Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8

START CONTENT

* New SSL attack called FREAK

* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous

* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense

* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default

* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug

* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts

* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay

* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach

* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords

* Expect more of this

* Uber took over 5 months to issue a breach notification

* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access

* This raises the cloud storage issue I blogged about last week

END CONTENT

Play Podcast

Notes

* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(541)

Most Companies Aren't Anywhere Near Ready for AI

Most Companies Aren't Anywhere Near Ready for AI. It's not that companies aren't using AI—it's that they can't.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privac...

3 Maj 5min

We're All Building a Single Digital Assistant

There's tons of confusion about what we're all building towards with Personal AI. Are we building Agents? AI Harnesses? To what end? In this video I lay why I think we're all heading towards a single ...

15 Apr 32min

Why AI Will Replace Knowledge Workers

A longer form discussion on exactly how and why AI will replace knowledge workers.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

21 Mars 1h 16min

Why I Believe in SOTA Models Over Custom Ones

I think the future is cheaper and Open Source SOTA models combined with context, not custom, narrow models.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy in...

11 Mars 1min

AI Quality Inversion

A troubling thought about what we will think about high-quality content in the future. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Mars 1min

The Great Transition

There are a bunch of different transitions happening right now—all at the same time, all (I think) heading in the same direction. Here is a long-form exploration of the various pieces.Become a Member:...

28 Feb 1h 24min

Starting 2026

A welcome back and early entry into 2026. Sponsored by: Knocknoc!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

30 Jan 25min

Judge AI based on Output, Not Mechanism

How we can use an output-based system to judge whether or not different kinds of technology achieve understanding or intelligence. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com...

22 Nov 20256min