Podcasts

Snake Oilers is a wholly sponsored podcast series we do here at Risky.Biz where vendors come on to the show to pitch their wonderful, wonderful, magical snake oil to you, the listeners.

In today’s podcast you’ll hear from:

• Kenn White from MongoDB talking about client-side field level encryption
• AlphaSOC’s Chris McNab talking about their latest – they’re not just doing DNS analytics anymore
• SecureStack are making developer-friendly cloud security, provisioning and visibility tooling

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Details about Apple and Google’s contact tracing API and OS changes
• Alex Stamos joins Zoom as outside consultant
• More Zoom news
• US government weighs China Telecom ban following BGP hijacking
• Travelex paid $2.3m to decrypt files in ransomware attack.

Apple and Google have answered a call from policy makers to build a consent-based contact tracing tool for Android or iOS devices.

The two organisations will release OS updates in mid-May that allow health authorities to use ‘contact detection’ APIs developed by Apple and Google to launch multi-platform contact tracing apps.

Under the published design, if two users of these apps have been in close proximity for a designated period of time, their devices exchange a set of identifiers (ephemeral ‘tracing keys’) via Bluetooth Low Energy (BLE). Storage of these anonymised identifiers is decentralised - stored only on user devices.

A common adage in information security is that most startups don’t hire their first full-time security engineer until they’ve got around 300 staff.

If your app only stores public data and has no need to authenticate users, that might not present much of a problem. But when your app needs to be trusted to protect the confidentiality of a person’s political preference, it’s something else entirely.

It’s why Tusk Philanthropies - an organisation devoted to bringing mobile voting to the masses - is playing matchmaker between a half-dozen mobile voting startups and the security experts that can help bring them up to snuff.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• ASD launches offensive action against criminals
• Bio-tech firms working on COVID-19 targeted by ransomware
• Iran targets WHO
• Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it
• Much, much more
  

Brett’s take on the week’s infosec news. Click through for subscription link.

Internet technologies are set to play a critical role in the 2020 Presidential Election.

State election officials face the daunting task of upholding the most essential function of democracy in the midst of a health pandemic that constrains the movement and assembly of people in public spaces.

This podcast is brought to you by the Hewlett Foundation. They provided us with a grant to support us doing some podcasts about cybersecurity issues that touch on policy. Regular listeners would have heard some of these special podcasts already.

Today’s guest is Jennifer Morrell. She’s a partner with Elections Group and is a recognised expert on election audits.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• KSA uses SS7 to track its citizens in USA
• Governments begin virus tracking through personal devices
• FBI warns of Iran-linked crew in yer supply chains
• Voatz gets booted from HackerOne
• All the cloud and Zoom drama

This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview.

This is a completely unedited recording of a YouTube livestream broadcast on March 31, 2020. It features Patrick Gray, Dmitri Alperovitch, Alex Stamos and Adam Boileau.