In this edition of Between Two Nerds Tom Uren and The Grugq look at the natural advantages that network defenders have. Despite this “home ground advantage” hackers still have a great deal of success and Tom and The Grugq look at what does work in favour of attackers.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the RESTRICT Act, proposed US legislation that tries to deal with the problems posed by technologies from foreign adversaries. RESTRICT gives the US government powers to deal with companies like Kaspersky, Huawei and now TikTok on an ongoing basis, rather than muddling through in an ad hoc way each time a problem company pops up. It also requires that the Secretary of Commerce come up with processes and procedures to deal with and mitigate these types of threats, rather than the current whack-a-mole approach. They also discuss a draft Cambodian cyber security law and experts’ concerns that it could be abused by the Cambodian government to maintain its grip on power. This law has many similarities to Australian critical infrastructure law and Tom and Pat discuss the reasons behind the law in Australia. There’s a straight line between a serious ransomware incident in Australia and the resulting law, but still, Cambodia’s government remains authoritarian. Finally, they look at a Carnegie report on Chinese manipulation of international standards setting organisations. It’s a good report and explains what is going on — Chinese manipulation does happen occasionally, but it is “largely unsuccessful”.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different countries take different approaches to talent identification and recruitment. How much of a difference does it make? And why do countries have these different approaches?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the recently released US National Cyber Security Strategy. Tom really likes it because it sets out how the US will “win” by reshaping who is liable when crapware hits the fan. It’s got other stuff in it too… Tom and Pat also discuss the story of an MSS agent being busted when trying to steal intellectual property from the aviation industry. He used the same iphone for both his personal life and his spying and his iCloud backups were an intelligence bonanza. These backups not only had messages to potential recruits, they also had had audio of meetings he’d recorded where he was discussing his approach to espionage. Finally, we talk about the security risks that arise from the use of Chinese ship-to-shore cranes at ports. Apparently these are chock full of sensors and could be spying on port logistics.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how cyber operations have been used in the war in Ukraine. They examine what we know given the “fog of cyber war” and what “cyber warfare” might look like in future.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about Signal’s vow to pull out of the UK if the proposed Online Safety Bill requires it to weaken its encryption. Tom and Patrick agree that end-to-end encryption isn’t at stake, but Signal could well be asked what steps it is taking to mitigate child exploitation and terrorist content. Patrick thinks there are useful steps Signal could take that would be helpful, but both Tom and Pat find it hard to imagine that Signal will actually make these choices. They also discuss the US government floating the idea of shifting legal liability to technology manufacturers when they make terribly insecure products. Tom thinks this is an attractive idea, but the government would be better off doing much more to encourage transparency first.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at reports that try and distil a country’s cyber power into a single number so that they can be ranked and compared. Do these reports say anything useful and have any value?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about investigations into the disinformation industry. One election interference for hire company, known as “Team Jorge”, provides a huge variety of dirty tricks services, but we think its claims of massive influence are overblown. Despite that, however, these companies are still corrosive for democracy and a scourge worth tackling. Patrick thinks they’re the “new internet villain” and will replace NSO as a target of hate. They also discuss Google’s new report that covers Russian cyber operations in its invasion of Ukraine. On the whole a good report, but both Tom and Pat think some of it is problematic. Finally, they talk about Patrick’s interview with the head of the CIA’s Center for Cyber Intelligence. It’s great to have intelligence officials explain how they see the cyber threat landscape and get their take on war in Ukraine and what that means for cyber operations in future conflicts.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.