Risky Business #543 -- NYTimes blames NSA for Baltimore hacks, Assange faces espionage charges

With special guest co-host Alex Stamos...
29 May 2019 » Risky Business

Adam Boileau couldn’t make it this week, but that’s ok because we’ve got former Facebook CSO and current Stanford adjunct professor Alex Stamos filling in for him in today’s show. He’ll be talking through all the week’s security news, including:

  • NYTimes report blames Baltimore ransomware attack on leaked NSA exploit
  • Assange to face espionage charges, extradition fight looming
  • SanboxEscaper just keeps dropping those 0days
  • Fury over Facebook’s response to doctored Pelosi video
  • Much, much more

This week’s sponsor interview with David Warburton of F5 Networks. You know F5 as a blinky-light box manufacturer. Load balancers, SSL termination, that sort of stuff. Not exactly a growth industry at the moment, so they’re pivoting.

They’ve dropped $670m on NGINX – f5 now owns the NGINX company – and they’re making all sorts of moves in the appsec space. That interview is mostly about F5’s business, but I found it interesting because what do you do when you’re an $8bn company that makes data-centre equipment and that industry starts going into decline?

Links to everything discussed are below, and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - The New York Times
Thomas Rid on Twitter: "Meanwhile I feel rather uncomfortable about being quoted in said NYT story. Although the bigger point stands: whoever was behind Shadowbrokers must be held accountable, and USG should not get away with publicly ignoring this historic leak."
Eternally Blue: Baltimore City leaders blame NSA for ransomware attack | Ars Technica
Google bots shut down Baltimore officials’ ransomware-workaround Gmail accounts | Ars Technica
CyberSecPolitics: Baltimore is not EternalBlue
Errata Security: A lesson in journalism vs. cybersecurity
Intense scanning activity detected for BlueKeep RDP flaw | ZDNet
Researcher publishes Windows zero-days for the third day in a row | ZDNet
Cyber Command's latest VirusTotal upload has been linked to an active attack
The Latest Julian Assange Indictment Is an Assault on Press Freedom | WIRED
Here's How a Facebook Exec Defended Leaving Up That Fake Nancy Pelosi Video
Facebook scrubbed 2.2 billion fake accounts in the first quarter of 2019, a new high
U.S. Navy Creating a 350 Billion Record Social Media Archive
A--Global Social Media Archive, 350 billion digital data records (text) - Federal Business Opportunities: Opportunities
Amazon shareholders reject facial recognition sale ban to governments | TechCrunch
Facial Recognition Has Already Reached Its Breaking Point | WIRED
Android and iOS devices impacted by new sensor calibration attack | ZDNet
Privacy Preserving Ad Click Attribution For the Web | WebKit
German Minister Wants Secure Messengers To Decrypt Chats
European police seize BestMixer, saying it helped launder $200 million worth of cryptocurrency
Chinese military to replace Windows OS amid fears of US hacking | ZDNet
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records — Krebs on Security
Australian tech unicorn Canva suffers security breach | ZDNet
Equifax is spending a ton of money on cybersecurity. Wall Street analysts don't like it.
Democratic Party’s network security still lags behind GOP, researchers find | Ars Technica
CrowdStrike, NSS Labs resolve court battle over product testing | ZDNet
Security Engineer, Detection - Google - Sydney NSW, Australia - Google Careers
Security Engineer, Information Security and Privacy Incident Response - Google - Sydney NSW, Australia - Google Careers
Malware Sandbox Online | Free Trial
F5 Networks | Secure application delivery