Take 1 Security Podcast: Episode 8

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

UL NO. 430: The Courage to be Disliked

UL NO. 430: The Courage to be Disliked

How I use local AI models, MI5 vetting research students, the first AI deepfake racism attack, and more… Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Maj 202430min

UL NO. 429: Build Your Career Around Problems

UL NO. 429: Build Your Career Around Problems

Stanford's State of AI, Peter Thiel vs. Tyler Cowen, China Taiwan Hacking Prep, GenZ Outperforming, and more… Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!  Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

27 Apr 202421min

UL NO. 428: Reason to Fear; Reason to Build.

UL NO. 428: Reason to Fear; Reason to Build.

AI Propaganda, Speaking Events, analhttps://www.linkedin.com/in/danielmiessleryze_presentation Pattern, Guarding Your Energy Reserves, and more… Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!  Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

23 Apr 202416min

UL NO. 427: AI's Predictable Future

UL NO. 427: AI's Predictable Future

Israeli identity reveal, deepfaked content summaries, Altman/Ive device, wealthy kids, Cowen v. Haidt, and more… Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

10 Apr 202421min

UL NO. 425: The Efficient Security Principle

UL NO. 425: The Efficient Security Principle

US drone combat, extract ideas from any book, Pinker writing analysis, Flipper reversal, GPT-5 updates, and more… Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

27 Mars 202421min

UL NO. 424: Raising Security's Floor

UL NO. 424: Raising Security's Floor

Insane Video Deepfakes, Devin Gets Slack Access, New Fabric Patterns, AI Application Interfaces, Let Grow, and more… Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

21 Mars 202426min

A Conversation with Jason Meller of Kolide/1Password

A Conversation with Jason Meller of Kolide/1Password

In this sponsored conversation, I speak with Jason Meller. Jason is the founder of Kolide, which has just recently been acquired by 1Password. We discuss: - Kolide's acquisition by 1Password- The synergy between Kolide and 1Password- The challenge of password management- The concept of device trust and zero trust- The limitations of MDM solutions- Engaging end-users in security remediation- The philosophy behind Kolide's approach- The importance of human-friendly security solutions- Future plans for Kolide under 1Password- The potential for broader application of Kolide's technology Jason and I see a lot of things the same, and I really enjoyed this conversation and think you will too. kolide.com/unsupervisedlearningBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Mars 202421min

UL NO. 423: AI is Becoming Like Reading

UL NO. 423: AI is Becoming Like Reading

Google AI Espionage, My macOS UI, Cloudflare AI Firewall, Midnight Blizzard, and more… Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://twitter.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler See you in the next one!Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Mars 202420min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
rss-racevecka
bilar-med-sladd
market-makers
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
rss-technokratin
natets-morka-sida
rss-elektrikerpodden
developers-mer-an-bara-kod
mediepodden
ai-sweden-podcast
rss-uppgang-och-fall
solcellskollens-podcast
hej-bruksbil
bli-saker-podden
rss-it-sakerhetspodden
rss-veckans-ai
rss-fabriken-2