Podcasts

On this edition of Snake Oilers you’ll be hearing from three vendors offering what I believe to be excellent security technology. I haven’t personally used this tech, but conceptually everything featured in this edition is The Good Stuff. You’ll see. Or hear. You know what I mean.

First up we’ll be hearing from CMD, they make killer software for Linux that lets you lock down account actions. Not permissions, actions. Do all the default and service accounts you have to run on your Linux fleet terrify you? Well, this is a solution for that. There’s a visibility component there, too.

Then we’ll be hearing from AlphaSOC. When we last spoke to them they were just doing domain-based analytics, but they’ve expanded their tech and now offer IP-based and http request-based analytics. You can deploy AlphaSOC as a Splunk app or hook up to their API any other way you want. They’re offering free trials, but even when you’re on the paid service it’s actually pretty affordable.

The brain behind AlphaSOC is Chris McNab who used to run incident response at NCC Group. He’s seen how the planes crash into the mountains and he has created a product that performs eminently sensible analysis on your traffic and metadata to alert you to badness.

Then finally we’ll be hearing from Nucleus. This is a new company and if your job is managing vulnerabilities and vuln scanners in your org then straight up, just skip to the Nucleus interview immediately. They’ve created a web app that normalises vulnerability scanning information. It’ll take the outputs from Snyk, Rapid7, Checkmarx, Netsparker, OpenVAS, Twistlock, Fortify, Burp Suite, Nessus, Qualys, Acunetix AND others.

It ingests all of this data, normalises it, then plumbs these alerts through to the right people through a multitude of different ticketing systems. If your’e stuck in the 7th layer of Sharepoint or Spreadsheet vulnerability management hell, this is a solution to your problems. You will weep salty tears of joy when you hear this one. Free trials of Nucleus are also available.

Links to the companies featured are below!

On this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:

• Julian Assange arrested, likely to be extradited to the USA
• Krebs: Breach at outsourcing firm Wipro
• WordPress 0day drama causing serious headaches
• Silk Road 2’s “DPR2” sent to slammer
• More from Kaspersky SAS

This week’s show is brought to you by Thinkst Canary! Thinkst founder Haroon Meer will be along in this week’s show to talk about the effect venture capital is having on the security ecosystem. He thinks VC money often makes weak ideas look strong, and in a market where it’s quite difficult to make informed purchasing decisions, that’s not a good thing.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

In this week’s show Patrick Gray and Adam Boileau recap all the infosec news of the last three weeks, including:

• Chinese woman arrested at Mar-a-Lago being very shady
• The ASUS supply chain attack
• Flame-related malware lived on longer than expected
• boostrap-sass Ruby gem backdoored
• Latest on Norsk Hydro and other victims of the same crew
• More trouble at Toyota
• Huawei spanked by UK oversight panel
• Exodus govvie malware affects Android and iOS
• Plus much, much more

This week’s sponsor interview is with Kumud Kalia, the Chief Information and Technology Officer of Cylance. They actually dropped a really interesting product announcement at RSA a few weeks back and Kumud will be along later on to tell us about that. The tl;dr it’s an agent that models endpoint behaviour so when someone - or something - else starts using that endpoint to do things that don’t fit the user profile, action can be taken.

It’s the type of tech concept that normally belongs in academic papers, not in actual products people can actually buy. That’s an interesting chat.

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

This is a wholly sponsored podcast brought to you by Duo Security.

WebAuthn is a new multifactor authentication standard for the web that is all rooted in very smart encryption tech. Some of you would already be using similar authentication standards in apps without even thinking about it, like doing biometric authentication in your banking apps. You want to log in via your app and it scans your face to auth you, that sort of thing. WebAuthn makes those types of authentication actions available to users through the browser.

It’s now an official W3C standard supported by most browsers. It’s the future of auth on the Web.

Duo Security has been involved a little bit with the standards process and in this edition of the Soap Box podcast you’re going to hear a nearly hour long conversation between myself, Nick Steele and James Barclay who are Duo’s resident Webauthn dudes at Duo Labs.

I hope you enjoy this conversation.

In this week’s show Patrick Gray and Alex Stamos discuss the week’s news, as well as discussing the rise of white supremacist communities and propaganda on the Internet and what can be done about it.

News:

• Norsk Hydro ransomwared
• Huawei ban gets more and more political
• APT40 hitting USA hard
• Cyber Command’s Euro road-trip
• Kremlin interference in EU elections extremely likely
• US Senators seek information on breaches targeting them
• Cloudflare won’t pull service from 8chan in wake of NZ attack
• Beto O’Rourke was cDc member
• New Mirari variant
• 150 million Android devices hosed by new malware
• Much, much more

This week’s show is brought to you by Chronicle Security! We’ll be joined by Chronicle co-founders Shapor Naghibzadeh and Mike Wiacek. They had a tremendously successful launch at RSA and they’re going to pop in to tell us about some near future plans they have for their Backstory product.

Links to everything are below, and you can follow Patrick or Alex on Twitter if that’s your thing.

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

• Chelsea Manning back in jail
• Citrix owned, Resecurity claims it was Iran. Again. Because reasons, apparently.
• Huawei politics get messy
• EXCLUSIVE: Toyota Oz, other carmakers likely targeted by APT32 (Vietnam)
• Much, much more

This week’s sponsor is Senetas. They make layer 2 encryption gear but recently made a US$8m investment into Votiro, a Content Disarm and Reconstruction (CDR) play. Votiro CEO Aviv Grafi is this week’s sponsor guest. He stops by to explain CDR tech.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

• The NSA isn’t that interested in phone metadata anymore
• More Chinese mass surveillance data leaks
• Chelsea Manning, David House subpoenaed over Wikileaks
• Quadriga cold wallets were actually empty at time of founder’s death
• NSA deployed “rm -rf / shark” at Internet Research Agency
• HackerOne follows Bugcrowd into pentesting
• NSA releases Ghidra
• Much, much more!

This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

In this edition of the show we’re playing a small part in Chronicle’s launch of its flagship product, Backstory.

Chronicle is of course the security spinoff of Google’s parent company, Alphabet. The launch of Chronicle itself was announced about a year ago, but until now it’s only really had one product: Virus Total Enterprise. That all changed today when Chronicle launched Backstory at the RSA conference in the USA.

I was lucky enough to see a demo of Backstory before we recorded this interview last week, and I’m going to characterise it in a way that Chronicle probably won’t like, but it’s basically a cloud-SIEM, albeit a very good one.

Backstory ingests logs from a bunch of data sources – DNS lookup information, DHCP info, your EDR logs (from your Crowdstrike or Carbon Black software), web proxy logs, firewall alerts – and then it structures this stuff so you can make use of it. You get nice pointy-clicky timelines and useful visualisations. That’s handy enough, but keep in mind your logs are now with the company that is responsible for Virus Total. They have some pretty good intel, and they can now apply various IOCs to the logs you’ve submitted.

So one obvious use case for Backstory is doing the type of threat hunting threat hunters like to do, but beyond that, this is likely going to become a pretty useful alerting platform.

On this week’s show Adam and Patrick discuss the week’s security news:

• Cyber Command kicks the IRA off the Internet on election day
• WSJ reporting on Iran vs Australia likely incorrect
• Two Russian cybersecurity professionals sentenced over treason
• DPRK spearphishing US summit participants
• LOTS of technical news and research this week

This week’s show is brought to you by Remediant. Their CEO Tim Keeler will be along in this week’s sponsor segment to talk about how they’re doing “virtual directory binding” to make managing Linux accounts via Active Directory less traumatic. If you’re struggling with horrible, horrible PAM solutions in your devops environments have a listen to that one.

*** NOTE FROM PAT: I made some mistakes in the recording phase of this week’s show. As a result, my vocal audio is pretty atrocious. Sorry! ***

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:

• Former USAF counterintelligence official indicted over spearphishing, leaking secrets
• Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
• More on the Iran DNS hijacks
• Venezuelans phished by their own government
• China’s mass surveillance of Uyghur Muslims laid bare in data leak
• Millions of Swedes have their healthcare help-line calls exposed
• Bank of Valletta dodges a bullet, catches fraudulent transfers
• VK gets Samy’d
• Calls for GDPR-like law in USA
• Marcus “Malwaretech” Hutchins has a bad week

This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.