Risky Business

Risky Business #770 -- A Russian IR guy discovers extremely cool spookware

Nov 13, 2024

Chris Tarbell, a former FBI agent famed for his role in the Silk Road case, shares dramatic insights into combating cybercrime. He discusses the complexities of Ross Ulbricht’s story and the potential implications of a changing political landscape. Feross Aboukhadijeh, founder of Socket.dev, argues for a centralized tracking system for supply chain attacks, highlighting vulnerabilities in software ecosystems. The conversation delves into Apple’s new security feature limiting law enforcement access and the ongoing evolution of cybersecurity challenges in today’s digital landscape.

01:03:29

Creator website

Episode guests

Feross Aboukhadijeh

Chris Tarbell

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Apple's new iOS feature complicates law enforcement's access to data, highlighting tensions between privacy and criminal investigations.

The rise in zero-day vulnerabilities reflects a critical need for enhanced security in enterprise software and edge devices.

Chris Tarbell's insights on Ross Ulbricht's case raise essential questions about justice, online criminality, and societal perceptions of drug policy.

Deep dives

iOS 18.1's New Security Feature

iOS 18.1 introduces a security feature that causes a phone to reboot if it remains unlocked for 72 hours, entering a 'before first unlock' state, which complicates law enforcement's ability to access seized devices. This change has created significant friction between Apple and law enforcement agencies, who previously established methods for accessing data through various exploits or waiting for unlock techniques. The implications of this feature are particularly pronounced in democratic countries, where law enforcement is bound by rules, in contrast to authoritarian regimes where harsher methods may be employed to extract information from individuals. Apple's continued commitment to user privacy may further strain its relationship with law enforcement agencies looking to maintain access to critical data.

Intro

2min

Navigating the Tension: Privacy vs. Law Enforcement

15min

Exploiting Email Vulnerabilities in Azure

6min

Censorship and Cybersecurity: The ECH Battle

7min

Global Operation Targets Malicious Cyber Activities

2min

The Silk Road Debate: Criminality and Cybersecurity

12min

Complexities of Murder-for-Hire Prosecutions

8min

Exploring Online Anonymity and Software Security

2min

Navigating Supply Chain Threats

12min

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

Apple frustrates law enforcement with iOS auto-reboot
CISA says most KEV vulnerabilities in 2023 were first used as zero days
Russians roll incident response on some sweet Linux spookware
Regular users can create mailboxes in M365?
Tor tracks down the source of its joe-job abuse complaints
And much, much more.

This week’s feature guest is former FBI agent Chris Tarbell, who arrested Silk Road operator Ross Ulbricht way back in 2013. As suggestions swirl that an incoming Trump administration might release Ulbricht, Chris talks about the reality of the Dread Pirate Roberts.

This episode is sponsored by software supply chain security firm Socket.dev. Founder Feross Aboukhadijeh thinks that we need a CVE-like catalogue for supply-chain attacks, and he makes a solid argument.

The show is also available on Youtube.

Show notes

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Risky Business

Risky Business #770 -- A Russian IR guy discovers extremely cool spookware

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

iOS 18.1's New Security Feature

Rise of Oday Vulnerabilities

Malicious Packages and Supply Chain Security

Implications of Encrypted Client Hello

Ross Ulbricht's Case and its Political Ramifications

Show notes

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Risky Business

Risky Business #770 -- A Russian IR guy discovers extremely cool spookware

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

iOS 18.1's New Security Feature

Rise of Oday Vulnerabilities

Malicious Packages and Supply Chain Security

Implications of Encrypted Client Hello

Ross Ulbricht's Case and its Political Ramifications

Show notes

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights