Risky Business #579 -- Apple and Google go all in on contact tracing

But is the spec privacy preserving?
15 Apr 2020 » Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Details about Apple and Google’s contact tracing API and OS changes
  • Alex Stamos joins Zoom as outside consultant
  • More Zoom news
  • US government weighs China Telecom ban following BGP hijacking
  • Travelex paid $2.3m to decrypt files in ransomware attack.

This week’s show is brought to you by AttackIQ. They make a breach and attack simulation platform that you can use to figure out which of your security controls are actually working. Carl Wright of AttackIQ will join the show to talk about the new, free online training they’re offering.

If you’re stuck at home like half the planet right now and you’re interested in operationalising MITRE ATT&CK then you can check out AttackIQ academy.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Seriously Risky Business Newsletter Subscription Page
Srsly Risky Biz: Apple, Google to bring COVID-19 contact tracing to billions - Risky Business
Clever Cryptography Could Protect Privacy in Covid-19 Contact-Tracing Apps | WIRED
How Google Plans to Push Its Coronavirus Tracing Feature to Android Phones - VICE
Former Facebook CSO Alex Stamos to join Zoom as outside security consultant | ZDNet
Zoom removes meeting IDs from app title bar to improve privacy | ZDNet
US Senate, German government tell staff not to use Zoom | ZDNet
It's Official: Most Zoom Versions Now Off-Limits to the Military | Military.com
Senator calls on FTC to create guidelines for video teleconferencing software | ZDNet
Senator backing anti-crypto bill calls out Zoom’s lack of end-to-end crypto | Ars Technica
Interest in Zoom Zero-Day Hacks Is ‘Sky-High’ as Meetings Move Online - VICE
Zoom shareholder accuses executives of fraud over security practices
U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic
Fiverr Hosted 'Coronavirus Healers' and Dodgy Mask Sellers - VICE
Citing BGP hijacks and hack attacks, feds want China Telecom out of the US | Ars Technica
Travelex Paid $2.3 Million to Ransomware Gang: Report
The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots | WIRED
New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments — Krebs on Security
Cloudflare dumps reCAPTCHA as Google intends to charge for its use | ZDNet
San Francisco airport websites hacked to steal staff passwords, says notice | TechCrunch
Russian state hackers behind San Francisco airport hack | ZDNet
SEC settles with two suspects in EDGAR hacking case | ZDNet
SEC.gov | Foreign National and American Trader Settle Fraud Charges in EDGAR Hacking Case
Lawyer for alleged Methbot boss Aleksandr Zhukov wants case dismissed amid coronavirus concerns
Why you can’t trust your vote to the internet just yet - Risky Business
Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business
Experts: Internet voting isn’t ready for COVID-19 crisis
Vote by Mail Isn't Perfect. But It's Essential in a Pandemic | WIRED
DARPA snags Intel to lead its machine learning security tech | TechCrunch
Dell releases new tool to detect BIOS attacks | ZDNet
Micronaut CRLF injection bug opened the door to server-side request forgery | The Daily Swig
2021 - git: Newline injection in credential helper protocol - project-zero
The Far-Right Helped Create The World's Most Powerful Facial Recognition Technology | HuffPost Australia
AttackIQ Platform, continuous validation of your security control.