Risky Business

Adam Boileau couldn’t make it this week, but that’s ok because we’ve got former Facebook CSO and current Stanford adjunct professor Alex Stamos filling in for him in today’s show. He’ll be talking through all the week’s security news, including:

• NYTimes report blames Baltimore ransomware attack on leaked NSA exploit
• Assange to face espionage charges, extradition fight looming
• SanboxEscaper just keeps dropping those 0days
• Fury over Facebook’s response to doctored Pelosi video
• Much, much more

This week’s sponsor interview with David Warburton of F5 Networks. You know F5 as a blinky-light box manufacturer. Load balancers, SSL termination, that sort of stuff. Not exactly a growth industry at the moment, so they’re pivoting.

They’ve dropped $670m on NGINX – f5 now owns the NGINX company – and they’re making all sorts of moves in the appsec space. That interview is mostly about F5’s business, but I found it interesting because what do you do when you’re an $8bn company that makes data-centre equipment and that industry starts going into decline?

Links to everything discussed are below, and you can follow Patrick or Alex on Twitter if that’s your thing.

Show notes In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - The New York Times Thomas Rid on Twitter: "Meanwhile I feel rather uncomfortable about being quoted in said NYT story. Although the bigger point stands: whoever was behind Shadowbrokers must be held accountable, and USG should not get away with publicly ignoring this historic leak." Eternally Blue: Baltimore City leaders blame NSA for ransomware attack | Ars Technica Google bots shut down Baltimore officials’ ransomware-workaround Gmail accounts | Ars Technica CyberSecPolitics: Baltimore is not EternalBlue Errata Security: A lesson in journalism vs. cybersecurity Intense scanning activity detected for BlueKeep RDP flaw | ZDNet Researcher publishes Windows zero-days for the third day in a row | ZDNet Cyber Command's latest VirusTotal upload has been linked to an active attack The Latest Julian Assange Indictment Is an Assault on Press Freedom | WIRED Here's How a Facebook Exec Defended Leaving Up That Fake Nancy Pelosi Video Facebook scrubbed 2.2 billion fake accounts in the first quarter of 2019, a new high U.S. Navy Creating a 350 Billion Record Social Media Archive A--Global Social Media Archive, 350 billion digital data records (text) - Federal Business Opportunities: Opportunities Amazon shareholders reject facial recognition sale ban to governments | TechCrunch Facial Recognition Has Already Reached Its Breaking Point | WIRED Android and iOS devices impacted by new sensor calibration attack | ZDNet Privacy Preserving Ad Click Attribution For the Web | WebKit German Minister Wants Secure Messengers To Decrypt Chats European police seize BestMixer, saying it helped launder $200 million worth of cryptocurrency Chinese military to replace Windows OS amid fears of US hacking | ZDNet First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records — Krebs on Security Australian tech unicorn Canva suffers security breach | ZDNet Equifax is spending a ton of money on cybersecurity. Wall Street analysts don't like it. Democratic Party’s network security still lags behind GOP, researchers find | Ars Technica NSS ISSUES STATEMENT — NSS Labs, Inc. CrowdStrike, NSS Labs resolve court battle over product testing | ZDNet Security Engineer, Detection - Google - Sydney NSW, Australia - Google Careers Security Engineer, Information Security and Privacy Incident Response - Google - Sydney NSW, Australia - Google Careers Malware Sandbox Online | Free Trial F5 Networks | Secure application delivery