Risky Business

This is the last weekly Risky Business podcast for 2018. We’ll be posting a Soap Box edition early next week then going on break until January 9.

In this week’s show Adam Boileau and Patrick Gray discuss the week’s security news:

• Huawei’s CFO arrested over sanctions violations
• BT in the UK removes Huawei equipment from 4G network
• Australia passes controversial surveillance law
• US House Oversight Committee blasts Equifax in scathing report
• Bloomberg plays word-games on Super Micro story
• MOAR

This week’s show is sponsored by Bugcrowd. In this week’s sponsor interview Bugcrowd’s CTO and founder Casey Ellis tells us why his company is launching “pay for effort” products to run alongside bounty programs.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes US, China executives grow wary about travel after Huawei arrest Canadian court grants bail to CFO of China's Huawei | Reuters Michael Kovrig: Canadian ex-diplomat 'held in China' - BBC News BT removing Huawei equipment from parts of 4G network | Technology | The Guardian China's cyber-espionage against U.S. is 'more audacious,' NSA official says amid Huawei flap China spied on African Union headquarters for five years — Quartz Africa House panel: Equifax breach was ‘entirely preventable’ Committee Releases Report Revealing New Information on Equifax Data Breach - United States House Committee on Oversight and Government Reform Experian Exposes Apparent Customer Data in Training Manuals - Motherboard NotPetya leads to unprecedented insurance coverage dispute Over 40,000 credentials for government portals found online | ZDNet What's actually in Australia's encryption laws? Everything you need to know | ZDNet Australia's encryption laws will fall foul of differing definitions | ZDNet Australia Just Became The Testing Ground For Breaking Into Encryption Matthew Green on Twitter: "GCHQ has proposal to surveill encrypted messaging and phone calls. The idea is to use weaknesses in the “identity system” to create a surveillance backdoor. This is a bad idea for so many reasons. Thread. 1/ https://t.co/rnmo0eOWus" Melbourne terror attack plot suspects arrested in police raids over mass shooting fears - ABC News (Australian Broadcasting Corporation) Why Scott Morrison is right on encryption but wrong on Muslims Super Micro Says Third-Party Test Found No Malicious Hardware - Bloomberg Someone Defaced Linux.org Website With ‘Goatse’ And Anti-Diversity Tirade - Motherboard Nearly 250 Pages of Devastating Internal Facebook Documents Posted Online By UK Parliament - Motherboard Internal Documents Show Facebook Has Never Deserved Our Trust or Our Data - Motherboard Google+ Exposed Data of 52.5 Million Users and Will Shut Down in April | WIRED Iranians indicted in Atlanta city government ransomware attack | Ars Technica Report: FBI opens criminal investigation into net neutrality comment fraud | Ars Technica Police arrest hacker behind WeChat ransomware attack - CGTN A bug in Microsoft’s login system made it easy to hijack anyone’s Office account | TechCrunch For the fourth month in a row, Microsoft patches Windows zero-day used in the wild | ZDNet Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter | ZDNet OpSec mistake brings down network of Dark Web money counterfeiter | ZDNet Google CEO Says No Plan to ‘Launch’ Censored Search Engine in China - Motherboard Marriott to reimburse some guests for new passports after massive data breach | ZDNet Eastern European banks lose tens of millions of dollars in Hollywood-style hacks | ZDNet Industrial espionage fears arise over Chrome extension caught stealing browsing history | ZDNet Hacker Fantastic on Twitter: ""open-source is more secure than closed-source because you can view the source code" ... GNU inetutils <= 1.9.4 telnet.c multiple overflows https://t.co/O88psTlS1X" Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret - The New York Times APPSEC CALIFORNIA 2019 - OWASP AppSec California 2019 Next Gen Pen Testing