In this edition of Between Two Nerds Tom Uren and The Grugq talk about how there is an opportunity for the US to expand its 0day and talent acquisition pool to Asia. They revisit a paper comparing the Chinese and American 0day acquisition strategies and have some quibbles.
This episode is also available on Youtube.
Show notes
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
--------
32:13
--------
32:13
Risky Bulletin: Chinese researchers claim to find new North American APT
Chinese security researchers claim to have found a new American APT, the SEC and SolarWinds are seeking a settlement, a company insider was behind Brazil’s bank hack, and Luis Vuitton discloses a security breach.
Show notes
--------
5:08
--------
5:08
Sponsored: Making Zero Trust work with non-critical, crappy applications
In this sponsored interview, Patrick Gray chats with the CEO of Knocknoc, Adam Pointon.
They talk about the woeful state of internal enterprise networks and how many control system networks aren’t appropriately segmented.
Adam also explains why Knocknoc released a very simple identity aware proxy: For too long the Zero Trust “industry” has focussed on securing access to critical applications, while everything else is left behind to get owned. This is Zero Trust for crappy apps! Zero Trust for the rest of us!
Show notes
--------
11:39
--------
11:39
Risky Bulletin: Hunters International ransomware shuts down, releases decryption keys
A ransomware operation shuts down and releases free decryption keys, the FBI investigates a ransomware negotiator for taking kickbacks, Spain arrests two over government hacks, and hackers steal $185 million from Brazilian financial institutions.
Show notes
--------
7:21
--------
7:21
Srsly Risky Biz: Why Iran is a scaredy cat cyber chicken
Tom Uren and Patrick Gray discuss warnings about Iranian cyber attacks on US critical infrastructure. Despite many many warnings, there have been no actual attacks and they discuss the reasons why Iran would want to avoid escalatory cyber attacks.
They also talk about how the FBI is struggling to deal with the democratisation of surveillance and data analysis, what the agency calls Ubiquitous Technical Surveillance (UTS). A Department of Justice audit of the FBI’s response finds the threat from UTS is real and that sources have been murdered. But it seems that the FBI just doesn’t care.
This episode is also available on Youtube.
Show notes
UK