Srsly Risky Biz: The Access Debate is Now the Child Safety Debate

Our last podcast for 2022... see you all next year!

In this podcast Patrick Gray talks to Tom Uren about Apple’s latest move to roll out end-to-end encrypted iCloud backups and how that plays into the lawful access debate. Pending legislation in the US, UK and EU is all about mitigating online harms and countering child exploitation, so they think the policy debate has moved on from lawful access. There are lots of measures that companies could take in this space that don’t compromise end-to-end encryption, and legislators are going to force companies to do more. They also look at the next move for North Korean hackers. They’ve had an absolute field day pillaging cryptocurrency ventures. What will their next move be as the “Crypto Winter” arrives?

You can find the newsletter post this podcast is based on here.

Risky Business #689 -- FBI baulks at Apple's iCloud encryption push

PLUS: Microsoft signs malicious drivers, Japan to release the Shiba Inus…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Apple to introduce user-encrypted backups, FBI is sad
  • Twitter ices e2ee plans for DMs
  • RackSpace is getting sued over its hosted Exchange ransomware incident
  • Dodgy driving: Microsoft signs some shady stuff
  • Japan to change laws, release the Shibas
  • A look at the US NDAA
  • Much, much more

This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.

Between Two Nerds: The US has it all wrong on cyber

How the "Cyber Grand Strategy" makes sense for everyone, except America...

In this edition of Between Two Nerds Tom Uren and The Grugq find that for most countries use of cyber capabilities makes sense. Except for the US. They are in a different position and the development of cyberspace as a domain of strategic competition is a net loss for them.

Risky Biz News: Disgruntled member doxes and extorts URSNIF gang

PLUS: PyPI and npm packages deploy ransomware; Japan wants to carry out preemptive cyber-attacks; Pwn2Own Toronto hacking contest results...

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and presented by Patrick Gray, who’s filling in for Claire Aird.

You can find the newsletter version of this podcast click here.

Srsly Risky Biz: Microsoft’s Dull Bulb Fails to Illuminate

PLUS: Chinese APT side hustle: stealing Covid money

In this podcast Patrick Gray talks to Tom Uren about how Microsoft continues to get important stuff wrong on Chinese vulnerability regulation and Russian cyber warfare. They also discuss how Cyber Safety Review Board’s decision to look at teenage hacking Lapsus$ is a good one, and how a Chinese APT group’s efforts to steal US Covid relief money will really annoy people. You can read the newsletter the podcast is based on here.

Risky Business #688 -- APT41 pickpockets Uncle Sam

Chinese government-linked crew raid US covid relief payments...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Samsung, LG Android signing keys pinched
  • LastPass gets owned again
  • APT41 steal covid relief money
  • Amnesty International hacked in Canada
  • Much, much more

This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Between Two Nerds: The ethical rules of espionage

When economic gerrymandering crosses a line...

In this edition of Between Two Nerds Tom Uren and The Grugq discuss reader feedback about whether the Five Eyes engage in economic espionage and look at allegations that Australia spied on the East Timorese government to get an edge in negotiations regarding an oil and gas negotiation. In various hypothetical scenarios we examine the ethics of the situation and what would have to change for that spying to be morally justified.

Srsly Risky Biz: We Need a More Conscious Decoupling

PLUS: Geofence Warrants Are Okay, With Oversight...

In this podcast Patrick Gray talks to Tom Uren about US-China technological decoupling and the lack of an observable strategy so far. They also find that the use of geofence warrants in the Capital riot seems perfectly reasonable, and examine how Chinese twitter uses trying to find news about recent Covid protests are being deluged with spam. You can read the newsletter this podcast is based on here.

Risky Business #687 -- Shady deeds in sunny places: Ransomware smashes Vanuatu, Guadeloupe

PLUS: What infosec can learn from Soviet era airliner manufacturing...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • UK, USA ban Chinese security cameras
  • What is the Boa webserver and why is it everywhere?
  • Vanuatu, Guadeloupe smashed by ransomware
  • REvil back with more dumps despite ASD attention
  • Much, much more

This week’s sponsor guest is Jake King from Elastic Security, who joins us to talk through the company’s most recent threat report. There’s a link to the report in our show notes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Between Two Nerds: Good News, Bad News

Why ransomware is dying and what will replace it...

In this edition of Between Two Nerds Tom Uren and The Grugq have some good news for a change — ransomware has peaked and they examine why criminals will look for different sources of income. Of course, every silver lining has a cloud, and ransomware will be replaced by other types of cyber crime.