Risky Business #398 -- Professor Lawrence Gordon, jcran and more!

Bonus lulz courtesy of Cisco...
11 Feb 2016 » Risky Business

This week's show is one for the CSOs! It's the economics edition, I guess you'd call it. We'll be chatting with Professor Lawrence Gordon, co-creator of the Gordon Loeb model for Cyber Security investment. We speak to him about contemporary infosec budgets and how spending of $500m a year by some financial institutions in the USA is actually sensible.

We're sticking with the economics theme in this week's feature interview. We'll be chatting with Jonahan Cran, VP of operations for BugCrowd about their recently released Defensive Vulnerability Pricing Model. They've also released their Vulnerability Rating Taxonomy. Both of these documents are really, really interesting, so stay tuned for this week's sponsor interview to hear all about them!

Adam Boileau joins us, as always, to discuss the week's security news.

Oh, and do add Patrick and Adam on Twitter if that's your thing.

Show notes

Execute My Packet | Exodus Intelligence
https://blog.exodusintel.com/2016/01/26/firewall-hacking/

Obama wants you to join CyberCorps Reserve to help feds get their act together | Ars Technica
http://arstechnica.com/tech-policy/2016/02/obama-wants-you-join-the-cybe...

Moscow raids could signal end of global Dyre bank trojan menace \u2022 The Register
http://www.theregister.co.uk/2016/02/10/moscow_raids_could_signal_end_of...

Dridex malware exploit distributes antivirus installer-hack suspected | Ars Technica
http://arstechnica.com/security/2016/02/dridex-malware-exploit-distribut...

Java "RAT-as-a-Service" backdoor openly sold through website to scammers | Ars Technica
http://arstechnica.com/security/2016/02/java-rat-as-a-service-backdoor-o...

Clever bank hack allowed crooks to make unlimited ATM withdrawals | Ars Technica
http://arstechnica.com/security/2016/02/clever-bank-hack-allowed-crooks-...

Skimmers Hijack ATM Network Cables - Krebs on Security
http://krebsonsecurity.com/2016/02/skimmers-hijack-atm-network-cables/

Relive your worst MS-DOS file-deletion memories at the Malware Museum | Ars Technica
http://arstechnica.com/security/2016/02/relive-your-worst-ms-dos-file-de...

Parents urged to boycott VTech toys after hack - BBC News
http://www.bbc.com/news/technology-35532644

Flash flushed as Google orders almost all ads to adopt HTML5 \u2022 The Register
http://www.theregister.co.uk/2016/02/10/google_orders_advertisers_to_ado...

How to Hack the Power Grid Through Home Air Conditioners | WIRED
http://www.wired.com/2016/02/how-to-hack-the-power-grid-through-home-air...

Julian Assange's 3.5-Year Detainment in Embassy Ruled Unlawful | WIRED
http://www.wired.com/2016/02/julian-assanges-3-5-year-detainment-in-emba...

Gmail to warn you if your friends aren't using secure e-mail | Ars Technica
http://arstechnica.com/information-technology/2016/02/gmail-to-warn-you-...

Chrome picks up bonus security features on Windows 10 | Ars Technica
http://arstechnica.com/information-technology/2016/02/chrome-picks-up-bo...

UC Berkeley profs lambast new "black box" network monitoring hardware | Ars Technica
http://arstechnica.com/tech-policy/2016/02/profs-protest-invasive-cybers...

Zero Day Initiative announces Pwn2Own 2016 - Hewlett Packard Enterprise Community
http://community.hpe.com/t5/Security-Research/Zero-Day-Initiative-announ...

th\xe1i: Exploiting the Diffie-Hellman bug in socat
https://vnhacker.blogspot.co.nz/2016/02/exploiting-diffie-hellman-bug-in...

Gordon-Loeb Model for Cybersecurity Investments - YouTube
https://www.youtube.com/watch?v=cd8dT0FuqQ4

Bugcrowd's Vulnerability Rating Taxonomy
https://pages.bugcrowd.com/vulnerability-rating-taxonomy

Bugcrowd's Defensive Vulnerability Pricing Model
https://pages.bugcrowd.com/whats-a-bug-worth-2015-survey