Risky Business #310 -- Export exploits? Wassenaar says no

COSEINC's Thomas Lim joins the show...
14 Feb 2014 » Risky Business

On this week's show we're chatting with COSEINC's Thomas Lim about the Wassenaar Arrangement. It's basically a worldwide framework that restricts the sale of munitions and dual use technologies, and it has exploits in its sites.

COSEINC is a security research company that engages in exploit development, and Lim thinks extending regulations to exploit sales is pointless.

This week's show is brought to you by BugCrowd, a company that was founded in Australia but is now based in San Francisco thanks to VC investment.

Bugcrowd runs outsourced bug bounties, and its founder and CEO Casey Ellis joins the show in this week's sponsor interview to talk about the latest goings on in the burgeoning bug bounty industry!

Show notes

Top U.S. Spy Claims 'Terrorists Are Going to School' on Snowden Leaks | Threat Level | Wired.com
http://www.wired.com/threatlevel/2014/02/clapper-snowden-fallout/

Hacked X-Rays Could Slip Guns Past Airport Security | Threat Level | Wired.com
http://www.wired.com/threatlevel/2014/02/tsa-airport-scanners/

Sophisticated Spy Tool 'The Mask' Rages Undetected for 7 Years | Threat Level | Wired.com
http://www.wired.com/threatlevel/2014/02/mask/

Public servant Peter Nash allegedly ran drug ring from Wacol prison | The Courier-Mail
http://www.couriermail.com.au/news/queensland/public-servant-peter-nash-...

400 Gbps NTP Amplification DDoS Attack Alarmingly Simple | Threatpost | The first stop for security news
http://threatpost.com/400-gbps-ntp-amplification-attack-alarmingly-simpl...

HVAC Vendor: Data Connection to Target was Billing System | Threatpost | The first stop for security news
http://threatpost.com/hvac-integrators-billing-connection-led-to-target-...

faziomechanical.com/Target-Breach-Statement.pdf
http://faziomechanical.com/Target-Breach-Statement.pdf

Websites of Las Vegas Sands casinos hacked, including Venetian, Palazzo on Las Vegas Strip | Star Tribune
http://www.startribune.com/lifestyle/244922181.html

Errata Security: That NBC story 100% fraudulent
http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html#.Uv...

Detecting Car Hacks | Threatpost | The first stop for security news
http://threatpost.com/detecting-car-hacks/104190

illmatics.com/car_hacking.pdf
http://illmatics.com/car_hacking.pdf

CoinThief Bitcoin Trojan Found on Popular Download Sites | Threatpost | The first stop for security news
http://threatpost.com/cointhief-bitcoin-trojan-found-on-popular-download...

Bitcoin Foundation, Mt. Gox spar over purported bug | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57618646-83/bitcoin-foundation-mt-gox-s...

Florida Targets High-Dollar Bitcoin Exchangers - Krebs on Security
http://krebsonsecurity.com/2014/02/florida-targets-high-dollar-bitcoin-e...

LinkedIn Intro Service to Shut Down March 7 | Threatpost | The first stop for security news
http://threatpost.com/controversial-linkedin-intro-service-to-shut-down/...

Snapchat hack spams users with smoothie photos | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57618782-83/snapchat-hack-spams-users-w...

Facebook Fixes CSRF Vulnerability in Instagram | Threatpost | The first stop for security news
http://threatpost.com/facebook-fixes-instagram-csrf-vulnerability-to-kee...

Five OAuth Bugs Lead to Github Hack | Threatpost | The first stop for security news
http://threatpost.com/five-oauth-bugs-lead-to-github-hack/104178

Adobe Patches Shockwave, Fixes Two Vulnerabilities | Threatpost | The first stop for security news
http://threatpost.com/adobe-patches-critical-vulnerabilities-in-shockwav...

February 2014 Microsoft Patch Tuesday Security Bulletins | Threatpost | The first stop for security news
http://threatpost.com/microsoft-adds-critical-ie-patches-under-the-wire/...

New IE Zero-Day Found in Watering Hole Attack | FireEye Blog
http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero...

Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website | FireEye Blog
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-depu...

Changes to Export Control Arrangement Apply to Computer Exploits and More | Center for Internet and Society
https://cyberlaw.stanford.edu/publications/changes-export-control-arrang...

Bugcrowd | Managed bug bounty programs, better security testing
https://bugcrowd.com/mobile-application-security

Pumped Up Kicks by Hailey-Marie on SoundCloud - Hear the world's sounds
https://soundcloud.com/hailey-marie-mcfadden/pumped-up-kicks