Risky Business #291 – All your SIMs are belong to Karsten Nohl

Plus a monster news segment with Adam Boileau…
09 Aug 2013 » Risky Business

In this week's feature slot we chat with Karsten Nohl about his research into pillaging SIM cards. It turns out Karsten's research into SIM security was much, much cooler than we initially thought.

In this week's sponsor interview we chat with Jonathan Ness about the all new singing and dancing EMET 4.0.

Adam Boileau pops by for the week's news.

Show notes

BREACH Compression Attack Steals HTTPS Response Secrets | Threatpost
https://threatpost.com/breach-compression-attack-steals-https-secrets-in...

Experts Urge ECC crytpo over RSA algorithm | Threatpost
http://threatpost.com/crypto-gains-ramp-up-calls-to-get-ahead-of-inevita...

JavaScript and Timing Attacks Used to Steal Browser Data | Threatpost
https://threatpost.com/javascript-and-timing-attacks-used-to-steal-brows...

Car hacking code released at Defcon | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57596847-83/car-hacking-code-released-a...

Feds Are Suspects in New Malware That Attacks Tor Anonymity | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/freedom-hosting/

Firefox Zero-Day Used in Child Porn Hunt? - Krebs on Security
http://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-h...

Tor Users Should Leave Insecure Windows Operating System | Threatpost
http://threatpost.com/tor-urges-users-to-leave-windows/101825

Software Obfuscation Mechanism Hampers Reverse Engineering | Threatpost
http://threatpost.com/new-software-obfuscation-throws-wrench-into-revers...

Edward Snowden Granted Asylum, Leaves Moscow Airport | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/edward-snowden-granted-asylum-l...

Newly leaked NSA program sees 'nearly everything' you do | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57596313-83/newly-leaked-nsa-program-se...

House Rejects Amendment to Sever NSA Data Collection Funding | Threatpost
http://threatpost.com/house-rejects-amendment-to-sever-nsa-data-collecti...

Lawmakers Who Upheld NSA Phone Spying Received Double the Defense Industry Cash | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/money-nsa-vote/

Declassified Memos Confirm Dragnet Phone Surveillance Program Was No Secret From Congress | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/phone-dragnet-no-secret/

Edward Snowden's Email Provider Shuts Down After Secret Court Battle | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/lavabit-snowden/

Bradley Manning Acquitted of Aiding the Enemy, Guilty of Espionage Act Violations | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/bradley-manning-not-guilty-aidi...

Twitter's Killer New Two-Factor Solution Kicks SMS to the Curb | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/08/twitter-new-two-facto/

Mozilla, Blackberry To Test Website Security Via Fuzzing | Threatpost
http://threatpost.com/mozilla-blackberry-join-forces-to-advance-peach-fu...

Fort Disco Botnet Uses Brute-Force Attacks Against CMS Sites | Threatpost
http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms...

Google WebLogin Tokens Expose Google Apps, User Data | Threatpost
http://threatpost.com/convenient-google-weblogin-tokens-can-expose-user-...

Chrome Security Shocker Creates Password Anxiety - Security -
http://www.informationweek.com/security/application-security/chrome-secu...

Apple to Fix Malicious Fake USB Charger Flaw | Threatpost
http://threatpost.com/apple-to-fix-fake-usb-charger-flaw-in-ios-7/101554

Windows 8 Phone Authentication Protocol Weakness | Threatpost
http://threatpost.com/microsoft-warns-of-weakness-in-authentication-prot...

Remotely Exploitable Bug Affects Wide Range of Cisco TelePresence Systems | Threatpost
http://threatpost.com/remotely-exploitable-bug-affects-wide-range-of-cis...

Russian man doctors credit card contract, sues bank after non-repayments - Risk - SC Magazine Australia - Secure Business Intelligence
http://www.scmagazine.com.au/News/352756,russian-man-doctors-credit-card...

August 2013 Microsoft Patch Tuesday Security Updates | Threatpost
http://threatpost.com/critical-ie-exchange-updates-on-tap-in-august-patc...

Karsten Nohl Demonstrates SIM Card Root Attack At Black Hat | Threatpost
http://threatpost.com/weak-encryption-enables-sim-card-root-attack/101557

Download Enhanced Mitigation Experience Toolkit 4.0 from Official Microsoft Download Centre
http://www.microsoft.com/en-au/download/details.aspx?id=39273

,

The response threats are really good. If you have that one in your record, then that would be great. - Adam LaFavre