Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Maalis 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Jaksot(532)

NO. 369 | Reddit Hack, Deepfake Scams, Embracing Change…

NO. 369 | Reddit Hack, Deepfake Scams, Embracing Change…

NO. 369 | Reddit Hack, Deepfake Scams, Embracing Change… Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

13 Helmi 202322min

NO. 368 | China Balloons, CustomGPT, 90s++…

NO. 368 | China Balloons, CustomGPT, 90s++…

NO. 368 | China Balloons, CustomGPT, 90s++…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Helmi 202318min

NO. 367 | Hive Ransom, Anti-Google, Software 2.0…

NO. 367 | Hive Ransom, Anti-Google, Software 2.0…

NO. 367 | Hive Ransom, Anti-Google, Software 2.0… The FBI infiltrated the HIVE ransomware group, stopping over $130 million in ransomware attacks Riot had the League of Legends source code stolen by a ransomware group, but they're refusing to pay the $10 million ransom ODIN Intelligence got hacked, resulting in the loss of police raid plans, facial recognition data, and surveillance information The FBI says North Korea was behind the $100 million Horizon Bridge crypto hack And much more! Sponsored by PlexTrac: Streamline your security testing reporting so you can get back to the work that matters! https://plextrac.com/unsupervisedlearningBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

30 Tammi 202314min

NO. 366 | T-Breach, Siri++, Conception Ages…

NO. 366 | T-Breach, Siri++, Conception Ages…

NO. 366 | T-Breach, Siri++, Conception Ages… TOPICS INCLUDE: -T-Mobile has had another security breach, this one affecting at least 37 million accounts -Canary Cards now available to use as credit cards -Hook Malware allows attackers to fully control Android phones -Attackers are now spreading malware through Microsoft OneNote attachments -Many attackers are migrating from Cobalt Strike to the more defender-focused Silver C2 framework -Git patched two critical RCEs …and many more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

23 Tammi 202315min

NO. 365 | China's Decline, MicrosoftAI, Creativity Ratio…

NO. 365 | China's Decline, MicrosoftAI, Creativity Ratio…

China's Decline, MicrosoftAI, Creativity Ratio…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Tammi 202311min

NO. 364 | Reality Headset, BingPT, AI+Cyber

NO. 364 | Reality Headset, BingPT, AI+Cyber

NO. 364 | Reality Headset, BingPT, AI+CyberBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

9 Tammi 202315min

NO. 363 | NEWS, ANALYSIS, and DISCOVERY SERIES

NO. 363 | NEWS, ANALYSIS, and DISCOVERY SERIES

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Tammi 202313min

NO. 362 | Dependency Scanner, Citrix Attacks, AI Analysis…

NO. 362 | Dependency Scanner, Citrix Attacks, AI Analysis…

Dependency Scanner, Citrix Attacks, AI Analysis…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Joulu 202212min