Risky Business Podcast

August 12, 2020

Risky Business #594 -- How ESNIs will change censorship and NDR

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • WeChat joins TikTok in the naughty corner
  • TLS 1.3 with ESNI will have a massive impact on censorship AND security
  • Belarus goes dark after dodgy election
  • Capital One fined $80m
  • Much, much more

We’ll be hearing from Dan Guido of Trail of Bits in this week’s sponsor interview. They’ve developed a generic macOS EDR package that you, dear vendor, should absolutely license from them. Dan joins us to explain why.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #594 -- How ESNIs will change censorship and NDR
0:00 / 63:45

Show notes

America's clean path is slippery - Risky Business

Trump issues executive orders that will ban TikTok, WeChat in 45 days - CyberScoop

China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet

Cat and mouse: Privacy advocates fight back after China tightens surveillance controls | The Daily Swig

DEF CON: New tool brings back 'domain fronting' as 'domain hiding' | ZDNet

Belarus Has Shut Down the Internet Amid a Controversial Election | WIRED

Ohio becomes first state to release vulnerability policy for election-related websites

Top voting vendor ES&S publishes vulnerability disclosure policy

Microsoft bug bounty payouts trebled to reach nearly $14 million in the last year | The Daily Swig

US offers $10 million reward for hackers meddling in US elections | ZDNet

Mozilla lays off 250 employees while it refocuses on commercial products | ZDNet

US financial regulator fines Capital One $80 million over data breach

FBI says an Iranian hacking group is attacking F5 networking devices | ZDNet

Citrix releases fix for software bug that hackers ‘will move quickly to exploit’

Hacker leaks passwords for 900+ enterprise VPN servers | ZDNet

Hacking group has hit Taiwan's prized semiconductor industry, Taiwanese firm says

A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks | ZDNet

FBI issues warning over Windows 7 end-of-life | ZDNet

Anti-encryption laws yet to be used by Asio or AFP to compel tech firms' help, inquiry told | Australian security and counter-terrorism | The Guardian

WordPress 5.5 rolls out with auto-updates for plugins, themes | The Daily Swig

Snapdragon chip flaws put >1 billion Android phones at risk of data theft | Ars Technica

Researchers found another way to hack Android cellphones via Bluetooth

Insecure satellite Internet is threatening ship and plane safety | Ars Technica

When TLS hacks you: Security friend becomes a foe | The Daily Swig

Top hacks from Black Hat and DEF CON 2020 | The Daily Swig

Security bugs let these car hackers remotely control a Mercedes-Benz | TechCrunch

Black Hat 2020: New HTTP request smuggling variants levied against modern web servers | The Daily Swig

Black Hat 2020: Web cache poisoning offers fresh ways to smash through the web stack | The Daily Swig

(12) Dan Guido on Twitter: "Last Thursday, I was locked out of my cloud MDM, my data was deleted, and MDM agents for every device @trailofbits were silently removed by the vendor, leaving the entire company unmanaged. There was no advance notice and no explanation. This is a warning: Never use Kandji. https://t.co/0zIPZKpCC8" / Twitter

Sinter: New user-mode security enforcement for macOS | Trail of Bits Blog