T1SP: Episode 23

[ Subscribe to the Podcast: iTunes | Android | RSS ]

News


* [ ] Juniper backdoor; could have been found with diff; signs point to NSA
* [ ] RCE on FireEye appliances
* [ ] Hyatt got hacked; malware on POS
* [ ] 45K drones registered with FAA within 2 days
* [ ] Industry moving towards password-free logins; still single factor, now the factor is your device; although access to device could require factors
* [ ] Microsoft will now tell you if your account has been targeted by government authorities
* [ ] Tor announced it’s doing a bug bounty, looks like it’ll be internal
* [ ] Steam had a DoS that revealed 34K user details
* [ ] Linode has been suffering a massive DDoS on its datacenters, DNS infrastructure
* [ ] Spy files found in North Korea’s Operating System


Ideas, updates, and discussion


* [ ] 3 things you should do every January
* [ ] Web Scanner Series: Burp vs. Netsparker
* [ ] When you’re interviewing, make sure you make it clear that you’re the asset too, not just them
* [ ] Failing at the basics in intelligence and infosec
* [ ] Why Trump is Winning
* [ ] Sensitive data sent in URL over HTTPS
* [ ] Difference between correlation and causation
* [ ] Paul Graham’s REFRAGMENTATION post
* [ ] The relationship between Relaxation, Fun, and Performance
* [ ] Michael Coates makes the argument that false negatives are way better than false positives because false positives create unnecessary work for his team
* [ ] Brainstorm questions, not solutions


Tools and projects


* [ ] BLUTO
* [ ] Serpico
* [ ] Firmware Extraction from Craig Smith
* [ ] Vulnerability Database Resources
* [ ] IoT Attack Surfaces Project
* [ ] RobotsDisallowed Project
* [ ] Nowhere.net (CyberPunk)
* [ ] EyeWitness
* [ ] REST Security Cheat Sheet
* [ ] Censys.io
* [ ] GithubDorks
* [ ] InstaRecon (DNS lookups, whois, shodan, google dorks, etc)
* [ ] twfactorauth.org


Announcements


* [ ] Speaking at OWASP Cali end of January
* [ ] Currently working on an ICS / SCADA primer


Miscellaneous


* [ ] Need to check out the Benedict Evans blog
* [ ] Serial Podcast / Making a Murderer on Netflix
* [ ] If you know any Army veterans who are getting out and want to get into InfoSec, let me know
* [ ] Twitter account: CISSP Googling
* [ ] Sam Altman (Startup Playbook)


[ Subscribe to the Podcast: iTunes | Android | RSS ]

Notes


* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.