Risky Business Podcast

September 02, 2020

Risky Business #597 -- Alex Stamos talks news, Pompeo's "clean networks" initiative

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Alex discuss the week’s security news, including:

  • NZ stock exchange felled by DDoS attack
  • DNI cancels in-person election security briefings for Democats
  • Russians didn’t hack Michigan voter data
  • Sendgrid having a bad time of its own making
  • US to doxes historical DPRK crypto laundering infrastructure, processes

This week’s sponsor interview is with VMRay co-founder and sandbox guru Carsten Willems.

Carsten is joining us to talk product this week – VMRay has brought out a stack of new integrations for its sandbox product, you can now connect it to a lot of your existing enterprise kit. He’ll pop in to tell us more.

Links to everything that we discussed are below and you can follow Patrickor Alex on Twitter if that’s your thing.

Risky Business #597 -- Alex Stamos talks news, Pompeo's "clean networks" initiative
0:00 / 0:00

Show notes

The US exposes how the DPRK cashes out from cybercrime - Risky Business

DDoS extortionists target NZX, Moneygram, Braintree, and other financial services | ZDNet

Democrats furious after intelligence officials cancel in-person election security briefings

No, Michigan voter data wasn’t hacked by the Russians

A Tesla Employee Thwarted an Alleged Ransomware Plot | WIRED

US sues to recover cryptocurrency funds stolen by North Korean hackers | ZDNet

Sendgrid Under Siege from Hacked Accounts — Krebs on Security

Twitter Hack May Have Had Another Mastermind: A 16-Year-Old - The New York Times

Iranian hackers impersonate journalists to set up WhatsApp calls and gain victims' trust | ZDNet

Iranian hackers are selling access to compromised companies on an underground forum | ZDNet

CenturyLink outage led to a 3.5% drop in global web traffic | ZDNet

Cloud company Fastly to purchase app security provider Signal Sciences for $775 million

Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit

Announcing the Expansion of the Clean Network to Safeguard America’s Assets - United States Department of State

How WeChat Censored the Coronavirus Pandemic | WIRED

What China’s new export rules mean for TikTok’s US sale | Financial Times

TikTok's security boss makes his case. Carefully.

(13) Patrick Gray on Twitter: "Don’t. Run. Electron. Apps." / Twitter

(3) Moxie Marlinspike on Twitter: "Yes. One reason software development is so much more expensive than it used to be is that making one app now requires that you write/maintain three apps. Electron enables an organization to have a "native" desktop presence without having to build/maintain a *fourth* one. 1/4" / Twitter

(3) Justin Schuh 😷 on Twitter: "@ThomasClaburn @dinodaizovi @bascule @riskybusiness My fundamental complaint with Electron is that relatively basic usage still demands that non-security devs understand the full security properties of their system and scope broker usage appropriately. That's not reasonable, given it's one of the hardest tasks for security experts" / Twitter

(3) Samuel Attard on Twitter: "@frgx @mweissbacher @dinodaizovi @riskybusiness Legacy code is always a problem. But (a) slack is and has been investing resources in electron 👋 and (b) as of recently Slack has enabled the security features you mentioned. You can read more about that journey here https://t.co/Ju1mH9szF9" / Twitter

Confessions of an ID Theft Kingpin, Part I — Krebs on Security

Confessions of an ID Theft Kingpin, Part II — Krebs on Security