Risky Business

<p>In this week’s feature interview we chat with Stephen Ridley about all things IoT. Stephen is a researcher turned entrepreneur and he’ll be along to talk about the platform consolidation we’re going to see when it comes to “things”. Once that settles, he argues, we’ll get a better idea of the security risks we should really, actually be worried about. <!--excerpt-above--> In this week’s sponsor interview we’re chatting with Simon Galbally at Senetas.</p> <p>Senetas, of course, makes high assurance network encryptors and Simon joins us this week to talk about where certification schemes might be headed. Did you know there are no sunset clauses on many of the certification schemes out there? So yeah, you can be using a FIPS certified box that’s riddled with known bugs and yep, it’s still certified. Certifications could start moving towards more continuous models.</p> <p>Insomnia Security’s Mark Piper is this week’s news guest.</p> <p>Oh, and do add <a href="https://twitter.com/riskybusiness">Patrick</a> on Twitter if that’s your thing.</p> Show notes St Jude Medical - St. Jude Medical Brings Legal Action Against Muddy Waters and MedSec Surprise! House Oversight report blames OPM leadership for breach of records | Ars Technica OPM Hackers Used Marvel Superhero Nicknames to Hide Their Tracks | Motherboard Feds pin brazen kernel.org intrusion on 27-year-old programmer | Ars Technica Activists to FBI: Show Us Your Warrant for Mass Hack of TorMail Users | Motherboard FBI Denies Making Dark Web Child Porn Site Run Faster | Motherboard Dark Web Market Bans Synthetic Opioid Fentanyl After Recent Deaths | Motherboard Porn Sites Feel Exposed by Flash, Get It on With HTML5 | Motherboard Nearly 800,000 Brazzers Porn Site Accounts Exposed in Forum Hack | Motherboard Over 40 million usernames, passwords from 2012 breach of Last.fm surface | Ars Technica After Breaches At Other Services, Spotify Is Resetting Users' Passwords | Motherboard More passwords, please: 98 million leaked from 2012 breach of “Russia’s Yahoo” | Ars Technica Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops • The Register L0phtCrack's back! Crack hack app whacks Windows 10 trash hashes • The Register So much for counter-phishing training: Half of people click anything sent to them | Ars Technica George W Bush hacker Guccifer to spend 52 months in the big house • The Register Golden State Warriors Android app constantly listens to nearby audio, fan says [Updated] | Ars Technica OpenOffice, after years of neglect, could shut down | Ars Technica Number of Devices Sharing Private Crypto Keys Up Sharply | Threatpost | The first stop for security news Data Stealing Mac OS X Backdoor Uncovered | Threatpost | The first stop for security news Google Shuts Down Potentially Massive Android Bug | Threatpost | The first stop for security news New OS X security updates patch same zero-days as iOS 9.3.5 | Ars Technica Critical Flaws Found in Network Management Systems | Threatpost | The first stop for security news Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs | Threatpost | The first stop for security news Hello, Fortinet? Could you patch these vulns please? • The Register Google’s Clever Plan to Stop Aspiring ISIS Recruits | WIRED Senrio Jaggi paper highlights benefits of high-assurance encryption