Risky Business #360 -- The Great GitHub DDoS of 2015

...and other assorted things...
02 Apr 2015 » Risky Business

In this week's show we chat with Arbor Networks' Roland Dobbins about the Great GitHub DDoS of 2015, Paul Asadoorian of Tenable Network Security about vulnerability management and, of course, Adam Boileau about the week's security news.

Don't forget you can now support the Risky Business page via our Patreon campaign. Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

DEA Agent Charged With Acting as a Paid Mole for Silk Road | WIRED
http://www.wired.com/2015/03/dea-agent-charged-acting-paid-mole-silk-road/

Silk Road Boss' First Murder-for-Hire Was His Mentor's Idea | WIRED
http://www.wired.com/2015/04/silk-road-boss-first-murder-attempt-mentors...

Feds Demand Reddit Identify Users of a Dark-Web Drug Forum | WIRED
http://www.wired.com/2015/03/dhs-reddit-dark-web-drug-forum/

Massive denial-of-service attack on GitHub tied to Chinese government | Ars Technica
http://arstechnica.com/security/2015/03/massive-denial-of-service-attack...

DDoS Attack on GitHub Linked to Earlier One Against GreatFire.org | Threatpost | The first stop for security news
https://threatpost.com/ddos-attack-on-github-linked-to-earlier-one-again...

Google Online Security Blog: Maintaining digital certificate security
http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-c...

New Obama Order Allows Sanctions Against Foreign Hackers | WIRED
http://www.wired.com/2015/04/new-obama-order-allows-sanctions-foreign-ha...

E-mail autofill blunder leaks personal details of G20 world leaders | Ars Technica
http://arstechnica.com/tech-policy/2015/03/e-mail-autofill-blunder-leaks...

Volatile Cedar APT Group First Operating Out of Lebanon | Threatpost | The first stop for security news
https://threatpost.com/volatile-cedar-apt-group-first-operating-out-of-l...

Bitcoin's Blockchain Offers Safe Haven For Malware And Child Abuse, Warns Interpol - Forbes
http://www.forbes.com/sites/thomasbrewster/2015/03/27/bitcoin-blockchain...

Energy companies around the world infected by newly discovered malware | Ars Technica
http://arstechnica.com/security/2015/03/energy-companies-around-the-worl...

Stolen Uber Customer Accounts Are for Sale on the Dark Web for $1 | Motherboard
http://motherboard.vice.com/read/stolen-uber-customer-accounts-are-for-s...

Noose around Internet's TLS system tightens with 2 new decryption attacks | Ars Technica
http://arstechnica.com/security/2015/03/noose-around-internets-tls-syste...

Google joins Apple, others in calling for spying controls, as Patriot Act vote nears - CNET
http://www.cnet.com/news/google-joins-apple-others-in-calling-for-spying...

NSA considered ending phone surveillance program -- report - CNET
http://www.cnet.com/news/nsa-considered-ending-phone-surveillance-progra...

Little Change in Online Behavior Following Snowden Revelations | Threatpost | The first stop for security news
https://threatpost.com/little-change-in-online-behavior-following-snowde...

Cross-dressing blokes storm NSA HQ: One shot dead, one hurt \u2022 The Register
http://www.theregister.co.uk/2015/03/30/nsa_hq_rammed/

New Firefox version says "might as well" to encrypting all Web traffic | Ars Technica
http://arstechnica.com/security/2015/04/new-firefox-version-says-might-a...

Verizon Allows Opt Out of UIDH Mobile Supercookie | Threatpost | The first stop for security news
https://threatpost.com/verizon-allows-opt-out-of-uidh-mobile-supercookie...

Multicast DNS Vulnerability Could Lead to DDOS Amplification | Threatpost | The first stop for security news
https://threatpost.com/multicast-dns-vulnerability-could-lead-to-ddos-am...

Google kills 200 ad-injecting Chrome extensions, says many are malware | Ars Technica
http://arstechnica.com/security/2015/04/google-kills-200-ad-injecting-ch...

'Revolution' Crimeware & EMV Replay Attacks - Krebs on Security
http://krebsonsecurity.com/2015/04/revolution-crimeware-emv-replay-attacks/

Sign Up at irs.gov Before Crooks Do It For You - Krebs on Security
http://krebsonsecurity.com/2015/03/sign-up-at-irs-gov-before-crooks-do-i...

Who Is the Antidetect Author? - Krebs on Security
http://krebsonsecurity.com/2015/03/who-is-the-antidetect-author/

Critical Vulnerabilities Affecting JSON Web Token Libraries | Threatpost | The first stop for security news
https://threatpost.com/critical-vulnerabilities-affect-json-web-token-li...

This one weird trick deletes any YouTube flick in just a few clicks \u2022 The Register
http://www.theregister.co.uk/2015/04/01/simple_trick_to_delete_any_youtu...

Trailer: Shades of Black - The Valhalla Lights story
https://www.youtube.com/watch?v=ZQdLyNNgYcA