Risky Business #597 -- Alex Stamos talks news, Pompeo's "clean networks" initiative

PLUS: Why Electron apps are a security trashfire...
02 Sep 2020 » Risky Business

On this week’s show Patrick and Alex discuss the week’s security news, including:

  • NZ stock exchange felled by DDoS attack
  • DNI cancels in-person election security briefings for Democats
  • Russians didn’t hack Michigan voter data
  • Sendgrid having a bad time of its own making
  • US to doxes historical DPRK crypto laundering infrastructure, processes

This week’s sponsor interview is with VMRay co-founder and sandbox guru Carsten Willems.

Carsten is joining us to talk product this week – VMRay has brought out a stack of new integrations for its sandbox product, you can now connect it to a lot of your existing enterprise kit. He’ll pop in to tell us more.

Links to everything that we discussed are below and you can follow Patrickor Alex on Twitter if that’s your thing.

Show notes

The US exposes how the DPRK cashes out from cybercrime - Risky Business
DDoS extortionists target NZX, Moneygram, Braintree, and other financial services | ZDNet
Democrats furious after intelligence officials cancel in-person election security briefings
No, Michigan voter data wasn’t hacked by the Russians
A Tesla Employee Thwarted an Alleged Ransomware Plot | WIRED
US sues to recover cryptocurrency funds stolen by North Korean hackers | ZDNet
Sendgrid Under Siege from Hacked Accounts — Krebs on Security
Twitter Hack May Have Had Another Mastermind: A 16-Year-Old - The New York Times
Iranian hackers impersonate journalists to set up WhatsApp calls and gain victims' trust | ZDNet
Iranian hackers are selling access to compromised companies on an underground forum | ZDNet
CenturyLink outage led to a 3.5% drop in global web traffic | ZDNet
Cloud company Fastly to purchase app security provider Signal Sciences for $775 million
Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit
Announcing the Expansion of the Clean Network to Safeguard America’s Assets - United States Department of State
How WeChat Censored the Coronavirus Pandemic | WIRED
What China’s new export rules mean for TikTok’s US sale | Financial Times
TikTok's security boss makes his case. Carefully.
(13) Patrick Gray on Twitter: "Don’t. Run. Electron. Apps." / Twitter
(3) Moxie Marlinspike on Twitter: "Yes. One reason software development is so much more expensive than it used to be is that making one app now requires that you write/maintain three apps. Electron enables an organization to have a "native" desktop presence without having to build/maintain a *fourth* one. 1/4" / Twitter
(3) Justin Schuh 😷 on Twitter: "@ThomasClaburn @dinodaizovi @bascule @riskybusiness My fundamental complaint with Electron is that relatively basic usage still demands that non-security devs understand the full security properties of their system and scope broker usage appropriately. That's not reasonable, given it's one of the hardest tasks for security experts" / Twitter
(3) Samuel Attard on Twitter: "@frgx @mweissbacher @dinodaizovi @riskybusiness Legacy code is always a problem. But (a) slack is and has been investing resources in electron 👋 and (b) as of recently Slack has enabled the security features you mentioned. You can read more about that journey here https://t.co/Ju1mH9szF9" / Twitter
Confessions of an ID Theft Kingpin, Part I — Krebs on Security
Confessions of an ID Theft Kingpin, Part II — Krebs on Security