Take 1 Security Podcast: Episode 19
Unsupervised Learning16 Nov 2015

Take 1 Security Podcast: Episode 19



Topics for this episode:

News and analysis


* [ ] A couple of months into my job with IOActive
* [ ] Paris Attacks: resilience vs. prevention
* [ ] Updating the OWASP IoT Project (no longer the Top 10) It’s an umbrella project.
* [ ] Adding to the IoT project the SCADA Top 10 List (read the list), and Nabil Ouchn is going to be project leader on that project
* [ ] Pentagon farms coding to Russia
* [ ] Crypto email service pays ransom, gets taken out anyway
* [ ] Blackout Europe shows vulnerabilities in LTE. Forced leak of location within 2-KM radius. Were also able to block LTE and force 3G or 2G.
* [ ] Onapsis talks SAP HANA vulnerabilities. They’re config issues, and aren’t patchable, and include: remote file writes, remote directory deletions, moving files to where they can be access remotely, remote command execution, and remote python execution. To fix, you have to upgrade to the latest version and reconfigure your system. Also two issues with the database that allow HTTP RCE and SQL RCE.
* [ ] TPP : how did we even get an agreement that was secret in the first place. Forget the details. This should never be allowed to happen again
* [ ] Linux ransomware now hitting websites (broken by Brian Krebs)
* [ ] Linux.Encoder.1 has a predictable key for its ransomware, and a tool was released to decrypt victims’ systems. Good to know that even attackers make dumb encryption implementation mistakes.
* [ ] Visio smart tracking turned on for 10 million users. Here was the pitch “revolutionary shift across all screens that brings measurability, relevancy and personalization to the consumer like never before!”
* [ ] Ring-0 theory of devops: history of the o-ring. Small thing that everything else depends on. for serial tasks you need A players to have an A process. As you lower the whole thing tumbles down
* [ ] The Chinese Great Cannon: so we know about the Great Firewall, now learn about the Great Cannon
* [ ] Must read article: What ISIS Really Wants, by the Atlantic
* [ ] Two must follows: Gunnar Peterson, and Benedict Evans. Gunnar is brilliant in security, and Benedict works for Adresesen Horowitz


Updates and announcements


* Hit me up at IOActive if you have any security consulting needs.


Notes


* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.
* It’s better to listen via iTunes or with the player embedded above, but you can also download the sound file directly.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Episoder(532)

Unsupervised Learning: No. 116

Unsupervised Learning: No. 116

Chinese at CanSecWest, Applebees POS, Palantir, Poisoning, TensorFlow DoD, Amazon laughing, Google 72-qbits, Amazon FinTech, Android P, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

13 Mar 201817min

Unsupervised Learning: No. 115

Unsupervised Learning: No. 115

GitHub DDoS, Celebrite Attacks, AI warnings, Palantir in New Orleans, Grub Backspace, 4G attacks, Space Corps, Amazon wins Defense Department deal, tech news, human news, discovery, notes, recommendation, aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Mar 201812min

Unsupervised Learning: No. 113

Unsupervised Learning: No. 113

Parkland tampering, Avoid Huawei, Bongo S3, Facebook 2FA Spam, Android Cryptojacking, Spyware Hacking, Password Dating, Technology News, Human News, Trends, Ideas & Analysis, Data & Statistics, Discovery, Recommendations, Aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

20 Feb 201851min

Unsupervised Learning: No. 112

Unsupervised Learning: No. 112

Chinese AR glasses, Cisco ASA flaws, Russian Nuclear Cryptomining, Marine quadcopters, POS Skimmers, Chrome HTTP, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Feb 201822min

Unsupervised Learning: No. 111

Unsupervised Learning: No. 111

Olympic security drones, Alexa trickery, Chinese quantum satellite, Audio Adversary Examples, BeeToken Ethereum theft, App Store Security, Cryptomining, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

5 Feb 201814min

Unsupervised Learning: No. 109

Unsupervised Learning: No. 109

Social engineering, breach impact, Chinese turncoat, Android spy kit, Hawaiian OPSEC, Russian cables, bypassing CloudFlare, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Jan 201814min

Unsupervised Learning: No. 107

Unsupervised Learning: No. 107

Meltdown & Spectre, India's Database, Criminals and Monero, Equifax Non-action, technology news, human news, discovery, notes, recommendations, and the aphorism of the week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

8 Jan 201830min

The Biggest Advantage in Machine Learning Will Come From Superior Coverage, Not Superior Analysis

The Biggest Advantage in Machine Learning Will Come From Superior Coverage, Not Superior Analysis

Many people, in many fields, think Machine Learning won't replace their analysts because their humans are better than an algorithm. But it's not just about side-by-side comparisons. The bigger question is, "what percentage of the data can humans actually look at?", and the answer to that question (a tiny fraction) is the reason ML will be so helpful.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Jan 20188min

Populært innen Teknologi

romkapsel
rss-avskiltet
teknisk-sett
energi-og-klima
tomprat-med-gunnar-tjomlid
shifter
rss-impressions-2
nasjonal-sikkerhetsmyndighet-nsm
smart-forklart
rss-alt-som-gar-pa-strom
pedagogisk-intelligens
rss-digitaliseringspadden
elektropodden
rss-heis
i-loopen
kunstig-intelligens-med-morten-goodwin
rss-snakk-om-sikkerhet
rss-alt-vi-kan
rss-plateprat
rss-fjorsilkebris-podcast