Risky Business

On this week’s show Patrick and Adam discuss the week’s security news, including:

• RIPE has officially run out of v4 addresses
• NSO workers sue Facebook to get their accounts back
• Mike Pompeo, Republican lawmakers keep Crowdstrike conspiracy theory alive
• Bugs, hacks, ransomware disasters and more.

This week’s sponsor interview is with Sally Carson of Duo Security. Sally has been a designer for over 20 years, joining Duo in 2015 to build the company’s Product Design and User Research practice from the ground up. Duo now employs one designer for every five users, which is an extremely generous ratio.

As you’ll hear, Sally thinks empathy is the key to designing usable technology.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes The RIPE NCC has run out of IPv4 Addresses — RIPE Network Coordination Centre Workers at Israeli surveillance firm NSO sue Facebook for blocking private accounts - Reuters In just three months, Google sent 12k warnings about government-backed attacks | ZDNet Pompeo says Trump’s debunked Ukraine conspiracy theory is worth looking into - The Washington Post (1) Kevin Collier on Twitter: "A fun fact about Republicans embracing the idiotic Crowdstrike conspiracy theory is that the RNSC and RNCC both use Crowdstrike. Have paid more than $175,000 since 2017, per FEC filings. https://t.co/LSvCEbYccP" / Twitter Five Years Later, Who Really Hacked Sony? | Hollywood Reporter Commerce Department proposes rules for implementing Trump’s supply-chain security order Data leak reveals how China 'brainwashes' Uighurs in prison camps - BBC News China used Nick Zhao to try infiltrate federal Parliament, ASIO believes Chinese spy Wang Liqiang's revelations spark Taiwan detention of couple at Taoyuan Airport Iranian Americans Struggle to Reach Family Amid Internet Blackout | WIRED Iran letter raises prospect of 'white list' internet clampdown - BBC News Kevin Rudd says Julian Assange faces 'unacceptable' and 'disproportionate' punishment How the NYPD's fingerprint database got shut down by a computer virus 110 Nursing Homes Cut Off from Health Records in Ransomware Attack — Krebs on Security Over 480 million mobile VPN apps have been downloaded in the past year | ZDNet A hacking group is hijacking Docker systems with exposed API endpoints | ZDNet Cheap kids smartwatch exposes the location of 5,000+ children | ZDNet The California DMV Is Making $50M a Year Selling Drivers’ Personal Information - VICE The Debate Over How to Encrypt the Internet of Things | WIRED 1.2 Billion Records Found Exposed Online in a Single Server | WIRED CISA and VotingWorks release open source post-election auditing tool | ZDNet Extensive hacking operation discovered in Kazakhstan | ZDNet DOD joins fight against 5G spectrum proposal, citing risks to GPS | Ars Technica Scammers try a new way to steal online shoppers’ payment-card data | Ars Technica Suspect can’t be compelled to reveal “64-character” password, court rules | Ars Technica Aleksei Burkov, Russian accused of operating 'elite' hacking forum, pleads not guilty Authorities Arrest Alleged Member of Group That Hacked Jack Dorsey - VICE Lights That Warn Planes of Obstacles Were Exposed to Open Internet - VICE Russia's ‘Sandworm’ Hackers Also Targeted Android Phones | WIRED Google will pay bug hunters up to $1.5m if they can hack its Titan M chip | ZDNet Twitter will finally let users disable SMS as default 2FA method | ZDNet New bypass disclosed in Microsoft PatchGuard (KPP) | ZDNet Exploit code published for dangerous Apache Solr remote code execution flaw | ZDNet Bugtraq: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products