Take 1 Security Podcast: Episode 2

START CONTENT * There was an issue with the Marriott website that exposed reservations and payment information. It’s now been fixed * Police are now using a new radar to see into peoples’ homes without a warrant * Security budgets are reportedly going up due to the mega-breaches in 2014 * Also leading to higher pay for CIOs * Anecdotally, I’d say it’s a pretty good time to be in infosec * A new security startup, PFP Cybersecurity, uses power consumption to detect malware * Meant initially to be used for SCADA type systems * The US hacked North Korean computers back in 2010 * This is reportedly the reasons we were so sure they hacked Sony * Recently leaked documents from Snowden show heavy offense * Snowden recently talked to Schneier at Harvard about a number of things * The NSA is becoming increasingly offensively oriented vs. defensive * The NSA supposedly uses compromised systems as jump points * Snowden said most NSA hackers are junior enlisted with limited skills * Russia reportedly hacking for geopolitical gain, not just money * Millions of gas stations could be at risk of shutdown * The Automated Tank Gauges can be remotely accessed by attackers * Could be manipulated to cause alerts * Potentially could be used to stop the flow of fuel * Microsoft gave Charlie Hebdo data to FBI in 45 minutes * Starwood hack based on bad passwords * Bad passwords, password re-use, and a brute forcing tool * Account harvesting is rough: user enumeration, weak passwords, and lack of account lockout * Flash has another major exploit. Update your stuff. * People continue to be worried that the President’s crackdown on hackers could hurt security professionals * Congress is meeting on the 27th of January to discuss breach notification * The wireless in around 2 million cars is highly vulnerable to attack * A polish company has created Mouse-Box, which is an entire computer inside of a mouse enclosure END CONTENT Play Podcast Notes * Sorry about the noise part way through. My girl walked in and started unpacking groceries. But when I say one take, I mean one take. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

25 Jan 201510min

Subscribe to the Podcast: iTunes | Android | RSS START HEADLINES * Google drops security updates for Android 4.3 and below * This is a problem since that’s most of the install-base * Only .1% of users are on Android 5 * Microsoft and Adobe Push Critical Security Fixes * Seems like Google’s been messing up recently, with their attack on Whitehat for the Aviator stuff, their dropping security updates for Android, and now this early release of a bug before there was a fix. * Obama is asking for the removal of a number of state laws that make it harder to get good broadband in the US. * Obama is asking for quicker laws around the disclosure of hacks * One potential law is the Personal Data Notification and Protection Act, which would require companies to notify within 30 days if they get hacked. * The CENTCOM Twitter account got hacked a couple of days ago by some pro-ISIS folks * Obama is looking to improve the sharing of cybersecurity information as a response to the hack * Sammy Kamkar has released a keylogger for Microsoft wireless keyboards, called Keysweeper * David Cameron wants to make encrypted messaging apps illegal * 1) I’m not sure how he thinks this is possible Subscribe to the Podcast: iTunes | Android | RSSBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Jan 20153min