Risky Business

On this week’s show Adam Boileau and Patrick Gray discuss the week’s news:

• The NSA isn’t that interested in phone metadata anymore
• More Chinese mass surveillance data leaks
• Chelsea Manning, David House subpoenaed over Wikileaks
• Quadriga cold wallets were actually empty at time of founder’s death
• NSA deployed “rm -rf / shark” at Internet Research Agency
• HackerOne follows Bugcrowd into pentesting
• NSA releases Ghidra
• Much, much more!

This week’s sponsor interview is with Chris Kennedy, AttackIQ’s CISO and VP of customer success. And we’ll be talking about a few things really, like about how continuous validation of security controls like monitoring is a good thing. Everyone uses software like Tenable to verify patching, why not do the same for your monitoring?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes The NSA has reportedly stopped data-mining Americans' phone and SMS records / Boing Boing House aide: NSA has shut down phone call record surveillance | Ars Technica China’s “democracy” includes mandatory apps, mass chat surveillance | Ars Technica China claims detained Canadians formed spy link As Trump and Kim Met, North Korean Hackers Hit Over 100 Targets in U.S. and Ally Nations - The New York Times Disclosing Subpoena for Testimony, Chelsea Manning Vows to Fight - The New York Times WikiLeaks Veteran: I ‘Cooperated’ With Feds ‘in Exchange for Immunity’ Mystery as Quadriga crypto-cash goes missing - BBC News NSA’s top policy advisor: It’s time to start putting teeth in cyber deterrence | Ars Technica US wiped hard drives at Russia's 'troll factory' in last year's hack | ZDNet Vulnerability exposes location of thousands of malware C&C servers | ZDNet Former Hacking Team Members Are Now Spying on the Blockchain for Coinbase - Motherboard Coinbase Says Ex-Hacking Team Members Will ‘Transition Out’ After Users Protest - Motherboard HackerOne thinks its freelance hackers can conduct penetration tests better than actual pentesting companies New Software Helps to Mitigate Supply Chain Management Risk > National Security Agency | Central Security Service > Article View Ghidra Hacker Fantastic on Twitter: "Ghidra opens up JDWP in debug mode listening on port 18001, you can use it to execute code remotely ????‍♂️.. to fix change line 150 of support/launch.sh from * to 127.0.0.1 https://t.co/J3E8q5edC7" Backstory: An Alphabet Moon Shot Wants to Store the Security Industry's Data | WIRED BlackBerry Cylance Delivers First Proactive Behavioral Analytics Solution with CylancePERSONA Martijn Grooten on Twitter: "Shamir is of course right in his criticism of strict US visa procedures, but to add a sobering perspective, we have had speakers who couldn't get a visa when we had our conference in the US, Canada and the EU. For most of the world, visas for the West are really hard.… https://t.co/HRXh1Vr5pt" W3C finalizes Web Authentication (WebAuthn) standard | ZDNet Hackers have started attacks on Cisco RV110, RV130, and RV215 routers | ZDNet Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps | ZDNet Google Reveals "BuggyCow," a Rare MacOS Zero-Day Vulnerability | WIRED Adobe releases out-of-band update to patch ColdFusion zero-day | ZDNet PoC Buffer Overflow exploitation in the British Airways Entertainment System | LinkedIn