Risky Business

We’ve got a great podcast for you this week. Tanya Janca will be talking about some volunteer work she’s been doing with a Canadian government panel on getting security content into children’s school curriculums.

In this week’s sponsor interview we’ll be talking with Ferruh Mavituna of Netsparker.

They launched Netsparker Cloud a while ago so now they have some decent telemetry I wanted to ask Ferruh what he’s found surprising now he’s sitting on a mountain of scan results. The types of bugs being turned up aren’t really a surprise, but the extent to which old software is a problem was actually pretty surprising to him. He knew it was bad, he says, but he didn’t know it’s this bad.

Adam Boileau, as usual, joins the show this week to talk about all the week’s security news:

• More Chinese MSS officers indicted by the US DoJ
• ASD chief speaks publicly on 5G Huawei ban
• China playing funny buggers with BGP
• Russia is still messing with the US during the midterms
• Facebook boots more Iranian influence pages
• New privacy features in Signal
• Plus much, much more!

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years | OPA | Department of Justice U.S. charges Chinese intelligence officers for jet engine data hack Huawei's ban to 5G network 'supported by technical advice', spy agency chief says - ABC News (Australian Broadcasting Corporation) Canadian security boss ain't afraid of no Huawei, sees no reason for ban • The Register US bans exports to Chinese DRAM maker citing national security risk | ZDNet China has been 'hijacking the vital internet backbone of western countries' | ZDNet Russia Is Meddling In The Midterms. The White House Just Isn't Talking About It. The Crisis of Election Security - The New York Times DHS: Election officials inundated, confused by free cyber-security offerings | ZDNet Facebook removes more Iran-linked accounts, this time targeting the US & UK | ZDNet We posed as 100 senators to run ads on Facebook. Facebook approved all of them. – VICE News NYT: Chinese and Russian spies routinely eavesdrop on Trump’s iPhone calls | Ars Technica North Korea blamed for two cryptocurrency scams, five trading platform hacks | ZDNet New Signal privacy feature removes sender ID from metadata | Ars Technica Windows Defender becomes first antivirus to run inside a sandbox | ZDNet Pakistani bank denies losing $6 million in country's 'biggest cyber attack' | ZDNet Many CMS plugins are disabling TLS certificate validation... and that's very bad | ZDNet Twelve malicious Python libraries found and removed from PyPI | ZDNet How ‘Mr. Hashtag’ Helped Saudi Arabia Spy on Dissidents - Motherboard Government Spyware Vendor Left Customer, Victim Data Online for Everyone to See - Motherboard Apple's T2 Security Chip Makes It Harder to Tap MacBook Mics | WIRED Microsoft Windows zero-day disclosed on Twitter, again | ZDNet https://support.f5.com/csp/article/K52868493 Digital DASH – ICTC - Focus on Information Technology (FIT)