Risky Business #385 -- Richard Bejtlich talks USA/China espionage agreement

Are they for real? Or is this some sort of long-form comedy thing?
02 Oct 2015 » Risky Business

******LANGUAGE WARNING: The f-bomb features, unbleeped, once in this week's show. Just a note for those of you with the kids in the car.

On this week's show we're chatting with FireEye's chief security strategist Richard Bejtlich about this new agreement between China and the USA. The two countries have apparently agreed that they won't hack each other with the aim of stealing IP anymore. Questions to Richard include: Are they kidding? And: How did they announce this with a straight face?

This week's show is brought to you by Tenable Network Security, big thanks to them. And we're joined by Tenable's very own Jeffrey Man in this week's sponsor interview.

He's an ex NSA cryptographer who now spends his days dealing with PCI stuff. He's over in Canada attending the PCI community meetings in Vancouver, and I spoke to him about what we learned from the leaked Target pentest report and how third party payment firms are changing scope for all sorts of merchants.

Adam Boileau, as always, stops in to discuss the week's news.

Don't forget you can now support the Risky Business page via our Patreon campaign.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Banks: Card Breach at Hilton Hotel Properties - Krebs on Security
http://krebsonsecurity.com/2015/09/banks-card-breach-at-hilton-hotel-pro...

\u200bKmart Australia calls in police over security breach - Computerworld
http://www.computerworld.com.au/article/585784/kmart-australia-calls-pol...

Patreon: Some user names, e-mail and mailing addresses stolen | Ars Technica
http://arstechnica.com/security/2015/10/patreon-some-user-names-e-mail-a...

A billion Android phones are vulnerable to new Stagefright bugs | Ars Technica
http://arstechnica.com/security/2015/10/a-billion-android-phones-are-vul...

CIA officers pulled from China because of OPM breach | Ars Technica
http://arstechnica.com/tech-policy/2015/09/cia-officers-pulled-from-chin...

China PLA Unit 78020 Cyberespionage Naikon APT | Threatpost | The first stop for security news
https://threatpost.com/naikon-apt-group-tied-to-chinas-pla-unit-78020/11...

From Radio to Porn, British Spies Track Web Users' Online Identities
https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-user...

Obama administration explored ways to bypass smartphone encryption - The Washington Post
https://www.washingtonpost.com/world/national-security/obama-administrat...

This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED
http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-...

Car Hack Technique Uses Dealerships to Spread Malware | WIRED
http://www.wired.com/2015/10/car-hacking-tool-turns-repair-shops-malware...

That Big Security Fix for Credit Cards Won't Stop Fraud | WIRED
http://www.wired.com/2015/09/big-security-fix-credit-cards-wont-stop-fraud/

Google's Three Tips for Sabotaging the Cybercrime Economy | WIRED
http://www.wired.com/2015/09/google-offers-3-lessons-crippling-online-cr...

ATM Skimmer Gang Firebombed Antivirus Firm - Krebs on Security
http://krebsonsecurity.com/2015/09/atm-skimmer-gang-firebombed-antivirus...

Dyreza Dyre Trojan Phishing IT Supply Chain Credentials | Threatpost | The first stop for security news
https://threatpost.com/dyreza-trojan-targeting-it-supply-chain-credentia...

JavaScript-Based DDoS Peaks at 275,000 Requests Per Second | Threatpost | The first stop for security news
https://threatpost.com/javascript-ddos-attack-peaks-at-275000-requests-p...

Nerves rattled by highly suspicious Windows Update delivered worldwide [Updated] | Ars Technica
http://arstechnica.com/security/2015/09/nerves-rattled-by-highly-suspici...

Drop-dead simple exploit completely bypasses Mac's malware Gatekeeper | Ars Technica
http://arstechnica.com/security/2015/09/drop-dead-simple-exploit-complet...

Botnet preying on Linux computers delivers potent DDoS attacks | Ars Technica
http://arstechnica.com/security/2015/09/botnet-preying-on-linux-computer...

Storing secret crypto keys in the Amazon cloud? New attack can steal them | Ars Technica
http://arstechnica.com/security/2015/09/storing-secret-crypto-keys-in-th...

How hackers can access iPhone contacts and photos without a password | Ars Technica
http://arstechnica.com/security/2015/09/how-hackers-can-access-iphone-co...

TrueCrypt Security Vulnerabilities Patched in VeraCrypt | Threatpost | The first stop for security news
https://threatpost.com/veracrypt-patched-against-two-critical-truecrypt-...

SAP Fixes A Dozen Vulnerabilities in HANA | Threatpost | The first stop for security news
https://threatpost.com/sap-patches-12-sql-injection-xss-vulnerabilities-...

Mozilla Addresses 14-Year-Old Bug in Firefox 41 | Threatpost | The first stop for security news
https://threatpost.com/mozilla-fixes-14-year-old-bug-in-firefox-41/114818/

Cisco Fixes Denial of Service, Bypass Vulnerabilities in IOS | Threatpost | The first stop for security news
https://threatpost.com/cisco-patches-denial-of-service-bypass-vulnerabil...

Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS | Threatpost | The first stop for security news
https://threatpost.com/apple-patches-100-vulnerabilities-in-os-x-safari-...

US and China Reach Historic Agreement on Economic Espionage | WIRED
http://www.wired.com/2015/09/us-china-reach-historic-agreement-economic-...

Marshall & The Fro - Marshall Okell
http://marshallokell.com/albums/marshall-the-fro