Risky Business #594 -- How ESNIs will change censorship and NDR

Wave goodbye to destination metadata and say hello to network monitoring hell...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • WeChat joins TikTok in the naughty corner
  • TLS 1.3 with ESNI will have a massive impact on censorship AND security
  • Belarus goes dark after dodgy election
  • Capital One fined $80m
  • Much, much more

America's clean path is slippery

The Risky Biz newsletter for August 11, 2020...

A US-China trade war and a global pandemic have in a few short months accelerated a drift into ‘network sovereignty’: a world in which the internet is no longer a truly open, global network.

Australia wants boards held to account for infosec

Company directors better get schooled up on the cybers

Australia’s 2020 cyber security strategy is the latest national plan to propose that company directors be held accountable for meeting minimum information security baselines prescribed by the government.

In the absence of anything specific in the strategy document, Risky.Biz talked to some real experts on measuring cyber security maturity to suggest some ways forward.

Risky Business #593 -- China promises "mortal combat in the tech realm"

Round one, FIGHT!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Trump’s war on TikTok (featuring guest Alex Stamos)
  • Twitter hackers caught. Pretty embarrassing stuff, really.
  • NSO implants target Easter Bunny
  • Garmin may need a good OFAC lawyer (featuring comment from Dmitri Alperovitch)
  • Blackberry cracked after five years leads to multiple arrests in Australia
  • Much, much more

TikTok review reduced to meaningless farce

As China threatens "mortal combat in the tech realm"...

Donald Trump’s personal involvement in threats to ban TikTok is distracting from any legitimate national security concerns the video sharing app might present to the United States. What started as some half-hearted sabre rattling after he was thoroughly punk’d by TikTok teens at his Tulsa rally in late June has spiralled into a theatre of the absurd.

Risky Biz Soap Box: Yubico Chief Solutions Officer Jerrod Chong

Yubikey support is everywhere. Now what?

Soap Box is the wholly sponsored podcast series we do here at Risky.Biz. That means everyone you hear on this podcast paid to be here. In this podcast you’re going to hear my latest interview with Jerrod Chong, Yubico’s Chief Solutions Officer.

Hardware security keys like Yubikeys have come a long way, even over the last couple of years. The biggest change is that the support for hardware keys is borderline ubiquitous now. FIDO2 support is in all the major browsers. You can even use Yubikeys with Google apps on an iPhone. The plumbing is here, it’s arrived.

Risky Business #592 -- We're back. Did we miss anything?

A catch up on the last few weeks of security shenanigans...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two Chinese nationals charged with freelancing for MSS
  • Russia, China hacking COVID-19 research
  • The world dodged a bullet on the Windows DNS bug
  • Twitter blue tick pwnapalooza
  • Much, much more.

The enterprise apps are revolting too

The Risky Biz newsletter for July 21, 2020

If it’s any consolation, the most capable infosec teams in the world are having just as much trouble dealing with the current onslaught of high severity vulnerabilities as you are.

What even is Winnti?

Op-Ed: It's time we had one last talk about Winnti...

Winnti is all at once a malware family, a group, and several groups with wildly diverging motivations. We’re at the point where we may as well scrap the name and start again.

Risky Biz Soap Box: Facebook, under the hood

Facebook's journey from a PHP/MySQL website to serving billions of users...

Normally these Soap Box podcasts – which are wholly sponsored – feature vendors trying to sell you stuff. But this time we’re doing something different: an interview with two of Facebook’s most senior engineers.

The network devices are revolting

The Risky Biz newsletter for July 7, 2020...

A critical, trivially exploitable vulnerability in the management interface of F5’s Big-IP devices is the latest in a string of nasty bugs in networking equipment critical to enterprise computing.

Like last year’s Citrix NetScaler and Pulse Secure vulnerabilities, this one is going to hurt.

Risky Biz Soap Box: No magic wand for business email compromise (BEC)

Proofpoint's Ryan Kalember talks BEC...

This edition of the Soap Box podcast is brought to you by Proofpoint.

Today’s guest is Proofpoint’s EVP of Cybersecurity Strategy, Ryan Kalember, and the topic is business email compromise, or BEC.

BEC is a big deal, generating billions of dollars in losses every year across basically all industry verticals and levels of government. Until recently, there haven’t been many technical controls that help to mitigate it.

Risky Business #590 -- REPOST: It turns out we're not SAML experts

A re-post of episode 590, minus the bum steer on the Palo Alto bug...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Inside the new American “e2ee busting” bill
  • Julian Assange hit with (another) superseding indictment
  • Trustwave uncovers sneaky Chinese accounting software backdoor
  • Much, much more…

This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.

Decrypting America's new push for lawful interception

The Risky Biz newsletter for June 30, 2020...

Three US Senators have put forward a bill that apes the powers of the UK Investigatory Powers Act and Australia’s Assistance and Access Act, while omitting many of the (albeit weak) safeguards that protect that power from being abused.

The Lawful Access to Encrypted Data Act of 2020, introduced by Republican Senators Lindsay Graham, Tom Cotton and Marsha Blackburn, compels device manufacturers and digital service providers to provide access to user data when served with a warrant. It’s the Nike approach: Just do it!

Risky Business #589 -- Why Microsoft's steep E5 license pricing is a national security risk

How foreign intelligence services are leveraging malicious Azure apps...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Australia “under attack” - a wrap
  • Microsoft releases more security protections for E5 customers
  • US to introduce “anti encryption” bill
  • Shady encrypted phone company owned by the cops
  • NSA to offer filtered DNS services to defence industry
  • MORE