Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business #535 -- Stop giving Cloudflare money

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Alex Stamos discuss the week’s news, as well as discussing the rise of white supremacist communities and propaganda on the Internet and what can be done about it.

News:

  • Norsk Hydro ransomwared
  • Huawei ban gets more and more political
  • APT40 hitting USA hard
  • Cyber Command’s Euro road-trip
  • Kremlin interference in EU elections extremely likely
  • US Senators seek information on breaches targeting them
  • Cloudflare won’t pull service from 8chan in wake of NZ attack
  • Beto O’Rourke was cDc member
  • New Mirari variant
  • 150 million Android devices hosed by new malware
  • Much, much more

This week’s show is brought to you by Chronicle Security! We’ll be joined by Chronicle co-founders Shapor Naghibzadeh and Mike Wiacek. They had a tremendously successful launch at RSA and they’re going to pop in to tell us about some near future plans they have for their Backstory product.

Links to everything are below, and you can follow Patrick or Alex on Twitter if that’s your thing.

Risky Business #535 -- Stop giving Cloudflare money
0:00 / 0:00

Risky Business #534 -- Manning back in clink, automotive industry under attack

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

  • Chelsea Manning back in jail
  • Citrix owned, Resecurity claims it was Iran. Again. Because reasons, apparently.
  • Huawei politics get messy
  • EXCLUSIVE: Toyota Oz, other carmakers likely targeted by APT32 (Vietnam)
  • Much, much more

This week’s sponsor is Senetas. They make layer 2 encryption gear but recently made a US$8m investment into Votiro, a Content Disarm and Reconstruction (CDR) play. Votiro CEO Aviv Grafi is this week’s sponsor guest. He stops by to explain CDR tech.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #534 -- Manning back in clink, automotive industry under attack
0:00 / 0:00

Risky Business #533 -- Ghidra release, NSA discontinues metadata program and more

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

  • The NSA isn’t that interested in phone metadata anymore
  • More Chinese mass surveillance data leaks
  • Chelsea Manning, David House subpoenaed over Wikileaks
  • Quadriga cold wallets were actually empty at time of founder’s death
  • NSA deployed “rm -rf / shark” at Internet Research Agency
  • HackerOne follows Bugcrowd into pentesting
  • NSA releases Ghidra
  • Much, much more!

This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #533 -- Ghidra release, NSA discontinues metadata program and more
0:00 / 0:00

Risky Biz Soap Box: PRODUCT LAUNCH: Backstory by Alphabet's Chronicle

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this edition of the show we’re playing a small part in Chronicle’s launch of its flagship product, Backstory.

Chronicle is of course the security spinoff of Google’s parent company, Alphabet. The launch of Chronicle itself was announced about a year ago, but until now it’s only really had one product: Virus Total Enterprise. That all changed today when Chronicle launched Backstory at the RSA conference in the USA.

I was lucky enough to see a demo of Backstory before we recorded this interview last week, and I’m going to characterise it in a way that Chronicle probably won’t like, but it’s basically a cloud-SIEM, albeit a very good one.

Backstory ingests logs from a bunch of data sources – DNS lookup information, DHCP info, your EDR logs (from your Crowdstrike or Carbon Black software), web proxy logs, firewall alerts – and then it structures this stuff so you can make use of it. You get nice pointy-clicky timelines and useful visualisations. That’s handy enough, but keep in mind your logs are now with the company that is responsible for Virus Total. They have some pretty good intel, and they can now apply various IOCs to the logs you’ve submitted.

So one obvious use case for Backstory is doing the type of threat hunting threat hunters like to do, but beyond that, this is likely going to become a pretty useful alerting platform.

Risky Biz Soap Box: PRODUCT LAUNCH: Backstory by Alphabet's Chronicle
0:00 / 0:00

Risky Business #532 -- A big week of research and tech news

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Adam and Patrick discuss the week’s security news:

  • Cyber Command kicks the IRA off the Internet on election day
  • WSJ reporting on Iran vs Australia likely incorrect
  • Two Russian cybersecurity professionals sentenced over treason
  • DPRK spearphishing US summit participants
  • LOTS of technical news and research this week

This week’s show is brought to you by Remediant. Their CEO Tim Keeler will be along in this week’s sponsor segment to talk about how they’re doing “virtual directory binding” to make managing Linux accounts via Active Directory less traumatic. If you’re struggling with horrible, horrible PAM solutions in your devops environments have a listen to that one.

*** NOTE FROM PAT: I made some mistakes in the recording phase of this week’s show. As a result, my vocal audio is pretty atrocious. Sorry! ***

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #532 -- A big week of research and tech news
0:00 / 0:00

Risky Business #531 -- Australia's political parties targeted, the Witt indictment and more

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Adam Boileau is along this week to discuss the week’s security news, which also features comment from Dmitri Alperovitch, Klon Kitchen and The Grugq. We cover:

  • Former USAF counterintelligence official indicted over spearphishing, leaking secrets
  • Australia’s major political parties targeted by APT crew that totally isn’t Chinese. (It’s Chinese)
  • More on the Iran DNS hijacks
  • Venezuelans phished by their own government
  • China’s mass surveillance of Uyghur Muslims laid bare in data leak
  • Millions of Swedes have their healthcare help-line calls exposed
  • Bank of Valletta dodges a bullet, catches fraudulent transfers
  • VK gets Samy’d
  • Calls for GDPR-like law in USA
  • Marcus “Malwaretech” Hutchins has a bad week

This week’s sponsor interview is with Jason Haddix of Bugcrowd. He’ll be along to talk a little more about what Bugcrowd calls next-generation pentests. They claim one of their tests is sufficient for compliance purposes under PCI, ISO or NIST and they’ve had a third party auditor prove that for them. They also say the service has really taken off despite being launched only a couple of months ago.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #531 -- Australia's political parties targeted, the Witt indictment and more
0:00 / 0:00

Risky Business #530 -- UAE's Project Raven, Bezosgate and more

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Adam Boileau is back in the news seat this week. We talk about:

  • Amazing Reuters report on UAE’s “Project Raven”
  • Bezos’ dick pics, Saudi Arabia and a creepy brother
  • US government security staffers play post-shutdown catch-up
  • Krebs: National Credit Union Administration probably pwned
  • Russia to test complete disconnection from wider Internet
  • China suspected of involvement in Australian parliament hack
  • Trump likely to ban all Chinese telco equipment makers from US builds
  • Lasers
  • Google: iOS privesc 0days were in wild
  • $145m in cryptocurrency lost forever due to exchange CEO death
  • VFEmail has a very bad day
  • Facebook/Apple cert wars
  • MORE

This week’s show is brought to you by AustCyber, a nonprofit funded by grants from the Australian government. Its goal is to promote Australia’s cybersecurity industry.

AustCyber CEO Michelle Price will be along in this week’s sponsor interview to tell us all about what they’ve got planned for RSA.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #530 -- UAE's Project Raven, Bezosgate and more
0:00 / 0:00

Risky Biz Soap Box: Polyswarm builds a marketplace for AV engines

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

As regular listeners know, this isn’t the regular weekly Risky Business podcast, all Soap Box podcasts are paid promotions. We ran 10 of these last year, we’re running more of them this year – the total number is up to 14, but we’re running fewer of our other promotional podcast Snake Oilers.

In this Soap Box podcast we’re chatting with a company with a legitimately fascinating origin story.

You remember how in 2017 and 2018 people were running all these shonky initial coin offerings where they’d sell off millions of dollars of crypto tokens on the basis of a two minute video and a whitepaper? What happened in a lot of these cases is after the ICO the founders would take the money, launder it and move to the Bahamas.

Well, Polyswarm raised its money in an ICO. About $26m US dollars (!!). And, because they weren’t mainlining the ICO Kool-Aid, they cashed out about half of what they raised into real money before cryptocurrency values crashed.

Instead of moving to the Bahamas, they actually stuck around to build the business that tokenholders had chosen to fund. Their token value has crashed like everyone else’s has, but that doesn’t matter – they’re funded, and because of their unconventional funding source they don’t have a whole bunch of venture capitalists breathing down their neck.

So, what’s the business? It’s a marketplace for threat detection. Yes, my pinned tweet says “I do not want your blockchain expert as a guest on my podcast,” and yes, this company does use blockchain fairy dust, but as you’ll hear, the blockchain element to this business isn’t really what it’s about. Indeed, the founder and CEO of Polyswarm, Steve Bassi, says he would find life a lot easier in many ways if they weren’t actually using blockchain tech here as a marketplace enabler. He’s also banned himself from ever attending a blockchain conference again in his life.

Ok, so what is the Polyswarm marketplace and how does it work. As you’ll hear in this interview it took me a bit to actually understand exactly what they’re doing here, but what they’ve essentially built is a marketplace for AV. The best way to explain this is to just explain how it works. If you’re an enterprise client or an MSSP you can submit a sample to this marketplace. You’re submitting it with a question – is this file bad or good – and you attach a tokenised value to the answer.

On the other side of the equation are all these AV engines. Big ones, small ones… even tiny little micro engines that are only good at detecting very niche threats. So the enterprise submits the sample – that can be a whole file or just a hash – and it gets distributed to all the people who are running these AV engines. They scan the file, and if they’re super confident on an answer, they return that answer as well as a tokenised stake as a measure of their confidence. The idea is you can have a competitive marketplace for threat detection in which even niche players can participate. Polyswarm CEO Steve Bassi joined me to talk me through the whole concept.

Risky Biz Soap Box: Polyswarm builds a marketplace for AV engines
0:00 / 0:00

Risky Business #529 -- Special guest Rob Joyce, NSA

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

There’s no news segment in this week’s show. Instead, you’re going to hear a long-form feature interview I did with the NSA’s Rob Joyce.

Rob is probably best known for his tenure as special assistant to the president on cybersecurity and for being the cybersecurity coordinator on the US National Security Council.

He also served as acting homeland security advisor to Donald Trump for a short time following the departure of Tom Bossert from the Whitehouse. In May last year he went back to NSA where he now serves as a senior advisor to the director of NSA for Cyber Security strategy.

Some of you may also know Rob for his blockbuster January 2016 conference talk “disrupting nation state hackers” back when he was heading TAO at NSA. Good talk, that one, and it’s on YouTube. (Link below.)

But gradually over the last couple of years Rob has emerged as a sort of friendly-face of NSA, at least as far as the infosec industry is concerned. He’s spoke at DEF CON last year, he often appears at events and on panels and he’s doesn’t seem terrified of actually comment on things.

This is a huge departure from the historical way agencies like NSA handled themselves. But as you’ll hear, Rob sees this new approach as being vital to the NSA’s current-day mission.

Topics covered include:

  • DoJ indictments of foreign gov hackers
  • 5G networks and Huawei
  • Kaspersky AV
  • Bloomberg’s Supermicro story
  • Software and hardware supply chain security
  • The USG aggressively burning adversary tools

We also have a sponsor interview for you this week with Zane Lackey, the co-founder of Signal Sciences. I guess you’d call these guys “next generation WAF,” more on that later… but Zane will be along a little bit later with some pretty incredible stats on the way security spending has changed over the last year or two. Money is just piling into appsec while spending on some other controls is actually reducing. It’s a sign of change.

Risky Business #529 -- Special guest Rob Joyce, NSA
0:00 / 0:00

Risky Business #528 -- Huawei dinged, epic FaceTime and Exchange bugs

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Adam Boileau co-hosts this week’s Risky Business episode. We talk about:

  • The Huawei indictments
  • The epic Facetime logic bug
  • The even more epic Exchange privesc bug
  • CISA’s “fix yo DNS” directive
  • Black Cube busted doing shady stuff to Citizen Lab
  • Yahoo shareholder lawsuit settlement makes directors twitchy
  • Internet filtering kicks off in Venezuela
  • Much, much MORE!

This week’s show is brought to you by Thinkst Canary – they make hardware honeypots and the tools you need to deploy canarytokens at scale. They also make virtual honeypots! This week Thinkst’s founder Haroon Meer will be along to wave his finger at basically all of us over what he sees as the security discipline’s tendency to not really learn anything from security conferences. It’s “contertainment,” he says, followed by “GET OFF MY LAWN”.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #528 -- Huawei dinged, epic FaceTime and Exchange bugs
0:00 / 0:00