Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business Podcast

September 15, 2016

Risky Business #427 -- Cahill law partner Brad Bondi on MedSec suit

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

We have a great feature interview this week. Risky Business contributor Brian Donohue spoke with Cahill law firm partner Brad Bondi about the suit St Jude Medical has brought against MedSec and Muddy Waters over the short-sell of the medical device manufacturer’s shares. That is an illuminating chat that certainly gave me an understanding of where this all could be heading, both in terms of the upcoming trial and how likely it is we’ll see similar stuff in the future. This week’s show is brought to you by Cylance! These guys basically offer an AV solution that works differently. But you know what? I’ve asked a dozen people what they actually do, and no one has really been able to tell me. So, I talk to Cylance founder and CEO Stuart McClure about the fall out from the House Oversight report into the OPM breach – a report that went in to some detail on Cylance’s role in determining the extent of the breach – but I also talk to him more generally about what it is that Cylance actually does.

Adam Boileau is back in the news chair this week to talk about the week’s information security headlines.

Oh, and do add Patrick or Adam on Twitter if that’s your thing.

Risky Business #427 -- Cahill law partner Brad Bondi on MedSec suit
0:00 / 0:00

Risky Business Podcast

September 08, 2016

Risky Business #426 -- House Oversight Committee drops OPM breach report PLUS St Jude sues MedSec

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s feature interview we chat with Stephen Ridley about all things IoT. Stephen is a researcher turned entrepreneur and he’ll be along to talk about the platform consolidation we’re going to see when it comes to “things”. Once that settles, he argues, we’ll get a better idea of the security risks we should really, actually be worried about. In this week’s sponsor interview we’re chatting with Simon Galbally at Senetas.

Senetas, of course, makes high assurance network encryptors and Simon joins us this week to talk about where certification schemes might be headed. Did you know there are no sunset clauses on many of the certification schemes out there? So yeah, you can be using a FIPS certified box that’s riddled with known bugs and yep, it’s still certified. Certifications could start moving towards more continuous models.

Insomnia Security’s Mark Piper is this week’s news guest.

Oh, and do add Patrick on Twitter if that’s your thing.

Risky Business #426 -- House Oversight Committee drops OPM breach report PLUS St Jude sues MedSec
0:00 / 0:00

Risky Business Podcast

September 01, 2016

Risky Business #425 -- MedSec CEO Justine Bone on the Muddy Waters short

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we've landed what looks to be a fairly exclusive interview -- at least as far as the tech press is concerned. Justine Bone will be joining us to explain why the company she works with, MedSec, decided to use vulnerability information on implantable medical devices to drive a short-selling scheme in partnership with Muddy Waters.

This week's show is sponsored by Tenable Network Security. We're doing something a bit different in this week's sponsor interview -- we're chatting with one of Tenable's customers, City of San Diego CISO Gary Hayslip.

They've just invested heavily in Nessus, among other things. Gary drops by to explain what he's been doing since he took the CISO position a few years ago. If you're a CISO it's actually a pretty interesting interview. That team has to deal with everything from embedded devices in cop cars to control systems to its very own POS network. Hey, citizens have to pay for government services somehow, right?

Trail of Bits head honcho Dan Guido is this week's news guest.

Oh, and do add Patrick and Dan on Twitter if that's your thing.

Risky Business #425 -- MedSec CEO Justine Bone on the Muddy Waters short
0:00 / 0:00

Risky Business Podcast

August 25, 2016

Risky Business #424 -- Jess Frazelle on Docker. So hot right now.

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we chat with Jessie Frazelle. Jessie is a former Docker maintainer who now works at Google on all things "containery". So we talk to her about what's up with containers, basically, and where the security pitfalls are. Like it or not, containers are likely going to be used in your environment, so getting to know them is a must. That's this week's feature.

This week's show is brought to you by HP Enterprise Security's Fortify! These guys and gals are a new sponsor, and I'm sure most of you know them. They make both static analysis and dynamic analysis code security tools, and this week we're joined by HPE Fortify's James "Jimmy" Rabon to talk about how this whole newfangled devops/agile thing has changed things for them.

The Grugq also joins the show to talk about the week's security news. He's filling in for Adam Boileau who's frantically getting Kiwicon 10 organised.

Oh, and do add Patrick and The Grugq on Twitter if that's your thing.

Show notes

Completely Wrong - Medium
https://medium.com/@thegrugq/completely-wrong-a300246ad316#.h7zsu81sg

CyberSecPolitics: Why EQGRP Leak is Russia
http://cybersecpolitics.blogspot.com.au/2016/08/why-eqgrp-leak-is-russia...

Shadow Broker Breakdown - Medium
https://medium.com/@thegrugq/shadow-broker-breakdown-b05099eb2f4a#.eqou5...

The NSA Leak Is Real, Snowden Documents Confirm
https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents...

NSA-linked Cisco exploit poses bigger threat than previously thought | Ars Technica
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-b...

Juniper Acknowledges Equation Group Targeted ScreenOS | Threatpost | The first stop for security news
https://threatpost.com/juniper-acknowledges-equation-group-exploits-targ...

Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump | Motherboard
http://motherboard.vice.com/read/former-nsa-staffers-rogue-insider-shado...

The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days | WIRED
https://www.wired.com/2016/08/shadow-brokers-mess-happens-nsa-hoards-zer...

Researcher Grabs VPN Password With Tool From NSA Dump | Motherboard
http://motherboard.vice.com/read/researcher-grabs-cisco-vpn-password-wit...

Commentary: Evidence points to another Snowden at the NSA | Reuters
http://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P

The NSA Data Leakers Might Be Faking Their Awful English To Deceive Us | Motherboard
http://motherboard.vice.com/read/the-shadow-brokers-nsa-leakers-linguist...

Someone Rickrolled the Bitcoin Auction for NSA Exploits | Motherboard
http://motherboard.vice.com/read/someone-rickrolled-the-bitcoin-auction-...

Californian gets 50 months in prison for Chinese 'technology spy' work \u2022 The Register
http://www.theregister.co.uk/2016/08/23/50_months_for_chinese_tech_spy_w...

Lawyer: Dark Web Child Porn Site Ran Better When It Was Taken Over by the FBI | Motherboard
http://motherboard.vice.com/read/lawyer-dark-web-child-porn-site-ran-bet...

A 'Tor General Strike' Wants to Shut Down the Tor Network for a Day | Motherboard
http://motherboard.vice.com/read/a-tor-general-strike-wants-to-shut-down...

EFF Blasts Microsoft Over Windows 10 Rollout | Threatpost | The first stop for security news
https://threatpost.com/eff-blasts-microsoft-over-malicious-windows-10-ro...

Australia Post says use blockchain for voting. Expert: you're kidding \u2022 The Register
http://www.theregister.co.uk/2016/08/22/australia_postblockchain_for_vot...

SSA: Ixnay on txt msg reqmnt 4 e-acct, sry - Krebs on Security
http://krebsonsecurity.com/2016/08/ssa-ixnay-on-txt-msg-reqmnt-4-e-acct-...

Epic Games Forums Hacked, 800,000 User Accounts Exposed | Threatpost | The first stop for security news
https://threatpost.com/epic-games-forums-hacked-sql-injection-vulnerabil...

Malware Infected All Eddie Bauer Stores in U.S., Canada - Krebs on Security
http://krebsonsecurity.com/2016/08/malware-infected-all-eddie-bauer-stor...

Massive Email Bombs Target .Gov Addresses - Krebs on Security
http://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addres...

New Brazilian Banking Trojan Uses Windows PowerShell Utility | Threatpost | The first stop for security news
https://threatpost.com/new-brazilian-banking-trojan-uses-windows-powersh...

Browser Address Bar Spoofing Vulnerability Disclosed | Threatpost | The first stop for security news
https://threatpost.com/browser-address-bar-spoofing-vulnerability-disclo...

Software-defined networking is dangerously sniffable \u2022 The Register
http://www.theregister.co.uk/2016/08/23/sdns_normal_behaviour_is_sniffab...

How to Dramatically Improve Corporate IT Security Without Spending Millions - Praetorian.pdf
https://www.praetorian.com/downloads/report/How%20to%20Dramatically%20Im...

Risky Business #424 -- Jess Frazelle on Docker. So hot right now.
0:00 / 0:00

Risky Business Podcast

August 18, 2016

Risky Business #423 -- ShadowBrokers PLUS how2pwn Apple's Secure Enclave

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

This week's feature interview is incredible. We're speaking with David Wang from Azimuth Security. He, his colleague Tarjei Mandt and Mat Solnik of OffCell Research delivered an absolutely blockbuster talk at Black Hat. I didn't see the talk at the time but I got a chance to review the slides and oh-my-god I can't believe this one got so little attention.

While everyone was running around talking about hackable lightbulbs, jeeps and trucks, these three guys basically dropped a how2pwn guide for Apple's Secure Enclave Processor. So, you know, you can basically take their slide deck, add a couple of little tweaks and you're unlocking an iPhone 6s and messing around with a thing you're really not supposed to be messing around with. It's really, really good reversing work and you need to hear this interview.

This week's show is brought to you by Bugcrowd, outsourced bug bounty programs. Bugcrowd founder and CEO Casey Ellis is along this week to talk about Apple's newly launched bounty program. Even though other software companies already have bounty programs, the large rewards involved in this one make it a big deal. We'll get his thoughts on that.

Adam Boileau joins us in this week's news segment to discuss the NSA's shiny toys being all over teh torrentz, as well as other assorted infosec news.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

What We Know About the Exploits Dumped in NSA-Linked Hack | Motherboard
http://motherboard.vice.com/read/what-we-know-about-the-exploits-dumped-...

The Equation Giveaway - Securelist
https://securelist.com/blog/incidents/75812/the-equation-giveaway/

\u200bWhy Github Removed Links to Alleged NSA Data | Motherboard
http://motherboard.vice.com/read/why-github-removed-links-to-alleged-nsa...

Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump | Motherboard
http://motherboard.vice.com/read/former-nsa-staffers-rogue-insider-shado...

The Current Highest Bid for Alleged NSA Data is 999,998.371 Bitcoin Short | Motherboard
http://motherboard.vice.com/read/the-shadow-brokers-auction-nsa-data-bit...

Hack of NSA-Linked Group Signals a Cyber Cold War | Motherboard
http://motherboard.vice.com/read/hack-nsa-linked-equation-group-cyber-co...

Why Did Guccifer 2.0 Evolve from Sloppy Hacktivist to Professional Leaker? | Motherboard
http://motherboard.vice.com/read/guccifer-20-evolution-sloppy-hacktivist...

Patrick Gray on Twitter: "Well this basically confirms it's Russia, right? Trolololol-lolol-lolol-lalalalaaaaa!!! https://t.co/YZ4etnZgO3"
https://twitter.com/riskybusiness/status/765347661587238916

Snowden speculates leak of NSA spying tools is tied to Russian DNC hack | Ars Technica
http://arstechnica.com/tech-policy/2016/08/snowden-speculates-leak-of-ns...

Shadow Brokers NSA exploits: doubts about Edward Snowden's tweets | The Cold War Daily
https://coldwardaily.com/2016/08/17/shadow-brokers-nsa-exploits-doubts-a...

Guccifer 2.0 doxes hundreds of House Democrats with massive document dump | Ars Technica
http://arstechnica.com/tech-policy/2016/08/guccifer-2-0-doxes-hundreds-o...

Democratic, GOP leaders got a secret briefing on DNC hack last year | Ars Technica
http://arstechnica.com/tech-policy/2016/08/democrat-gop-leaders-got-a-se...

Court Rules to Extradite Suspected Silk Road Admin From Ireland to the US | Motherboard
http://motherboard.vice.com/read/court-rules-to-extradite-suspected-silk...

\u200bAustralian Authorities Hacked Computers in the US | Motherboard
http://motherboard.vice.com/read/australian-authorities-hacked-computers...

How Researchers Exposed Iranian Cyberattacks Against Hundreds of Activists | Motherboard
http://motherboard.vice.com/read/iran-cyberattacks-against-activists

Wave of Spoofed Encryption Keys Shows Weakness in PGP Implementation | Motherboard
http://motherboard.vice.com/read/wave-of-spoofed-encryption-keys-shows-w...

Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks | Ars Technica
http://arstechnica.com/security/2016/08/linux-bug-leaves-1-4-billion-and...

Almost every Volkswagen sold since 1995 can be unlocked with an Arduino | Ars Technica
http://arstechnica.com/cars/2016/08/hackers-use-arduino-to-unlock-100-mi...

Security Fuckup Megathread - v12.1.4 - i need tp-link for my security hole - The Something Awful Forums
https://forums.somethingawful.com/showthread.php?threadid=3771497&pagenu...

Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open | Ars Technica
http://arstechnica.com/security/2016/08/microsoft-secure-boot-firmware-s...

Adobe Patches Experience Manager; No Flash Update | Threatpost | The first stop for security news
https://threatpost.com/a-month-without-adobe-flash-player-patches/119770/

Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica
http://arstechnica.com/security/2016/08/cisco-confirms-nsa-linked-zeroda...

Cisco Patches ASA Zero Day Exposed by ShadowBrokers | Threatpost | The first stop for security news
https://threatpost.com/cisco-patches-asa-zero-day-exposed-by-shadowbroke...

us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf
https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-T...

Risky Business #423 -- ShadowBrokers PLUS how2pwn Apple's Secure Enclave
0:00 / 0:00

Risky Business Podcast

August 11, 2016

Risky Business #422 -- #CensusFail, news with Adam and MOAR

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we talk about the week's security news with Adam Boileau and I spill on what my sources have told me about #censusfail.

This week's show is brought to you by Canary.tools. Canary is a fantastic bit of kit -- it's essentially an easily configurable, compact honeypot you can just drop on your network like a dropbox to detect attacks. No begging the data centre people for rack space, just drop it and go. We'll be talking to Canary.tools head honcho Haroon Meer this week about the disconnect between what some startups are pitching to venture capitalists versus what users actually need.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Census Australia 2016 fail: ABS says website was hacked
http://www.news.com.au/technology/census-fail-abs-spent-nearly-500000-on...

Patrick Gray on Twitter: "Analysis from trusted source of trusted source. Someone's getting fired. I'm a fucking journo and I'm not this dumb: https://t.co/gyQajFDQcQ"
https://twitter.com/riskybusiness/status/763189895292555264

'Angry, bitterly disappointed': Malcolm Turnbull lashes ABS for census failures
http://www.theage.com.au/federal-politics/political-news/angry-bitterly-...

Starting this fall, Apple will pay up to $200,000 for iOS and iCloud bugs | Ars Technica
http://arstechnica.com/apple/2016/08/starting-this-fall-apple-will-pay-u...

Zero-Day Hunters Will Pay Over Twice as Much as Apple's New Bug Bounty Programme | Motherboard
http://motherboard.vice.com/read/zero-day-hunters-will-pay-over-twice-as...

Linux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks | Ars Technica
http://arstechnica.com/security/2016/08/linux-bug-leaves-usa-today-other...

Researchers crack open unusually advanced malware that hid for 5 years | Ars Technica
http://arstechnica.com/security/2016/08/researchers-crack-open-unusually...

Data Breach At Oracle's MICROS Point-of-Sale Division - Krebs on Security
http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-o...

Apple, Intel, Google Employee Accounts Exposed in Data Breach of Developer Forum | Motherboard
http://motherboard.vice.com/read/apple-intel-google-employee-accounts-ex...

Copperhead OS: The startup that wants to solve Android's woeful security | Ars Technica
http://arstechnica.com/security/2016/08/copperhead-os-fix-android-security/

Major Qualcomm chip security flaws expose 900M Android users | Ars Technica
http://arstechnica.com/security/2016/08/qualcomm-chip-flaws-expose-900-m...

Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels | Motherboard
http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-t...

Hackers Make the First-Ever Ransomware for Smart Thermostats | Motherboard
http://motherboard.vice.com/read/internet-of-things-ransomware-smart-the...

Afraid of the Dark? Too Bad, Your Smart Bulbs Can Be Hacked | Motherboard
http://motherboard.vice.com/read/hackers-could-take-control-of-your-smar...

Good news-the robocalling scourge may not be unstoppable after all | Ars Technica
http://arstechnica.com/security/2016/08/good-news-the-robocalling-scourg...

IPv6 router bug: Juniper spins out hotfix to thwart DDoS attacks | Ars Technica
http://arstechnica.com/security/2016/08/ipv6-router-bug-juniper-cisco-dd...

PLC Blaster Worm Targets Industrial Control PLCs | Threatpost | The first stop for security news
https://threatpost.com/plc-blaster-worm-targets-industrial-control-syste...

Secure Golden Key Boot: (MS16-094 / CVE-2016-3287, and MS16-100 / CVE-2016-3320)
https://rol.im/securegoldenkeyboot/

Flip Feng Shui - VUSec
https://www.vusec.net/projects/flip-feng-shui/

FreeBSD \xb7 GitHub
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Risky Business #422 -- #CensusFail, news with Adam and MOAR
0:00 / 0:00

Risky Business Podcast

August 06, 2016

Risky Business #421 -- Las Vegas edition with Dan Guido, Andy Greenberg and Zane Lackey

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we speak with Signal Sciences' co-founder Zane Lackey about hackers building defensive tools and software companies. Dan Guido and Andy Greenberg talk about car hacking and the week's security news, and Wade Woolwine of Rapid7 is in the sponsor slot talking about EDR/IDR software.

Show notes

Hackers Fool Tesla S's Autopilot to Hide and Spoof Obstacles | WIRED
https://www.wired.com/2016/08/hackers-fool-tesla-ss-autopilot-hide-spoof...

The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse | WIRED
https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-ac...

Hackers Hijack a Big Rig Truck's Accelerator and Brakes | WIRED
https://www.wired.com/2016/08/researchers-hack-big-rig-truck-hijack-acce...

LastPass Patches Ormandy Remote Compromise Flaw | Threatpost | The first stop for security news
https://threatpost.com/lastpass-patches-ormandy-remote-compromise-flaw/1...

Researchers Bypass Chip and Pin Protections at Black Hat | Threatpost | The first stop for security news
https://threatpost.com/researchers-bypass-chip-and-pin-protections-at-bl...

Oracle EBusiness Suite 'Massive' Attack Surface Assessed | Threatpost | The first stop for security news
https://threatpost.com/oracle-ebusiness-suite-massive-attack-surface-ass...

Yahoo Investigates 200 Million Alleged Accounts For Sale On Dark Web | Threatpost | The first stop for security news
https://threatpost.com/yahoo-investigates-200-million-alleged-accounts-f...

Report claims more than half of UK firms have been hit by ransomware | Ars Technica
http://arstechnica.com/security/2016/08/more-than-half-of-uk-firms-have-...

DNC staffers: FBI didn't tell us for months about possible Russian hack | Ars Technica
http://arstechnica.com/security/2016/08/dnc-staffers-fbi-didnt-tell-us-f...

New attack steals SSNs, e-mail addresses, and more from HTTPS pages | Ars Technica
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-ad...

Bitcoin value falls off cliff after $77M stolen in Hong Kong exchange hack | Ars Technica
http://arstechnica.com/security/2016/08/bitcoin-value-falls-off-cliff-af...

Social Security Administration Now Requires Two-Factor Authentication - Krebs on Security
http://krebsonsecurity.com/2016/08/social-security-administration-now-re...

The Administrator of the Dark Web's Infamous Hacking Market Has Vanished | Motherboard
http://motherboard.vice.com/read/the-administrator-of-the-dark-webs-infa...

Privacy Activists Launch Database to Track Global Sales of Surveillance Tech | Motherboard
http://motherboard.vice.com/read/privacy-activists-launch-database-to-tr...

How Drones Could Help Hackers Shut Down Power Plants | Motherboard
http://motherboard.vice.com/read/how-drones-could-help-hackers-shut-down...

Home
https://signalsciences.com/

rapid7 edr - Google Search
https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF...

Risky Business #421 -- Las Vegas edition with Dan Guido, Andy Greenberg and Zane Lackey
0:00 / 0:00

Risky Business Podcast

July 29, 2016

Risky Business #420 -- What we don't know about Watergate 2.0

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're taking a look at the DNC leaks, but don't worry, we won't be getting bogged down in the same old angles. Instead, we're going to chat to Lorenzo Franceschi-Bicchierai from VICE motherboard about his experience in interviewing the Guccifer 2 persona.

Then we'll hear from Kevin Poulsen about what these latest developments mean for Wikileaks. It's a topic you're probably sick of hearing about this week, but stick with us, we've got some new angles, and they're relevant.

This week's sponsor interview is an absolute, certified, 24-carat cracker. Bromium is this week's sponsor and its CTO and co-founder, Simon Crosby, pops along to talk about his experience in dealing with the wrath of Tavis Ormandy. Tavis actually managed to dig a custom build of Bromium's software out of VirusTotal and find a really cool bug in it. But there's actually a fair bit more to that story and Simon fills us in.

Adam Boileau, as usual, joins us to discuss the week's security news headlines.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

WikiLeaks Dumps 'Erdogan Emails' After Turkey's Failed Coup | WIRED
https://www.wired.com/2016/07/wikileaks-dumps-erdogan-emails-turkeys-fai...

WikiLeaks Put Women in Turkey in Danger, for No Reason
http://www.huffingtonpost.com/zeynep-tufekci/wikileaks-erdogan-emails_b_...

Notorious Hacker 'Phineas Fisher' Says He Hacked The Turkish Government | Motherboard
http://motherboard.vice.com/read/phineas-fisher-turkish-government-hack

ZeroBin
https://zerobin.net/?28625085e55bf0fb#QFl/7wV7jpgLG6aXm3YLzDtFklBTWZtJ3G...

bellingcat - "We've shot four people. Everything's fine." The Turkish Coup through the Eyes of its Plotters - bellingcat
https://www.bellingcat.com/news/mena/2016/07/24/the-turkey-coup-through-...

Snowden Designs a Device to Warn if Your iPhone's Radios Are Snitching | WIRED
https://www.wired.com/2016/07/snowden-designs-device-warn-iphones-radio-...

Edward Snowden on Twitter: "The aversion to sharing #NSA evidence is fear of revealing "sources and methods" of intel collection, but #XKEYSCORE is now publicly known."
https://twitter.com/Snowden/status/757577614873755648

Robert M. Lee on Twitter: "Since my colleagues are afraid to comment - @Snowden this is ridiculous. Also weren't you in T group. Just stop. https://t.co/6Gv5hK7qMi"
https://twitter.com/RobertMLee/status/757715572461219841

Keys to Chimera crypto ransomware allegedly leaked by rival crime gang | Ars Technica
http://arstechnica.com/security/2016/07/keys-to-chimera-crypto-ransomwar...

SentinelOne Offers $1 Million Guarantee To Stop Ransomware
http://www.darkreading.com/vulnerabilities---threats/sentinelone-offers-$1-million-guarantee-to-stop-ransomware/d/d-id/1326363

EFF Files Lawsuit Challenging DMCA's Restrictions Security Researchers | Threatpost | The first stop for security news
https://threatpost.com/eff-files-lawsuit-challenging-dmcas-restrictions-...

Malicious computers caught snooping on Tor-anonymized Dark Web sites | Ars Technica
http://arstechnica.com/security/2016/07/malicious-computers-caught-snoop...

Upcoming Tor Design Battles Hidden Services Snooping | Threatpost | The first stop for security news
https://threatpost.com/upcoming-tor-design-battles-hidden-services-snoop...

NIST Recommends SMS Two-Factor Authentication Deprecation | Threatpost | The first stop for security news
https://threatpost.com/nist-recommends-sms-two-factor-authentication-dep...

How I made LastPass give me all your passwords
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-yo...

Yahoo Ordered to Explain Data Gathering Procedures in Deleted Email Case | Threatpost | The first stop for security news
https://threatpost.com/yahoo-ordered-to-explain-data-gathering-procedure...

Verizon to End Yahoo Survival Fight With $4.8 Billion Deal - Bloomberg
http://www.bloomberg.com/news/articles/2016-07-24/verizon-said-to-announ...

New attack bypasses HTTPS protection on Macs, Windows, and Linux | Ars Technica
http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-c...

Pornhub Hack Earns Researchers $22,000 | Threatpost | The first stop for security news
https://threatpost.com/pornhub-hack-earns-researchers-22000/119450/

Firefox to Block Flash in August, Disable in 2017 | Threatpost | The first stop for security news
https://threatpost.com/firefox-to-block-flash-in-august-disable-in-2017/...

Alan on Twitter: "spend $150 on a fancy pet feeder that doesn't feed your cat when their servers are offline what a great design https://t.co/ZXMiGuWNFE"
https://twitter.com/alanzeino/status/758209842477604864

15 Vulnerabilities in SAP HANA Outlined | Threatpost | The first stop for security news
https://threatpost.com/15-vulnerabilities-in-sap-hana-outlined/119406/

Wikileaks Dismantling of DNC Is Clear Attack by Putin on Clinton | Observer
http://observer.com/2016/07/wikileaks-dismantling-of-dnc-is-clear-attack...

Why Does DNC Hacker 'Guccifer 2.0' Talk Like This? | Motherboard
https://motherboard.vice.com/read/why-does-dnc-hacker-guccifer-20-talk-l...

A Hat Tip to a White Hat | A Collection of Bromides on Infrastructure
https://blogs.bromium.com/2016/06/21/a-hat-tip-to-a-white-hat/

Risky Business #420 -- What we don't know about Watergate 2.0
0:00 / 0:00

Risky Business Podcast

July 22, 2016

Risky Business #419 -- Brian Krebs on future of bank cybercrime

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're catching up with Brian Krebs of Krebs On Security. He'll be talking to us about recent trends in cybercrime, and he's got a warning for security teams in the banking sector. He says things are going to get pretty sticky, and he's usually right on this stuff.

This week's show is brought to you by Bugcrowd, big thanks to them. And in the sponsor slot we're speaking with HD Moore, who recently joined the company's advisory board. I know HD well and I can tell you he was initially quite sceptical of bounties. So he joins us to talk about why he changed his mind and how he plans on helping Bugcrowd do stuff better.

Adam Boileau, as usual, joins us to discuss the week's security news headlines.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

WikiLeaks Dumps 'Erdogan Emails' After Turkey's Failed Coup | WIRED
https://www.wired.com/2016/07/wikileaks-dumps-erdogan-emails-turkeys-fai...

Turkey Blocks WikiLeaks After Dump of Government Emails | Motherboard
http://motherboard.vice.com/read/turkey-erdogan-blocks-wikileaks-after-d...

Ethereum Inventor: We Got 'Very Lucky' In Gamble to Save $56M From Hacker | Motherboard
http://motherboard.vice.com/read/ethereum-56m-hacker-the-dao-vitalik-but...

Clever Tool Shields Your Car From Hacks by Watching Its Internal Clocks | WIRED
https://www.wired.com/2016/07/clever-tool-shields-car-hacks-watching-int...

Big Privacy Ruling Says Feds Can't Grab Data Abroad With a Warrant | WIRED
https://www.wired.com/2016/07/big-privacy-ruling-says-feds-cant-grab-dat...

Baseball exec gets 46 months in prison after guessing rival team's password | Ars Technica
http://arstechnica.com/tech-policy/2016/07/baseball-exec-gets-46-months-...

FDIC was hacked by China, and CIO covered it up | Ars Technica
http://arstechnica.com/security/2016/07/fdic-was-hacked-by-china-and-cio...

Hacker 'Phineas Fisher' Speaks on Camera for the First Time-Through a Puppet | Motherboard
http://motherboard.vice.com/read/hacker-phineas-fisher-hacking-team-puppet

Hacker Claims to Have Sold Leaked Terrorism Watchlist 'World-Check' For $20,000 | Motherboard
http://motherboard.vice.com/read/hacker-leaked-terrorism-watchlist-world...

Two Million Passwords Breached in Ubuntu Hack | Threatpost | The first stop for security news
https://threatpost.com/two-million-passwords-breached-in-ubuntu-hack/119...

'Prominent' Admin of Top ISIS Forum Hacked | Motherboard
http://motherboard.vice.com/read/prominent-admin-of-top-isis-jihadi-foru...

Activists Release Nearly 100 Years of TIME Magazine Issues For Free | Motherboard
http://motherboard.vice.com/read/activists-release-nearly-100-years-of-t...

httpoxy
https://httpoxy.org/

Software flaw puts mobile phones and networks at risk of complete takeover | Ars Technica
http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones...

Google Chrome Malware Leads to Sketchy Facebook Likes | Threatpost | The first stop for security news
https://threatpost.com/google-chrome-malware-leads-to-sketchy-facebook-l...

Oracle Fixes 276 Vulnerabilites in July Critical Patch Update | Threatpost | The first stop for security news
https://threatpost.com/oracle-patches-record-276-vulnerabilities-with-ju...

Apple Fixes Vulnerabilities Across OS X, iOS, Safari | Threatpost | The first stop for security news
https://threatpost.com/apple-fixes-vulnerabilities-across-os-x-ios-safar...

Cisco Talos - Talos 2016 0171
http://www.talosintelligence.com/reports/TALOS-2016-0171/

Crypto flaw made it easy for attackers to snoop on Juniper customers | Ars Technica
http://arstechnica.com/security/2016/07/crypto-flaw-made-it-easy-for-att...

Meet The Cyber Mercenaries Selling Spyware To Governments | Motherboard
http://motherboard.vice.com/read/meet-the-cyber-mercenaries-selling-spyw...

Carbanak Gang Tied to Russian Security Firm? - Krebs on Security
http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-securit...

Risky Business #419 -- Brian Krebs on future of bank cybercrime
0:00 / 0:00

Risky Business Podcast

July 15, 2016

Risky Business #418 -- The rise of the crypto-Taliban

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week's show we're chatting with The Grugq about secure messaging. Facebook has announced it's rolling out an end-to-end encryption feature and the reaction to this wonderful announcement has been somewhat bizarre. We'll be talking to Grugq about why crypto absolutists are hating on companies that are rolling out non-default e2e features. We'll also talk about a couple of interesting case studies in which e2e encryption did absolutely nothing for the people using it.

This week's show is brought to you by Sensepost, an absolutely fantastic security firm that operates in England and South Africa. Sensepost has been an academy for security luminaries over the years. Haroon Meer of Thinkst was an early stage employee, Maltego creator Roelof Temmingh was a co-founder.

So, they're smart. And one of the things SensePost does is security training at BlackHat in Las Vegas. They've been doing this for 15 years and Sensepost's Daniel Cuthbert will be joining us in this week's sponsor interview to talk about what courses they're offering and who winds up actually taking them. The really interesting part is it's not always security professionals in those courses.

Adam Boileau, as usual, joins us to discuss the week's security news headlines.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

iOS version of Pok\xe9mon Go is a possible privacy trainwreck [Updated] | Ars Technica
http://arstechnica.com/gaming/2016/07/pokemon-go-on-ios-gets-full-access...

Malicious Pok\xe9mon Go Features Backdoor, RAT | Threatpost | The first stop for security news
https://threatpost.com/malicious-pokemon-go-app-installs-backdoor-on-and...

Chrysler Launches Detroit's First 'Bug Bounty' for Hackers | WIRED
https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bount...

Paint it black: Revisiting the Blackphone and its cloudy future | Ars Technica
http://arstechnica.com/information-technology/2016/07/paint-it-black-rev...

Tor Project, a Digital Privacy Group, Reboots With New Board - The New York Times
http://www.nytimes.com/2016/07/14/technology/tor-project-a-digital-priva...

MIT Anonymity Network Riffle Promises Efficiency, Security | Threatpost | The first stop for security news
https://threatpost.com/mit-anonymity-network-riffle-promises-efficiency-...

Putin signs new anti-terror law in Russia. Edward Snowden is upset. - The Washington Post
https://www.washingtonpost.com/world/europe/putin-signs-law-to-bolster-r...

VPN Company Claims Russian Government Seized Its Servers | Motherboard
http://motherboard.vice.com/read/vpn-company-private-internet-access-cla...

Google Tests New Crypto in Chrome to Fend Off Quantum Attacks | WIRED
https://www.wired.com/2016/07/google-tests-new-crypto-chrome-fend-off-qu...

Now it's easy to see if leaked passwords work on other sites | Ars Technica
http://arstechnica.com/security/2016/07/password-reuse-tool-makes-it-eas...

Florida U boffins think they've defeated all ransomware \u2022 The Register
http://www.theregister.co.uk/2016/07/12/ransomware_defeated/

Nation-backed malware that infected energy firm is 1 of 2016's sneakiest | Ars Technica
http://arstechnica.com/security/2016/07/nation-backed-malware-that-infec...

Criminal Forums Ban Hacker Linked to Myspace, LinkedIn Breaches | Motherboard
http://motherboard.vice.com/read/criminal-forums-ban-hacker-linked-to-my...

Taiwan banks suspend Wincor Nixdorf ATM withdrawals after crooks st...
https://www.finextra.com/newsarticle/29161/taiwan-banks-suspend-wincor-n...

Hacker Finds Bug to Edit or Delete Any Medium Post | Motherboard
http://motherboard.vice.com/read/hacker-finds-bug-to-edit-or-delete-any-...

20-year-old Windows bug lets printers install malware-patch now | Ars Technica
http://arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-pri...

D-Link Wi-Fi Camera Flaw Extends to 120 Products | Threatpost | The first stop for security news
https://threatpost.com/d-link-wi-fi-camera-flaw-extends-to-120-products/...

TP-Link forgets to register domain name, leaves config pages open to hijack | Ars Technica
http://arstechnica.com/security/2016/07/tp-link-forgets-to-register-doma...

July 2016 Adobe Flash Player Patches | Threatpost | The first stop for security news
https://threatpost.com/adobe-patches-52-vulnerabilities-in-flash-player/...

Facebook Messenger End-to-End Encryption Not On By Default | Threatpost | The first stop for security news
https://threatpost.com/facebook-messenger-end-to-end-encryption-not-on-b...

'Secret Conversations:' End-to-End Encryption Comes to Facebook Messenger | WIRED
https://www.wired.com/2016/07/secret-conversations-end-end-encryption-fa...

Kylie Auldist - Sensational - YouTube
https://www.youtube.com/watch?v=MqDDceJleh0

SensePost | Sensepost at blackhat & defcon 2016
https://www.sensepost.com/blog/2016/sensepost-at-blackhat-defcon-2016/

Risky Business #418 -- The rise of the crypto-Taliban
0:00 / 0:00