Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Maalis 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Jaksot(532)

Unsupervised Learning: No. 116

Unsupervised Learning: No. 116

Chinese at CanSecWest, Applebees POS, Palantir, Poisoning, TensorFlow DoD, Amazon laughing, Google 72-qbits, Amazon FinTech, Android P, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

13 Maalis 201817min

Unsupervised Learning: No. 115

Unsupervised Learning: No. 115

GitHub DDoS, Celebrite Attacks, AI warnings, Palantir in New Orleans, Grub Backspace, 4G attacks, Space Corps, Amazon wins Defense Department deal, tech news, human news, discovery, notes, recommendation, aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Maalis 201812min

Unsupervised Learning: No. 113

Unsupervised Learning: No. 113

Parkland tampering, Avoid Huawei, Bongo S3, Facebook 2FA Spam, Android Cryptojacking, Spyware Hacking, Password Dating, Technology News, Human News, Trends, Ideas & Analysis, Data & Statistics, Discovery, Recommendations, Aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

20 Helmi 201851min

Unsupervised Learning: No. 112

Unsupervised Learning: No. 112

Chinese AR glasses, Cisco ASA flaws, Russian Nuclear Cryptomining, Marine quadcopters, POS Skimmers, Chrome HTTP, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Helmi 201822min

Unsupervised Learning: No. 111

Unsupervised Learning: No. 111

Olympic security drones, Alexa trickery, Chinese quantum satellite, Audio Adversary Examples, BeeToken Ethereum theft, App Store Security, Cryptomining, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

5 Helmi 201814min

Unsupervised Learning: No. 109

Unsupervised Learning: No. 109

Social engineering, breach impact, Chinese turncoat, Android spy kit, Hawaiian OPSEC, Russian cables, bypassing CloudFlare, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Tammi 201814min

Unsupervised Learning: No. 107

Unsupervised Learning: No. 107

Meltdown & Spectre, India's Database, Criminals and Monero, Equifax Non-action, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

8 Tammi 201830min

The Biggest Advantage in Machine Learning Will Come From Superior Coverage, Not Superior Analysis

The Biggest Advantage in Machine Learning Will Come From Superior Coverage, Not Superior Analysis

Many people, in many fields, think Machine Learning won't replace their analysts because their humans are better than an algorithm. But it's not just about side-by-side comparisons. The bigger question is, "what percentage of the data can humans actually look at?", and the answer to that question (a tiny fraction) is the reason ML will be so helpful.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Tammi 20188min