Take 1 Security Podcast: Episode 11

Play Podcast

START CONTENT


* Twitch, a game streaming service owned by Amazon, was hacked last week


* Passwords, emails, usernames, addresses, phone numbers, dates of birth
* Amazon bought them last year for almost 1 billion dollars

* Bar Mitzvah attack on TLS


* Requires that you can sniff traffic
* Basically an RC4 problem
* Solution is to remove it from your supported algorithms

* GitHub Has been hit by a massive DDoS attack


* Apparently from China

* CSRF vulnerability found in a wind turbine


* Allowed you to pull usernames and passwords
* Also allowed the password to be changed for the default user, which had admin access

* CSRF vulnerability exposes Hilton customer accounts


* There was an account rotation issue where you could gain access to their account as long as you could guess their 9-digit username

* Snowden says IT workers now the targets of spies


* They’re not going after their information, but to use them for access to networks

* Premera hacked on same day as Blue Cross (January 29th)


* Same story: encryption, know your network, etc.
* Also same story: health data is harder to clean up from because it involves PII that cannot easily be changed
* More speculation around these attacks is that they’re data gathering for larger attacks on government networks

* Apple Acquires FoundationDB


* Fast NoSQL database probably to be used for its increasing entry into the services market

* Researchers use heat to breach air-gapped systems


* Everyone knows that an airgap is the best defense
* Ben-Gurion University came out with BitWhisper
* Now bidirectional using malware on both systems that controlled heat creation and detection
* Only 8-bits per hour

* BioCatch, Zumigo, Alibaba release tools to identify users


* I used to work with a technology called BioPass
* Uses what you do with your mouse, scrolling, how you smile via selfie, compares habits, your current location, etc. Similar to existing fraud detection just with more data points
* Really cool tech, needs to be used with the right authentication level

* Korea investing 5B in IoT and Smart Cars
* Bring Your Own IoT


* Recording audio and video are getting increasingly easy
* Sensitive meetings might become dead zones soon, and perhaps even sensitive work areas
* Some people will say that we already have this risk, but they key is the ease with which it can be done



END CONTENT

Play Podcast

Notes


* I skipped a week due to travel in Asia.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.