Risky Business #515 -- NSA staffer at centre of Kaspersky scandal jailed

Nghia Hoang Pho's unsanctioned homework results in 66-month sentence...
26 Sep 2018 » Risky Business

This edition of the show features Adam Boileau and Patrick Gray discussing the week’s security news:

  • Former NSA staffer gets 66 months over incident at heart of Kaspersky scandal
  • Zoho has a very bad week
  • Telco lobby group raises some legit concerns over Australia’s “anti-encryption” legislation
  • Twitter API leaks DMs
  • Equifax fined by UK
  • Yubikey 5 enables passwordless Windows logins
  • Privacy International has an aneurism
  • NSS Labs launches antitrust suit against security software makers
  • MOAR

This week’s show is brought to you by Rapid7.

Jen Andre is this week’s sponsor guest. She was the founder of Komand, which was a security automation and orchestration company but is now a part of Rapid7 as of about mid way through last year. I spoke to Jen a bit about how she came to start Komand and where the security automation and orchestration discipline is at right now.

Links to everything that we discussed are below, including the discussions that were edited out. (That’s why there are extras.) You can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ex-NSA employee gets 5.5 years in prison for taking home classified info | ZDNet
EDITORIAL-EAST-20180920122519
Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users | ZDNet
Peter Dutton to push through new security legislation as fears of "severely damaging" spyware murmur
Twitter API bug leaked private data to other accounts
Equifax fined maximum penalty under 1998 UK data protection law
The Series 5 YubiKey Will Help Kill the Password | WIRED
Press release: UK intelligence agency admits unlawfully spying on Privacy International | Privacy International
UK spooks fess up to snooping on Privacy International's private data
GCHQ's mass surveillance violates citizens' right to privacy, ECHR rules
NSS Labs files antitrust suit against multiple cybersecurity vendors
Hacking for ca$h | The Strategist
Operator of 'VirusTotal for criminals' gets 14-year prison sentence
Tencent engineer attending cybersecurity event fined for hotel WiFi hacking
Snyk gets $22 million for platform that tracks security flaws in open source projects
They Got 'Everything': Inside a Demo of NSO Group's Powerful iPhone Malware - Motherboard
Content Moderator Sues Facebook, Says Job Gave Her PTSD - Motherboard
Microsoft Rolls Out Confidential Computing for Azure
Cloudflare Improves Privacy by Encrypting the SNI During TLS Negotiation
This Windows file may be secretly hoarding your passwords and emails | ZDNet
Security researcher claims macOS Mojave privacy bug on launch day | TechCrunch
0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative
Over 80 Cisco Products Affected by FragmentSmack DoS Bug
Cisco patches 'critical' credential bug in video surveillance software
Security Orchestration and Automation with InsightConnect | Rapid7
Security Orchestration and Automation for Security Operations | Rapid7