Risky Business #333 -- Yahoo CISO Alex Stamos joins the show

PLUS Gamma gets pwnz0red, politicians act like knobs...
08 Aug 2014 » Risky Business

We've got an absolute cracker of a show for you this week. I've let it run longer than usual because we've just got some great news and interviews this week.

Our feature interview is with Alex Stamos, Yahoo's CISO. We hear from him on what his job looks like -- Yahoo has a billion users and its business and technology is incredibly diverse. So what has Alex been up to since he took the helm earlier this year? Tune in to find out!

In this week's sponsor interview we chat with Rahul Kashyap, Bromium's Chief Security Architect. Bromium has taken a look at endpoint exploitation trends and it might surprise you to know that in 2014 there have been more public exploits for IE than for Java!

Show notes

Gamma FinFisher hacked: 40 GB of internal documents and source code of government malware published | netzpolitik.org
https://netzpolitik.org/2014/gamma-finfisher-hacked-40-gb-of-internal-do...

Phineas Fisher (GammaGroupPR) on Twitter
https://twitter.com/gammagrouppr

Leaked Files: German Spy Company Helped Bahrain Hack Arab Spring Protesters - The Intercept
https://firstlook.org/theintercept/2014/08/07/leaked-files-german-spy-co...

Russian Hackers Amass Over a Billion Internet Passwords - NYTimes.com
http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-...

Files containing 360 million credentials, 1.25 billion email addresses, located on Deep Web - SC Magazine
http://www.scmagazine.com/files-containing-360-million-credentials-125-b...

Q&A on the Reported Theft of 1.2B Email Accounts - Krebs on Security
http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-emai...

CIA Insider: U.S. Should Buy All Security Exploits, Then Disclose Them | Threat Level | WIRED
http://www.wired.com/2014/08/cia-0day-bounty/

Security expert calls home routers a clear and present danger | Ars Technica
http://arstechnica.com/security/2014/08/security-expert-calls-home-route...

Visit the Wrong Website, and the FBI Could End Up in Your Computer | Threat Level | WIRED
http://www.wired.com/2014/08/operation_torpedo/

Feds' Silk Road Investigation Broke Privacy Laws, Defendant Tells Court | Threat Level | WIRED
http://www.wired.com/2014/08/feds-silk-road-investigation-violated-priva...

Snowden's Russia asylum extended three more years - CNET
http://www.cnet.com/au/news/snowdens-russia-asylum-extended-three-more-y...

Schneier on Security: The US Intelligence Community has a Third Leaker
https://www.schneier.com/blog/archives/2014/08/the_us_intellig.html

Terrorists embracing new Android crypto in wake of Snowden revelations | Ars Technica
http://arstechnica.com/tech-policy/2014/08/terrorists-embracing-new-andr...

Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins | Threat Level | WIRED
http://www.wired.com/2014/08/isp-bitcoin-theft/

How Hackable Is Your Car? Consult This Handy Chart | Autopia | WIRED
http://www.wired.com/2014/08/car-hacking-chart/

Watch This Wireless Hack Pop a Car's Locks in Minutes | Threat Level | WIRED
http://www.wired.com/2014/08/wireless-car-hack/

Can a plane be hacked via in-flight Wi-Fi? Researcher says it's so - CNET
http://www.cnet.com/au/news/can-a-plane-be-hacked-via-inflight-wi-fi-res...

Yes, Hackers Could Build an iPhone Botnet-Thanks to Windows | Threat Level | WIRED
http://www.wired.com/2014/08/yes-hackers-could-build-an-iphone-botnettha...

New Site Recovers Files Locked by Cryptolocker Ransomware - Krebs on Security
http://krebsonsecurity.com/2014/08/new-site-recovers-files-locked-by-cry...

In major shift, Google boosts search rankings of HTTPS-protected sites | Ars Technica
http://arstechnica.com/security/2014/08/in-major-shift-google-boosts-sea...

Thousands of Mozilla developers' e-mail addresses, password hashes exposed | Ars Technica
http://arstechnica.com/security/2014/08/thousands-of-mozilla-developers-...

Oracle Database Redaction 'Trivial to Bypass' | Threatpost | The first stop for security news
http://threatpost.com/oracle-database-redaction-trivial-to-bypass/107631

Critical code execution bug in Samba gives attackers superuser powers | Ars Technica
http://arstechnica.com/security/2014/08/critical-code-execution-bug-in-s...

Microsoft security sandbox for IE: Still broken after all these years | Ars Technica
http://arstechnica.com/security/2014/08/microsoft-security-sandbox-for-i...

Help Australia's PM and attorney-general to define metadata \u2022 The Register
http://www.theregister.co.uk/2014/08/06/help_australias_pm_and_attorneyg...

Conservative Party Web Security
http://www.joshbrodie.co.nz/2014/08/08/conservative-party-web-security.html

Yahoo to begin offering PGP encryption support in Yahoo Mail service | Ars Technica
http://arstechnica.com/security/2014/08/yahoo-to-begin-offering-pgp-encr...

www.bromium.com/sites/default/files/bromium-h1-2014-threat_report.pdf
http://www.bromium.com/sites/default/files/bromium-h1-2014-threat_report...

Dilo by HopeStreet Recordings on SoundCloud - Hear the world's sounds
https://soundcloud.com/hopestreet-recordings/dilo?in=hopestreet-recordin...