Risky Business #564 -- PRC suffers leak, alleged defection

Chinese Snowden, Manning a matter of time...
27 Nov 2019 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • RIPE has officially run out of v4 addresses
  • NSO workers sue Facebook to get their accounts back
  • Mike Pompeo, Republican lawmakers keep Crowdstrike conspiracy theory alive
  • Bugs, hacks, ransomware disasters and more.

This week’s sponsor interview is with Sally Carson of Duo Security. Sally has been a designer for over 20 years, joining Duo in 2015 to build the company’s Product Design and User Research practice from the ground up. Duo now employs one designer for every five users, which is an extremely generous ratio.

As you’ll hear, Sally thinks empathy is the key to designing usable technology.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

The RIPE NCC has run out of IPv4 Addresses — RIPE Network Coordination Centre
Workers at Israeli surveillance firm NSO sue Facebook for blocking private accounts - Reuters
In just three months, Google sent 12k warnings about government-backed attacks | ZDNet
Pompeo says Trump’s debunked Ukraine conspiracy theory is worth looking into - The Washington Post
(1) Kevin Collier on Twitter: "A fun fact about Republicans embracing the idiotic Crowdstrike conspiracy theory is that the RNSC and RNCC both use Crowdstrike. Have paid more than $175,000 since 2017, per FEC filings. https://t.co/LSvCEbYccP" / Twitter
Five Years Later, Who Really Hacked Sony? | Hollywood Reporter
Commerce Department proposes rules for implementing Trump’s supply-chain security order
Data leak reveals how China 'brainwashes' Uighurs in prison camps - BBC News
China used Nick Zhao to try infiltrate federal Parliament, ASIO believes
Chinese spy Wang Liqiang's revelations spark Taiwan detention of couple at Taoyuan Airport
Iranian Americans Struggle to Reach Family Amid Internet Blackout | WIRED
Iran letter raises prospect of 'white list' internet clampdown - BBC News
Kevin Rudd says Julian Assange faces 'unacceptable' and 'disproportionate' punishment
How the NYPD's fingerprint database got shut down by a computer virus
110 Nursing Homes Cut Off from Health Records in Ransomware Attack — Krebs on Security
Over 480 million mobile VPN apps have been downloaded in the past year | ZDNet
A hacking group is hijacking Docker systems with exposed API endpoints | ZDNet
Cheap kids smartwatch exposes the location of 5,000+ children | ZDNet
The California DMV Is Making $50M a Year Selling Drivers’ Personal Information - VICE
The Debate Over How to Encrypt the Internet of Things | WIRED
1.2 Billion Records Found Exposed Online in a Single Server | WIRED
CISA and VotingWorks release open source post-election auditing tool | ZDNet
Extensive hacking operation discovered in Kazakhstan | ZDNet
DOD joins fight against 5G spectrum proposal, citing risks to GPS | Ars Technica
Scammers try a new way to steal online shoppers’ payment-card data | Ars Technica
Suspect can’t be compelled to reveal “64-character” password, court rules | Ars Technica
Aleksei Burkov, Russian accused of operating 'elite' hacking forum, pleads not guilty
Authorities Arrest Alleged Member of Group That Hacked Jack Dorsey - VICE
Lights That Warn Planes of Obstacles Were Exposed to Open Internet - VICE
Russia's ‘Sandworm’ Hackers Also Targeted Android Phones | WIRED
Google will pay bug hunters up to $1.5m if they can hack its Titan M chip | ZDNet
Twitter will finally let users disable SMS as default 2FA method | ZDNet
New bypass disclosed in Microsoft PatchGuard (KPP) | ZDNet
Exploit code published for dangerous Apache Solr remote code execution flaw | ZDNet
Bugtraq: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products