Take 1 Security Podcast: Episode 19
Unsupervised Learning16 Nov 2015

Take 1 Security Podcast: Episode 19



Topics for this episode:

News and analysis


* [ ] A couple of months into my job with IOActive
* [ ] Paris Attacks: resilience vs. prevention
* [ ] Updating the OWASP IoT Project (no longer the Top 10) It’s an umbrella project.
* [ ] Adding to the IoT project the SCADA Top 10 List (read the list), and Nabil Ouchn is going to be project leader on that project
* [ ] Pentagon farms coding to Russia
* [ ] Crypto email service pays ransom, gets taken out anyway
* [ ] Blackout Europe shows vulnerabilities in LTE. Forced leak of location within 2-KM radius. Were also able to block LTE and force 3G or 2G.
* [ ] Onapsis talks SAP HANA vulnerabilities. They’re config issues, and aren’t patchable, and include: remote file writes, remote directory deletions, moving files to where they can be access remotely, remote command execution, and remote python execution. To fix, you have to upgrade to the latest version and reconfigure your system. Also two issues with the database that allow HTTP RCE and SQL RCE.
* [ ] TPP : how did we even get an agreement that was secret in the first place. Forget the details. This should never be allowed to happen again
* [ ] Linux ransomware now hitting websites (broken by Brian Krebs)
* [ ] Linux.Encoder.1 has a predictable key for its ransomware, and a tool was released to decrypt victims’ systems. Good to know that even attackers make dumb encryption implementation mistakes.
* [ ] Visio smart tracking turned on for 10 million users. Here was the pitch “revolutionary shift across all screens that brings measurability, relevancy and personalization to the consumer like never before!”
* [ ] Ring-0 theory of devops: history of the o-ring. Small thing that everything else depends on. for serial tasks you need A players to have an A process. As you lower the whole thing tumbles down
* [ ] The Chinese Great Cannon: so we know about the Great Firewall, now learn about the Great Cannon
* [ ] Must read article: What ISIS Really Wants, by the Atlantic
* [ ] Two must follows: Gunnar Peterson, and Benedict Evans. Gunnar is brilliant in security, and Benedict works for Adresesen Horowitz


Updates and announcements


* Hit me up at IOActive if you have any security consulting needs.


Notes


* The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.
* It’s better to listen via iTunes or with the player embedded above, but you can also download the sound file directly.

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Episoder(531)

The Alarming Power of Deepfakes

The Alarming Power of Deepfakes

Trump shared a fake image of Harris speaking at a Communist event. This one looks fairly fake, but 1) lots of people will still believe it’s real, and 2) current tech can already make more believable ones.  Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!  Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Sep 20246min

UL NO. 451: Altman Says ASI in "Thousands of Days"

UL NO. 451: Altman Says ASI in "Thousands of Days"

A new Fabric web app called FabricUI!, Many AI Eyes, PagerAttack Analysis, a new Ripgrep, and more... Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Sep 202431min

Russia Is Paying Right Wing Influencers?

Russia Is Paying Right Wing Influencers?

A whole bunch of right-wing influencers received millions from Russia in return for promoting pro-Russian talking points. Hilarious to me since their whole narrative is to be skeptical and discerning. Except when it comes to obvious Russian propaganda. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

25 Sep 20247min

This Is The Future Career For Creators - Virtual Realities, Economies, and Meaning

This Is The Future Career For Creators - Virtual Realities, Economies, and Meaning

The more I think about it, the more I think a major career for creators going forward will be building entire realities for people to live inside of. So think post-AG/SI and post UBI, and where games are extraordinarily immersive. I think there will be a huge market for creative people building the story lines and stat systems and look and feel of entire worlds that people will live inside of for a period of years at a time. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

24 Sep 20248min

My First Thoughts on New OpenAI Strawberry Model ( OpenAI o1-preview)

My First Thoughts on New OpenAI Strawberry Model ( OpenAI o1-preview)

Here are my first thoughts after using OpenAI's New Strawberry Model for a couple of hours Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Sep 202422min

UL NO. 450: Thoughts on o1-preview and the Path to AGI

UL NO. 450: Thoughts on o1-preview and the Path to AGI

80% Chinese Cranes, Drones vs. Abrahams, a RAG kickstart, a Canary-based Security Maturity Model, and more... Check out Wiz for a Free Could Security Scan:https://www.wiz.io/ul Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Sep 202424min

A Conversation with Shiladitya Sircar from BlackBerry on DeepFake Threats

A Conversation with Shiladitya Sircar from BlackBerry on DeepFake Threats

In this conversation, I speak with Shiladitya Sircar, Senior VP of Product Engineering and Data Science at BlackBerry. We talk about: The Rise of Deepfakes and Cyber ThreatsInnovation Meets Malicious Intent: Deepfakes are not just a tech novelty; they’re a growing threat. From text-based phishing to hyper-realistic fake videos and audio, the landscape of cyber threats is evolving rapidly. Deepfake technology can clone voices, making it easier for cybercriminals to impersonate individuals and bypass security measures. Understanding Identity CompromiseVoice Cloning Dangers: Our brains are wired to trust familiar voices, making voice cloning particularly insidious. We share a chilling story about a cybercriminal impersonating Ferrari’s CEO. The attacker’s deepfake was so convincing that it almost led to a major scam. The Impact on TrustEroding Trust in Systems: Deepfakes can undermine trust in institutions and systems, much like traditional scams but with a high-tech twist. Beyond individual attacks, deepfakes can manipulate public opinion and even influence elections. Organizations need to train employees to spot deepfakes, and there’s a pressing need for laws that specifically address deepfakes and identity spoofing. And more Intro (00:00:00)Main Cyber Threats from Deepfakes (00:00:56)Identity Compromise Explained (00:02:47)Impact of Deepfakes on Trust (00:06:23)Deepfakes in Attack Chains (00:08:15)Case Studies of Deepfake Attacks (00:09:41)Emerging Threat Landscape (00:13:56)Defending Against Deepfake Attacks (00:15:07)Regulatory Frameworks Needed (00:16:28)The Role of Education and Technology (00:18:57)Future of Content Authenticity (00:20:53)Legislation and Authenticity Mechanisms (00:22:04)Real-Time Deepfake Validation (00:23:18)Government and Industry Partnership (00:24:07)Media Forensic Research (00:24:23)Zero Knowledge Proofs (00:25:36)Content Provenance and Authenticity (00:26:52)Trust Network Expansion (00:28:00)Puppeteering Technology (00:29:20)Stream Authentication Challenges (00:30:21)Hardware-Level Trust (00:32:00)Fragmentation in Standards (00:32:29)Trust in Communication Protocols (00:33:51)Collaboration for Solutions (00:35:22)Apple's Unique Position (00:36:47)Erosion of Trust (00:37:31)AI Agents for Detection (00:38:11)Short-term and Long-term Solutions (00:38:45)Awareness and Education (00:41:23)Predictions for Deepfake Technology (00:41:48)Community Action Against Deepfakes (00:43:09)Learning More About BlackBerry's Work (00:43:29)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Sep 202444min

UL NO. 449: China Hits US ISPs, NIST CSF 2.0, Russian Intel Attacks, Stagnant Companies...

UL NO. 449: China Hits US ISPs, NIST CSF 2.0, Russian Intel Attacks, Stagnant Companies...

Life changing books, defining your core problems, the Apple updates, and much more... ➡ Check out Vanta and get $1000 off:vanta.com/unsupervised Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

16 Sep 202454min

Populært innen Teknologi

romkapsel
rss-avskiltet
teknisk-sett
tomprat-med-gunnar-tjomlid
energi-og-klima
rss-impressions-2
shifter
nasjonal-sikkerhetsmyndighet-nsm
elektropodden
fornybaren
smart-forklart
rss-snakk-om-sikkerhet
rss-alt-vi-kan
rss-bouvet-bobler
kunstig-intelligens-med-morten-goodwin
rss-alt-som-gar-pa-strom
teknologi-og-mennesker
pedagogisk-intelligens
rss-digitaliseringspadden
i-loopen