This episode sponsored by Trail of Bits.On this week’s show Patrick and Adam discuss the week’s security news, including:
- WeChat joins TikTok in the naughty corner
- TLS 1.3 with ESNI will have a massive impact on censorship AND security
- Belarus goes dark after dodgy election
- Capital One fined $80m
- Much, much more
We’ll be hearing from Dan Guido of Trail of Bits in this week’s sponsor interview. They’ve developed a generic macOS EDR package that you, dear vendor, should absolutely license from them. Dan joins us to explain why.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- America's clean path is slippery - Risky Business
- Trump issues executive orders that will ban TikTok, WeChat in 45 days - CyberScoop
- China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet
- Cat and mouse: Privacy advocates fight back after China tightens surveillance controls | The Daily Swig
- DEF CON: New tool brings back 'domain fronting' as 'domain hiding' | ZDNet
- Belarus Has Shut Down the Internet Amid a Controversial Election | WIRED
- Ohio becomes first state to release vulnerability policy for election-related websites
- Top voting vendor ES&S publishes vulnerability disclosure policy
- Microsoft bug bounty payouts trebled to reach nearly $14 million in the last year | The Daily Swig
- US offers $10 million reward for hackers meddling in US elections | ZDNet
- Mozilla lays off 250 employees while it refocuses on commercial products | ZDNet
- US financial regulator fines Capital One $80 million over data breach
- FBI says an Iranian hacking group is attacking F5 networking devices | ZDNet
- Citrix releases fix for software bug that hackers ‘will move quickly to exploit’
- Hacker leaks passwords for 900+ enterprise VPN servers | ZDNet
- Hacking group has hit Taiwan's prized semiconductor industry, Taiwanese firm says
- A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks | ZDNet
- FBI issues warning over Windows 7 end-of-life | ZDNet
- Anti-encryption laws yet to be used by Asio or AFP to compel tech firms' help, inquiry told | Australian security and counter-terrorism | The Guardian
- WordPress 5.5 rolls out with auto-updates for plugins, themes | The Daily Swig
- Snapdragon chip flaws put >1 billion Android phones at risk of data theft | Ars Technica
- Researchers found another way to hack Android cellphones via Bluetooth
- Insecure satellite Internet is threatening ship and plane safety | Ars Technica
- When TLS hacks you: Security friend becomes a foe | The Daily Swig
- Top hacks from Black Hat and DEF CON 2020 | The Daily Swig
- Security bugs let these car hackers remotely control a Mercedes-Benz | TechCrunch
- Black Hat 2020: New HTTP request smuggling variants levied against modern web servers | The Daily Swig
- Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack | The Daily Swig
- (12) Dan Guido on Twitter: "Last Thursday, I was locked out of my cloud MDM, my data was deleted, and MDM agents for every device @trailofbits were silently removed by the vendor, leaving the entire company unmanaged. There was no advance notice and no explanation. This is a warning: Never use Kandji. https://t.co/0zIPZKpCC8" / Twitter
- Sinter: New user-mode security enforcement for macOS | Trail of Bits Blog
