Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #512 -- Five Eyes nations send clear message on encryption
This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- Five Eyes nations send a clear message on encryption
- Massive Azure outage
- FBI releases political campaign security guidance
- Google wants to kill the URL
- MEGA.nz plugin owned sideways
- Final “Celebgate” hacker sentenced
- Google launches font fuzzing tool
- Chinese-made Google/Feitian U2F keys under scrutiny
- Some interesting TPM research
- MUCH MORE
This week’s podcast is brought to you by AttackIQ.
AttackIQ founder Stephan Chenette will be along in this week’s sponsor interview to talk to us about a few things – the MITRE attack matrix being one. He’ll also share with us his view that EDR is the most commonly misconfigured security technology he sees out there, and he has pretty good visibilty into things like that because AttackIQ, of course, makes attack simulation software designed to measure the efficacy of these types of solutions.
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes Five Eyes’ data access warning - InnovationsAus.com Patrick Gray on Twitter: "Five Eyes officially warns the tech world: build interception capabilities voluntarily or we’ll legislate. https://t.co/XEbzKSliId… https://t.co/ax5mDE7buw" Statement of Principles on Access to Evidence and Encryption Azure status FBI to political campaigns: Up your 'cyber hygiene' - ABC News Protected Voices — FBI Google Wants to Kill the URL | WIRED MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys | ZDNet Germany launches new cybersecurity research agency modeled after DARPA Fourth man receives prison sentence in 'Celebgate' photo leak Google open-sources internal tool for finding font-related security bugs | ZDNet Experts Call for Transparency Around Google’s Chinese-Made Security Keys - Motherboard Google Notifies People Targeted by Secret FBI Investigation - Motherboard Public IP Addresses of Tor Sites Exposed via SSL Certificates Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day Researchers Detail Two New Attacks on TPM Chips New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers | ZDNet Two Birds, One STONE PANDA Xipiter/Senrio exploitation training MITRE ATT&CK Module