Take 1 Security Podcast: Episode 4
Unsupervised Learning2 Feb 2015

Take 1 Security Podcast: Episode 4



START CONTENT


* Ghost bug in PHP could affect millions of servers


* Flaw is in glibc, which is extensively by all Linux distributions
* Patch and reboot using yum or aptitude

* The US Army Released DShell, a malware forensics tool


* This is an interesting trend where we see tons of formerly secret groups flock to Github. Great to see

* Reddit released its first transparency report last week


* Says it received 55 requests for user information
* Says it complied with 64% of state and federal requests
* Says it received 218 requests for content removal, and complied with 31 percent of those
* I am pleased to see them releasing these numbers, and I hope more organizations do the same

* The GHCQ was using a program called BADASS to collect data leaked by games such as Angry Birds


* Luckily it only affected the 11 people still playing that game

* Russian dating site, Topface, got hacked for 20 million usernames
* The FBI busted up a Tom Clancy book plot in New York City


* The plan was to get information about wall street trading algorithms and hopefully destabilize the markets
* All they managed to do was embarrass themselves by commenting on how they couldn’t recruit young women

* China is demanding to be able to build backdoors into any code sold to its banking sector


* Some people call this news, but with China we just call this Wednesday

* Apple released a Yosemite update that fixed Thunderstrike, among other things
* Anonymous and Lizard Squad are going after each other


* Anonymous is the famous hacking group known for all sorts of things
* Lizard Squad is known for taking down the XBox and Playstation networks around Christmas time
* Anonymous DDoS’d the Lizard Squad website, and then Twitter suspended a couple of their handles
* Interesting to see these groups going after each other

* BMW and the internet of things is in the news, with BMW owners receiving an automatic push to around 2 million cars


* A vulnerability was present that could allow attacks to spoof cell towers and possibly control onboard systems
* BMW pushed a patch that ensures all such communications go over HTTPS
* It’s interesting that, like printers, cars are likely to become a primary IoT platform just because there are so many of them
* The key is to figure out what normal things exist in the world today en mass, and then imagine those things being connected
* Printers, cars, furniture, clothing, etc. It’s the regular stuff that makes it interesting because of how much attack surface they represent, and how prevalent the perspective they’ll offer into our daily lives



END CONTENT

Play Podcast

Notes


* Intro is from Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Episoder(531)

UL NO. 471 | STANDARD EDITION: Cyber Standing Down, China's Innovation Burst, PC vs. NPC, Why AI Can't Understand, and more...

UL NO. 471 | STANDARD EDITION: Cyber Standing Down, China's Innovation Burst, PC vs. NPC, Why AI Can't Understand, and more...

STANDARD EDITION: Cyber Standing Down, China's Innovation Burst, PC vs. NPC, Why AI Can't Understand, and more... You are currently listening to the Standard version of the podcast, consider upgrading and becoming a member for the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

9 Mar 25min

UL NO. 470 | Attacking Signal, Blogging Getting MORE Important, AI's Final Form, Claude 3.7 vs. World, Censorship as a Service, and more...

UL NO. 470 | Attacking Signal, Blogging Getting MORE Important, AI's Final Form, Claude 3.7 vs. World, Censorship as a Service, and more...

STANDARD EDITION: Attacking Signal, Blogging Getting MORE Important, AI's Final Form, Claude 3.7 vs. World, Censorship as a Service, and more... ➡ Protect Against Bots, Fraud, and Abuse. Check out WorkOS Radar at: workos.com/radarYou are currently listening to the Standard version of the podcast, consider upgrading and becoming a member for the full version and many other exclusive benefits here: https://newsletter.danielmiessler.com/upgrade Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

4 Mar 41min

UL NO. 468 | TELOS Patterns, Apple 0-Day, Gumroad Replaces Developers with AI

UL NO. 468 | TELOS Patterns, Apple 0-Day, Gumroad Replaces Developers with AI

Also: A new threat modeling framework for AI, an API security report, and being paralyzed by crisis Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Feb 49min

UL NO. 467 | Why You Should Care About AGI (And a Definition)

UL NO. 467 | Why You Should Care About AGI (And a Definition)

Plus: DeepSeek's open database, Using o3 with Fabric, Chinese backdoors in health monitors, and much more... Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X: https://x.com/danielmiessler Follow on LinkedIn: https://www.linkedin.com/in/danielmiesslerBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Feb 25min

Writing Fiction With AI

Writing Fiction With AI

I want to explore how AI can assist in fiction writing, especially using open-source models that allow for greater control, creativity, and long-form storytelling. With tools like LM Studio and Hugging Face, we can download powerful AI models capable of maintaining story coherence, helping authors generate complex narratives, and even unlocking new storytelling possibilities. So, the idea is to create a structured approach to fiction writing with AI. By organizing story elements—characters, setting, mystery, and plot—into a detailed text file ("Telus file"), we can guide AI models to produce high-quality, structured narratives. The goal is not to replace authors but to empower them with AI-assisted storytelling. Who wants to experiment with this approach? Or does anyone know of better AI tools for fiction writing? With larger context models and improving AI capabilities, we might be close to AI-assisted novels that rival human-written stories! Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X: https://x.com/danielmiessler Follow on LinkedIn: https://www.linkedin.com/in/danielmiessler Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

5 Feb 30min

A Conversation with Alastair Paterson from Harmonic Security

A Conversation with Alastair Paterson from Harmonic Security

In this conversation, I speak with Alastair Paterson, CEO and co-founder of Harmonic Security. We talk about: Harmonic Security’s Unique Approach to AI Data Protection: How Harmonic Security’s Zero-Touch Data Protection uses small language models to identify and prevent sensitive data leaks, differentiating it from traditional DLP solutions. Challenges of AI Adoption & Enterprise Security Risks: How enterprises are struggling to adopt Generative AI safely, as employees unknowingly expose sensitive data. The risks of shadow AI usage, and why visibility into AI applications is essential for organizations. Harmonic’s Browser-Based Solution for Secure AI Adoption: How Harmonic Security’s browser-based extension provides real-time monitoring and intervention, allowing enterprises to track AI adoption, prevent data leaks, and enforce security policies without disrupting productivity. ➡️ Get a DEMO and Take Advantage of Harmonic's GenAI Securely ul.live/harmonic ➡️ Check out Harmonic's Data leakage report "From Payrolls to Patents"ul.live/harmonic-data-leaked00 Intro00:12 Guest Introduction - Alistair and Harmonic Security01:16 Background on Digital Shadows and Transition to Harmonic Security02:50 The Impact of ChatGPT and Generative AI on Security04:35 The Problem with AI Data Leakage and Enterprise Risks06:20 The Evolution of Data Protection: From DLP to AI Readiness08:45 The Challenge of Shadow AI in Enterprises10:30 Understanding Harmonic Security's Zero-Touch Data Protection12:15 How Harmonic Security Works - Browser Extension Overview14:40 Detecting Sensitive Data in AI Prompts16:50 Live Demo - Preventing Data Leaks in AI Chatbots19:35 Visibility and Monitoring of AI Usage Across the Enterprise22:10 Risk Classification and Training Data Considerations24:05 Policy Enforcement and Customization Options26:30 Future Developments - Expanding Coverage Beyond AI Apps28:15 Final Thoughts and Where to Learn MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

4 Feb 29min

UL NO. 466 | My Analysis and Prediction on the Deepseek Situation

UL NO. 466 | My Analysis and Prediction on the Deepseek Situation

Plus: The AI Vulnerability Glut, Remotely Hacking Subarus, Criticism of CVSS, the United Breach, and much more... ➡ Protect Against Bots, Fraud, and Abuse. Check out WorkOS Radar at workos.com/radar Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

30 Jan 33min

A Conversation with Faisal Khan from Vanta

A Conversation with Faisal Khan from Vanta

In this episode, I speak with Faisal Khan, a GRC Solution Specialist at Vanta, about how their platform is transforming trust management for organizations. We talk about: Vanta as a Trust-Management Platform:How Vanta helps organizations build, scale, and showcase their security and compliance programs through automation, efficiency, and tools like the Trust Center. Key Features and Solutions Offered by Vanta:How Vanta’s integrations automate compliance checks, streamline vendor risk management, and address industry standards like SOC 2, ISO 27001, and CMMC to save time and improve efficiency. Future Directions and AI Integration:How Vanta is expanding into new frameworks like the EU AI Act and leveraging AI to simplify compliance, optimize workflows, and address evolving trends in governance and security.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Jan 39min

Populært innen Teknologi

romkapsel
rss-avskiltet
teknisk-sett
tomprat-med-gunnar-tjomlid
energi-og-klima
rss-impressions-2
shifter
nasjonal-sikkerhetsmyndighet-nsm
elektropodden
fornybaren
smart-forklart
rss-snakk-om-sikkerhet
rss-alt-vi-kan
rss-bouvet-bobler
kunstig-intelligens-med-morten-goodwin
rss-alt-som-gar-pa-strom
teknologi-og-mennesker
pedagogisk-intelligens
rss-digitaliseringspadden
i-loopen