.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7"

Backstory: An Alphabet Moon Shot Wants to Store the Security Industry's Data | WIRED

BlackBerry Cylance Delivers First Proactive Behavioral Analytics Solution with CylancePERSONA

Martijn Grooten on Twitter: "Shamir is of course right in his criticism of strict US visa procedures, but to add a sobering perspective, we have had speakers who couldn't get a visa when we had our conference in the US, Canada and the EU. For most of the world, visas for the West are really hard.… https://t.co/HRXh1Vr5pt"

W3C finalizes Web Authentication (WebAuthn) standard | ZDNet

Hackers have started attacks on Cisco RV110, RV130, and RV215 routers | ZDNet

Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps | ZDNet

Google Reveals "BuggyCow," a Rare MacOS Zero-Day Vulnerability | WIRED

Adobe releases out-of-band update to patch ColdFusion zero-day | ZDNet

PoC Buffer Overflow exploitation in the British Airways Entertainment System | LinkedIn