On this week’s show Patrick and Adam discuss the week’s security news, including:
In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes Androids And iPhones Hacked With Just One WhatsApp Click — And Tibetans Are Under Assault Footage shows hundreds of blindfolded and shackled prisoners in China – video | World news | The Guardian Iran denies successful cyber attack on oil sector | The Times of Israel Advanced hackers are infecting IT providers in hopes of hitting their customers | Ars Technica The Urgent Search for a Cyber Silver Bullet Against Iran - The New York Times New research shows more utility companies are being targeted by phishing emails New North Korean malware targeting ATMs spotted in India | ZDNet Shareholders allege FedEx covered up damages caused by NotPetya attack All the Code Connections Between Russia’s Hackers, Visualized | WIRED World powers are pushing to build their own brand of cyber norms Google’s ‘Quantum Supremacy’ Isn’t the End of Encryption | WIRED The FBI Tried to Plant a Backdoor in an Encrypted Phone Network - VICE Russian national confesses to biggest bank hack in US history | Ars Technica Exclusive: TalkTalk hacker also breached EtherDelta cryptocurrency exchange | ZDNet Two years later, hackers are still breaching local government payment portals | ZDNet Massive IT Support Fraud ‘Made $10 Million From Thousands Of Elderly Victims’ Facebook suspended tens of thousands of apps from 400 developers | ZDNet Massive wave of account hijacks hits YouTube creators | ZDNet Bloomberg reporter of challenged ‘Big Hack’ story gets promoted - The Washington Post GitHub security alerts now support PHP projects | ZDNet Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites | ZDNet Microsoft releases out-of-band security update to fix IE zero-day & Defender bug | ZDNet Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event | Ars Technica Iowa officials claim confusion over scope led to arrest of pen-testers | Ars Technica Ask Cybergibbons! on Twitter: "Another interesting week on a ship. As with every previous maritime test, we found a system installed that no one really knew about or understood. Shoreside was totally unaware of its existence." / Twitter What is HTTP request smuggling? Tutorial & Examples HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger