Risky Business

Ryan Duff fills in for Adam in this week’s news segment. Ryan used to work at US Cyber Command as a cyber operations tactician but these days he’s in the private sector. He shares his thoughts on the week’s happenings.

This week’s feature guest is Google Project Zero’s Natalie Silvanovich. A little while back she fired off a few tweets saying companies are simply not doing enough to minimise the attack surface in their software. She was finding it so frustrating that she tweeted an offer – she said she was happy to turn up at any company that would have her and give a talk on how to minimise attack surface.

She’s since done that talk about half a dozen times and she joins us today to give us the general idea of the advice she’s been providing.

This week’s sponsor interview is with the man, the legend, Haroon Meer.

Haroon is the founder of Thinkst Canary, simple hardware honeypots that work amazingly well. This week Haroon joins the show to talk about how we can avoid the next Equifax. He says a lot of it comes down to empowerment, which sounds like the sort of thing an annoying person with capped teeth would put in their slide deck, but when you hear Haroon explain what he actually means it actually makes sense.

See links to show notes below, and follow Patrick or Ryan on Twitter if that’s your thing!

Show notes Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk Avast Clarifies Details Surrounding CCleaner Malware Incident Kaspersky software banned from US government agencies | Ars Technica Kaspersky Lab co-founder accepts invitation to testify to U.S. Congress Equifax Suffered Earlier Breach in March | Threatpost | The first stop for security news Unwanted ads on Breitbart lead to massive click fraud revelations, Uber claims | Ars Technica Revenge Hacking Is Hitting the Big Time Dutch bank punishes teenager with charity work after he DDoS'd them The Man Behind Plugin Spam: Mason Soiza Russian Authorities Announce Takedown of RAMP Dark Web Marketplace Users Freak Out After Dark Web Market Goes Down And Funds Go Missing - Motherboard Startup That Sells Zero-Days to Governments Is Offering $1 Million For Tor Hacks - Motherboard The Loopix Anonymity System Wants to Be a More Secure Alternative to Tor Chrome Extension Embeds In-Browser Monero Miner That Drains Your CPU Azure Confidential Computing will keep data secret, even from Microsoft | Ars Technica Security.txt Standard Proposed, Similar to Robots.txt Senator Demands Answers From Telecom Giants on Phone Spying Malware Uses Security Cameras With Infrared Capabilities to Steal Data CynoSure Prime: 320 Million Hashes Exposed