Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #461 -- AWS security with Atlassian's Daniel Grzelak
On this week’s show we chat with Atlassian’s head of security, Daniel Grzelak, all about some AWS security tools he’s come up with. He also previews a new tool for generating AWS access key honeytokens at scale, which is really neat.
This week’s show is brought to you by Veracode!
Veracode’s director of developer engagement, Peter Chestna, will be along in this week’s sponsor interview to have a yarn about some common misunderstandings between security people and developers. We look at misunderstandings both ways.
Adam Boileau is this week’s news guest. We talk about all the latest dark markets drama, plus the Great Nuclear Hax Freakout of 2017.
See links to show notes below, and follow Patrick or Adam on Twitter if that’s your thing!
Show notes Hackers Are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say - The New York Times FBI-DHS “amber” alert warns energy industry of attacks on nuke plant operators | Ars Technica As World's Largest Dark Web Market Vanishes, Dodgy Links Promise a Way Back In - Motherboard AlphaBay: Drug Site Remains Shut as Fears of Exit Scam Grow | Fortune.com South Korean Cryptocurrency Exchange Bithumb to Compensate Users Following the Hacking Dark Web Hosting Service Hacked, Some Data Was Stolen Head of Mt Gox bitcoin exchange on trial for embezzlement and loss of millions | Technology | The Guardian Owners of "VirusTotal-for-Crooks" Service Arrested iPhone Bugs Are Too Valuable to Report to Apple - Motherboard Kaspersky under scrutiny after Bloomberg story claims close links to FSB | Ars Technica Russian Cybersecurity CEO Offers Source Code for U.S. Inspection | Fortune.com Russians now need a passport to watch Pornhub – VICE News International Investigatory Group Also Target of Government Spyware | Threatpost | The first stop for security news Sabre Consumer Website - Home Hackers stole credit card info from Trump hotel guests for months | TheHill Let's Encrypt to Offer Wildcard Certificates in 2018 | Threatpost | The first stop for security news Decryption Key to Original Petya Ransomware Released | Threatpost | The first stop for security news Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica Hackers Linked to NotPetya Ransomware Decrypted a File for Us - Motherboard Broadpwn Bug Affects Millions of Android and iOS Devices OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux, Windows? Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks | Threatpost | The first stop for security news The Time I Got Recruited to Collude with the Russians - Lawfare 2016-07-08 Security Notice GitHub - dagrz/aws_pwn: A collection of AWS penetration testing junk Application Security | Veracode