Take 1 Security Podcast: Episode 10
Unsupervised Learning16 Maalis 2015

Take 1 Security Podcast: Episode 10



Play Podcast

START CONTENT


* There was another SQL Injection bug found in SEO by Yoast


* It required admins to click a malicious link
* Was patched quickly
* It’s the plugins that make WordPress vulnerable

* Attackers are targeting gamers for ransomware


* Virlock is one version of ransomware that not only locks the screen, but infects files
* It’s also polymorphic, so it changes itself every time it runs
* TeslaCrypt goes after gamers, which seems super smart because they are often addicted

* The Hello Barbie doll is recording kids voices and sending the recordings over the Internet for voice recognition


* I get asked a lot about what to do about this kind of stuff
* Start by making a list of everything that can record voice or audio in your home, and determine what kind of controls you have on them
* Assume the worst, even though it’s probably not that bad

* US industrial systems attacked 245 times between October 2013 and September 2014


* Most attacks were against Critical Manufacturing and Energy
* Biggest vectors were spear phishing and port scanning

* CloudFlare aims to defeat DDoS with Virtual DNS


* They want to proxy DNS before it hits customer name server

* The CIA supposedly tried to hack Apple hardware


* The article has come under extreme scrutiny

* Going to be on the Security Weekly podcast with Pau
* Hillary Clinton’s email account dram
* OpenSSL is getting an audit


* Bout time

* Wikimedia is suing the NSA over surveillance
* Spoofing the boss is the best way to phish someone, evidently
* Had a great time at CactusCon in Phoenix


* Did a talk with Jason and saw Dave’s keynote
* Dave’s keynote was about struggling with the basics, not APT
* He asked when a major breach was NOT a dumb mistake

* Someone’s looking to make a Snowden Phone
* Looks like I’ll be on the Security Weekly podcast with Paul


* Going to talk about IoT security and my our OWASP project



END CONTENT

Play Podcast

Notes


* Comments welcome on content and format, as usual.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(541)

UL NO. 485: STANDARD EDITION: Netflix RCE, My Current AI Stack, All-in on Claude Code, and more...

UL NO. 485: STANDARD EDITION: Netflix RCE, My Current AI Stack, All-in on Claude Code, and more...

STANDARD EDITION: Netflix RCE, My Current AI Stack, All-in on Claude Code, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to u...

19 Kesä 202536min

UL NO. 484: STANDARD EDITION: OpenAI's Malicious AI Report, Disappointed with WWDC, AI's First Actual Science Breakthrough, and more...

UL NO. 484: STANDARD EDITION: OpenAI's Malicious AI Report, Disappointed with WWDC, AI's First Actual Science Breakthrough, and more...

UL NO. 484: STANDARD EDITION: OpenAI's Malicious AI Report, Disappointed with WWDC, AI's First Actual Science Breakthrough, and more... You are currently listening to the Standard version of the podca...

12 Kesä 202543min

UL NO. 483 | STANDARD EDITION: A Chrome 0-Day, Meta Automates Security Assessments, New Essays, My New Video on Hacking with AI, Ukraine's Asymmetrical Attack, Thoughts on My AI Skeptical Friends, The Dangers of Winning the Wrong Game, and more...

UL NO. 483 | STANDARD EDITION: A Chrome 0-Day, Meta Automates Security Assessments, New Essays, My New Video on Hacking with AI, Ukraine's Asymmetrical Attack, Thoughts on My AI Skeptical Friends, The Dangers of Winning the Wrong Game, and more...

A Chrome 0-Day, Meta Automates Security Assessments, New Essays, My New Video on Hacking with AI, Ukraine's Asymmetrical Attack, Thoughts on My AI Skeptical Friends, The Dangers of Winning the Wrong G...

5 Kesä 202531min

The Future of Hacking is Context

The Future of Hacking is Context

Sponsored by Vanta. Vanta takes the busywork out of GRC so you can focus on what actually matters—improving your security, not chasing compliance. https://ul.live/vanta This isn’t just another AI podc...

3 Kesä 202533min

UL NO. 482 | STANDARD EDITION: AI Finds an 0-Day!, Postman Leaking Secrets, High Agency Mental Model, My Unified Entity Context Video, Github MCP Leaks Private Repos, Google vs. OpenAI vs. Apple on AI Vision, and more...

UL NO. 482 | STANDARD EDITION: AI Finds an 0-Day!, Postman Leaking Secrets, High Agency Mental Model, My Unified Entity Context Video, Github MCP Leaks Private Repos, Google vs. OpenAI vs. Apple on AI Vision, and more...

AI Finds an 0-Day!, Postman Leaking Secrets, High Agency Mental Model, My Unified Entity Context Video, Github MCP Leaks Private Repos, Google vs. OpenAI vs. Apple on AI Vision, and more... You are cu...

30 Touko 202531min

Unified Entity Context

Unified Entity Context

🔹 Thanks to ProjectDiscovery for sponsoring today’s video. I've been using their tools like Nuclei and Subfinder for years, and now they’ve brought that power to the cloud with a full vulnerability m...

15 Touko 202530min

Reviewing RSA 2025 with Jason Haddix

Reviewing RSA 2025 with Jason Haddix

What really happened at RSA 2024? Daniel Miessler and Jason Haddix break it down. Fresh off a whirlwind RSA week, Daniel sits down with Jason Haddix (Arcanum Information Security) to talk about what m...

8 Touko 20251h 21min

A Conversation with Bar-El Tayouri from Mend.io

A Conversation with Bar-El Tayouri from Mend.io

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend In this episode, I ...

6 Touko 202545min