Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
https://risky.biz/
Risky Business #515 -- NSA staffer at centre of Kaspersky scandal jailed
This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:
- Former NSA staffer gets 66 months over incident at heart of Kaspersky scandal
- Zoho has a very bad week
- Telco lobby group raises some legit concerns over Australia’s “anti-encryption” legislation
- Twitter API leaks DMs
- Equifax fined by UK
- Yubikey 5 enables passwordless Windows logins
- Privacy International has an aneurism
- NSS Labs launches antitrust suit against security software makers
- MOAR
This week’s show is brought to you by Rapid7.
Jen Andre is this week’s sponsor guest. She was the founder of Komand, which was a security automation and orchestration company but is now a part of Rapid7 as of about mid way through last year. I spoke to Jen a bit about how she came to start Komand and where the security automation and orchestration discipline is at right now.
Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.
Show notes Ex-NSA employee gets 5.5 years in prison for taking home classified info | ZDNet EDITORIAL-EAST-20180920122519 Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users | ZDNet Peter Dutton to push through new security legislation as fears of "severely damaging" spyware murmur Twitter API bug leaked private data to other accounts Equifax fined maximum penalty under 1998 UK data protection law The Series 5 YubiKey Will Help Kill the Password | WIRED Press release: UK intelligence agency admits unlawfully spying on Privacy International | Privacy International UK spooks fess up to snooping on Privacy International's private data GCHQ's mass surveillance violates citizens' right to privacy, ECHR rules NSS Labs files antitrust suit against multiple cybersecurity vendors Hacking for ca$h | The Strategist Operator of 'VirusTotal for criminals' gets 14-year prison sentence Tencent engineer attending cybersecurity event fined for hotel WiFi hacking Snyk gets $22 million for platform that tracks security flaws in open source projects They Got 'Everything': Inside a Demo of NSO Group's Powerful iPhone Malware - Motherboard Content Moderator Sues Facebook, Says Job Gave Her PTSD - Motherboard Microsoft Rolls Out Confidential Computing for Azure Cloudflare Improves Privacy by Encrypting the SNI During TLS Negotiation This Windows file may be secretly hoarding your passwords and emails | ZDNet Security researcher claims macOS Mojave privacy bug on launch day | TechCrunch 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative Over 80 Cisco Products Affected by FragmentSmack DoS Bug Cisco patches 'critical' credential bug in video surveillance software Security Orchestration and Automation with InsightConnect | Rapid7 Security Orchestration and Automation for Security Operations | Rapid7