Risky Business

On this week’s show we check in with Mara Tam. She’ll be telling us why the idea of a so-called “Digital Geneva Convention” is silly.

Then, after that, Rich Smith of Duo Security will be in the sponsor chair.

You may have heard about some recent research Duo Labs did into Apple EFI patches basically not working/sticking. Rich walks us through that research, why Duo did it, how they did it, and what it can tell us. It might be Mac research but the real worry, as you’ll hear, is around Wintel firmware.

Adam Boileau pops by for this week’s news discussion. We’ll be covering:

• Facebook’s plan to combat “non-consensual intimate imagery”
• Wikileaks Vault8 leaks
• Assange sending a “guessed” password to Donald Trump Jnr
• NYTimes reports on the Shadowbears
• Cracking FaceID with a rubber mask
• MOAR

Links to everything are below, and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Facebook Workers, Not an Algorithm, Will Look at Volunteered Nude Photos First to Stop Revenge Porn The Facts: Non-Consensual Intimate Image Pilot | Facebook Newsroom If Facebook Actually Wants to Be Transparent, It Should Talk to Journalists - Motherboard WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools - Motherboard Donald Trump Jr. and WikiLeaks Talking Privately on Twitter Makes Perfect Sense | WIRED WikiLeaks on Twitter: "New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company https://t.co/EvE8GdyAmM https://t.co/geigDgIDsk" Donald Trump Jr. on Twitter: "Here is the entire chain of messages with @wikileaks (with my whopping 3 responses) which one of the congressional committees has chosen to… https://t.co/4C0d2vBOkq" Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core - The New York Times Hackers say they broke Apple’s Face ID. Here’s why we’re not convinced | Ars Technica Hackers Say Plastic Surgeon to the Stars Hacked Back at Them Uber drivers in Lagos, Nigeria use fake Lockito app to boost fares — Quartz CEO who presided over Mt. Gox’s collapse could end up with massive profits | Ars Technica Google Begins Removing Play Store Apps Misusing Android Accessibility Services | Hackbusters OnePlus inadvertently left a backdoor on its phones Muslim activists hack Isis mailing list hours after terrorists claimed it was unhackable | The Independent This AI Bot That Messes With Email Scammers As Long As Possible Is Brilliant - Digg The FBI Blindly Hacked Computers in Russia, China, and Iran Huddle's 'highly secure' work tool exposed KPMG and BBC files - BBC News Microsoft Provides Guidance on Mitigating DDE Attacks | Threatpost | The first stop for security news How AV can open you to attacks that otherwise wouldn’t be possible | Ars Technica Cryptojacking craze that drains your CPU now done by 2,500 sites | Ars Technica Crooks sending fake Apple emails in order to unlock stolen iPhones Hacker Wannabes Fooled by Backdoored IP Scanner Cyber Security | Global Cyber Security Services Provider About the security content of iOS 11 - Apple Support Microsoft's Smith adds 'cyber Red Cross' to his 'digital Geneva Convention' call thinkst Thoughts...: A Geneva convention, for Software thinkst Thoughts...: On anti-patterns for ICT security and international law The need for a Digital Geneva Convention - Microsoft on the Issues The Apple of Your EFI: Mac Firmware Security Research | Duo Security