Take 1 Security Podcast: Episode 4
Unsupervised Learning2 Feb 2015

Take 1 Security Podcast: Episode 4



START CONTENT


* Ghost bug in PHP could affect millions of servers


* Flaw is in glibc, which is extensively by all Linux distributions
* Patch and reboot using yum or aptitude

* The US Army Released DShell, a malware forensics tool


* This is an interesting trend where we see tons of formerly secret groups flock to Github. Great to see

* Reddit released its first transparency report last week


* Says it received 55 requests for user information
* Says it complied with 64% of state and federal requests
* Says it received 218 requests for content removal, and complied with 31 percent of those
* I am pleased to see them releasing these numbers, and I hope more organizations do the same

* The GHCQ was using a program called BADASS to collect data leaked by games such as Angry Birds


* Luckily it only affected the 11 people still playing that game

* Russian dating site, Topface, got hacked for 20 million usernames
* The FBI busted up a Tom Clancy book plot in New York City


* The plan was to get information about wall street trading algorithms and hopefully destabilize the markets
* All they managed to do was embarrass themselves by commenting on how they couldn’t recruit young women

* China is demanding to be able to build backdoors into any code sold to its banking sector


* Some people call this news, but with China we just call this Wednesday

* Apple released a Yosemite update that fixed Thunderstrike, among other things
* Anonymous and Lizard Squad are going after each other


* Anonymous is the famous hacking group known for all sorts of things
* Lizard Squad is known for taking down the XBox and Playstation networks around Christmas time
* Anonymous DDoS’d the Lizard Squad website, and then Twitter suspended a couple of their handles
* Interesting to see these groups going after each other

* BMW and the internet of things is in the news, with BMW owners receiving an automatic push to around 2 million cars


* A vulnerability was present that could allow attacks to spoof cell towers and possibly control onboard systems
* BMW pushed a patch that ensures all such communications go over HTTPS
* It’s interesting that, like printers, cars are likely to become a primary IoT platform just because there are so many of them
* The key is to figure out what normal things exist in the world today en mass, and then imagine those things being connected
* Printers, cars, furniture, clothing, etc. It’s the regular stuff that makes it interesting because of how much attack surface they represent, and how prevalent the perspective they’ll offer into our daily lives



END CONTENT

Play Podcast

Notes


* Intro is from Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Episoder(531)

A Conversation With Sarit Tager from Prisma Cloud

A Conversation With Sarit Tager from Prisma Cloud

➡ Prevent Risk At The Source with Cortex Cloud: https://www.paloaltonetworks.com/cortex/cloud/application-security In this sponsored conversation, I speak with Sarit Tager, VP of Product Management at Palo Alto Networks, about how Prisma Cloud and their new ASPM solution are transforming cloud and application security by unifying data and deeply integrating business context into AppSec workflows. We talk about: Unifying AppSec, Cloud, and SOC into One Data Lake How Palo Alto merged their products into a single system that consolidates runtime, code, identity, cloud, and SOC data, allowing for true context-aware risk prioritization and faster response times across the board. From Detection to Dynamic Prevention Why the future of application security isn’t just about discovering vulnerabilities, but enforcing smart, context-based guardrails during development, CI/CD, and build processes to prevent issues before they reach production. AI-Powered Insight and the Future of Secure DevOpsHow their system uses AI to analyze the full security posture, enrich findings, simulate attack paths, and recommend precise mitigations. The platform even helps guide security and engineering teams through better workflows, boosting velocity, and not blocking it. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 – Sarit’s Background and the Goal of Unifying Security Context01:50 – Building a Single Data Lake for Cloud, SOC, and AppSec04:28 – From Noise to Clarity: Fixing the Prioritization Problem in AppSec06:47 – Using Business Context to Drive Risk-Based Decisions10:18 – True App Ownership, Developer Velocity, and Aligning with Business Impact13:12 – Continuous Discovery and Bringing External Signals Into One View15:25 – Why App Grouping and Context-Rich Policies Increase Velocity17:58 – How Attackers Are Already Building Their Own Unified Context (UEC)20:45 – Prisma’s Control Points: IDE, PR, CI/CD, Image, Admission Control21:56 – Bringing In Data From External Scanners and Enriching Coverage24:23 – Ecosystem Signals, Query Language, and Intelligent Workflow Automation25:05 – Closing Thoughts: Security and Developers Working TogetherBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

29 Jul 25min

UL NO. 489: STANDARD EDITION | My personal toolchain updates, Google tracking through DuckDuckGo, Anthropic’s Pentagon Deal, Grok4 NSFW, Substack Crushes WSJ, and more...

UL NO. 489: STANDARD EDITION | My personal toolchain updates, Google tracking through DuckDuckGo, Anthropic’s Pentagon Deal, Grok4 NSFW, Substack Crushes WSJ, and more...

UL NO. 489: STANDARD EDITION | My personal toolchain updates, Google tracking through DuckDuckGo, Anthropic’s Pentagon Deal, Grok4 NSFW, Substack Crushes WSJ, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-489 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Jul 22min

UL NO. 488: STANDARD EDITION | Google Granting Confusing Access to Gemini, A New Favorite Creator, Russia's new Autonomous Drones, Claude Code Madness and Neovim Config, and more...

UL NO. 488: STANDARD EDITION | Google Granting Confusing Access to Gemini, A New Favorite Creator, Russia's new Autonomous Drones, Claude Code Madness and Neovim Config, and more...

UL NO. 488: STANDARD EDITION | Google Granting Confusing Access to Gemini, A New Favorite Creator, Russia's new Autonomous Drones, Claude Code Madness and Neovim Config, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-488 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

10 Jul 30min

UL NO. 487: STANDARD EDITION: Iranian Critical Infra Attacks, Insane Recent Productivity, A Chinese Mosquito Drone, Marcus's Response to Our AI Debate, "Context Engineering" Ain't It, and more...

UL NO. 487: STANDARD EDITION: Iranian Critical Infra Attacks, Insane Recent Productivity, A Chinese Mosquito Drone, Marcus's Response to Our AI Debate, "Context Engineering" Ain't It, and more...

UL NO. 487: STANDARD EDITION: Iranian Critical Infra Attacks, Insane Recent Productivity, A Chinese Mosquito Drone, Marcus's Response to Our AI Debate, "Context Engineering" Ain't It, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-487 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

2 Jul 41min

An AI Debate with Marcus Hutchins

An AI Debate with Marcus Hutchins

Marcus and I debate AIs capabilities from nearly polar opposite ends. He thinks it's basically autocomplete, and I think it's the most important tech we've ever built as humans. It was a fantastic, and very civil conversation, so thanks to Marcus for that, and we're already planning on Part 2. This two-hour discussion covers: 🧠 The real risks of AI vs. the imagined ones🔐 How security researchers view AI's capabilities🤖 The blurry line between useful and dangerous automation ⚖️ Bias, alignment, and who gets to control intelligence 📉 Whether AI might ultimately collapse under its own complexity Marcus Hutchins is best known for stopping the WannaCry ransomware attack and brings a sharp, skeptical perspective to AI. Marcus' Website: https://marcushutchins.com Watch the interview on YouTube: https://youtu.be/I9-iD_rLRjA Subscribe to the UL newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Follow Marcus on LinkedIn: https://www.linkedin.com/in/malwaretech/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Jun 2h

UL NO. 486 STANDARD EDITION: Fully Automated AI Malware (Binary and Web), My Debate with Marcus Hutchins on AI and more

UL NO. 486 STANDARD EDITION: Fully Automated AI Malware (Binary and Web), My Debate with Marcus Hutchins on AI and more

UL NO. 486: STANDARD EDITION: Fully Automated AI Malware (Binary and Web), My Debate with Marcus Hutchins on AI, The 'Did You Notice?' Psyop, The METR AI Metric for Longterm Tasks, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-486 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Jun 55min

UL NO. 485: STANDARD EDITION: Netflix RCE, My Current AI Stack, All-in on Claude Code, and more...

UL NO. 485: STANDARD EDITION: Netflix RCE, My Current AI Stack, All-in on Claude Code, and more...

STANDARD EDITION: Netflix RCE, My Current AI Stack, All-in on Claude Code, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-485 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Jun 36min

UL NO. 484: STANDARD EDITION: OpenAI's Malicious AI Report, Disappointed with WWDC, AI's First Actual Science Breakthrough, and more...

UL NO. 484: STANDARD EDITION: OpenAI's Malicious AI Report, Disappointed with WWDC, AI's First Actual Science Breakthrough, and more...

UL NO. 484: STANDARD EDITION: OpenAI's Malicious AI Report, Disappointed with WWDC, AI's First Actual Science Breakthrough, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member to unlock the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Read this episode online: https://newsletter.danielmiessler.com/p/ul-484 Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Jun 43min

Populært innen Teknologi

romkapsel
rss-avskiltet
teknisk-sett
tomprat-med-gunnar-tjomlid
energi-og-klima
rss-impressions-2
shifter
nasjonal-sikkerhetsmyndighet-nsm
elektropodden
fornybaren
smart-forklart
rss-snakk-om-sikkerhet
rss-alt-vi-kan
rss-bouvet-bobler
kunstig-intelligens-med-morten-goodwin
rss-alt-som-gar-pa-strom
teknologi-og-mennesker
pedagogisk-intelligens
rss-digitaliseringspadden
i-loopen