Take 1 Security Podcast: Episode 5
Unsupervised Learning8 Helmi 2015

Take 1 Security Podcast: Episode 5



START CONTENT


* Anthem, the second largest healthcare company, had a major breach


* They lost around 80 million socials, addresses, emails, etc., which is roughly double the Target breach
* There’s speculation that it was China, trying to penetrate government, but it’s early
* Watch for phishing scams related to it
* The megabreaches continue…weee!

* A WordPress plugin called FancyBox had a serious compromise in it last week, which affected thousands of websites


* If you’re going to run WordPress, understand that Plugins are the best way to get yourself hacked
* Specifically, the type of plugins that handle user input and do something with it that affects the site’s output
* Image manipulation plugins have been particularly vulnerable, usually to XSS

* There was another critical Flash vulnerability this week


* Like I said last week, and the week before, there’s a first time for everything

* Three bug hunters at HP received the 125,000 prize for finding a major vulnerability in Internet Explorer


* Because they work for HP they couldn’t take the cash, and instead donated it to charity

* Microsoft released Outlook for iOS last week, which looks pretty slick


* Unfortunately it is riddled with security flaws
* Recommendation: wait for a few updates, and for them to get a security assessment


END CONTENT


Play Podcast

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(541)

Take 1 Security Podcast: Episode 13

Take 1 Security Podcast: Episode 13

Notes * The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM. Become a Member: https://da...

12 Kesä 201542min

Take 1 Security Podcast: Episode 12

Take 1 Security Podcast: Episode 12

Play Podcast START CONTENT * Singtel buys Trustwave * Snowden does interview with John Oliver * CheckPoint buys Lacoon * Everyone’s trying to do everything, which gives the big people a major adv...

8 Huhti 201513min

Take 1 Security Podcast: Episode 11

Take 1 Security Podcast: Episode 11

Play Podcast START CONTENT * Twitch, a game streaming service owned by Amazon, was hacked last week * Passwords, emails, usernames, addresses, phone numbers, dates of birth * Amazon bought them l...

30 Maalis 201516min

Take 1 Security Podcast: Episode 10

Take 1 Security Podcast: Episode 10

Play Podcast START CONTENT * There was another SQL Injection bug found in SEO by Yoast * It required admins to click a malicious link * Was patched quickly * It’s the plugins that make WordPress ...

16 Maalis 201522min

Take 1 Security Podcast: Episode 9

Take 1 Security Podcast: Episode 9

START CONTENT * Sorry about the audio last week; wireless headsets don’t compare to the Yeti * The CIA is focusing on cyberespionage in its new management * Anthem is refusing an audit by the OIG of...

9 Maalis 201512min

Take 1 Security Podcast: Episode 8

Take 1 Security Podcast: Episode 8

START CONTENT * New SSL attack called FREAK * Has to do with falling RSA back to a deprecated and weak level * Requires the client and server are both vulnerable * The solution is to patch * Many ...

3 Maalis 201516min

Take 1 Security Podcast: Episode 7

Take 1 Security Podcast: Episode 7

START CONTENT * New stuxnet like piece of malware was discovered * Was found by Kaspersky * Has infected thousands of computers, mostly in Iran * The malware is the most advanced ever found * Can ...

24 Helmi 20158min

Take 1 Security Podcast: Episode 6

Take 1 Security Podcast: Episode 6

START CONTENT * Ukrainian banks hacked for up to 1 Billion dollars * Evidently installed malware on bank admin machines using phishing * Not sure they have an FDIC * As if the Ukraine didn’t have ...

17 Helmi 201512min