Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

NO. 361 | GPT++, Apple Security, CISA Cuba…

NO. 361 | GPT++, Apple Security, CISA Cuba…

GPT++, Apple Security, CISA Cuba…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Dec 202212min

NO. 360 | NEWS, ANALYSIS & DISCOVERY SERIES

NO. 360 | NEWS, ANALYSIS & DISCOVERY SERIES

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

5 Dec 202213min

Erkang Zheng of JupiterOne | SPONSORED INTERVIEW SERIES

Erkang Zheng of JupiterOne | SPONSORED INTERVIEW SERIES

In this standalone episode we’re doing a sponsored interview with Erkang Zheng of Jupiter One. So JupiterOne is a special company to me. I just built a vuln management program at Robinhood based around them, and I believe so much in their vision that I’m looking to actually become an advisor. I mention this because when I fanboy for something, like Apple, or whoever, I want you to know that I’m fanboying and/or have a relationship with them. Or that I want to. The interview here talks mostly about concepts, however, and not so much specific features. But I just wanted to mention my orientation to the company prior to starting. I’m speaking with Erkang Zheng who is the founder and CEO of the company, and as you can hear we have a similar take on many of the problems currently in security. So with that, here’s Erkang Zheng. — Start a JupiterOne Account for FreeBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Dec 202227min

NO. 359 | THE NEWS, ANALYSIS & DISCOVERY SERIES

NO. 359 | THE NEWS, ANALYSIS & DISCOVERY SERIES

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Nov 20229min

Scott Kuffer of Nucleus Security | SPONSORED INTERVIEW SERIES

Scott Kuffer of Nucleus Security | SPONSORED INTERVIEW SERIES

In this standalone episode we’re doing a sponsored interview with Scott Kuffer, co-founder and COO of Nucleus Security. I was already excited by this vendor just based on the research I did to allow them to be a sponsor, but the conversation with them really made me think they’re approaching the vulnerability management problem the right way. Namely, by tackling a lot of the non-technical problems using technical solutions rather than obsessing over vuln prioritization. If you are in the VM space or are about to be in it, you will love this conversation. And with that, here’s Scott Kuffer with Nucleus Security.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Nov 202247min

NO. 358 | NEWS, ANALYSIS, & DISCOVERY SERIES

NO. 358 | NEWS, ANALYSIS, & DISCOVERY SERIES

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Nov 202214min

NO. 357 | NEWS, ANALYSIS, & DISCOVERY SERIES

NO. 357 | NEWS, ANALYSIS, & DISCOVERY SERIES

NSA Languages, GPT-4 Hype, Chinese AirDrop…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Nov 202212min

NO. 356 | NEWS, ANALYSIS & DISCOVERY SERIES

NO. 356 | NEWS, ANALYSIS & DISCOVERY SERIES

Sponsored by JupiterOne: jupiterone.com/unsupervisedlearning Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Nov 202211min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
bilar-med-sladd
market-makers
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
rss-technokratin
rss-elektrikerpodden
mediepodden
developers-mer-an-bara-kod
hej-bruksbil
ai-sweden-podcast
solcellskollens-podcast
rss-uppgang-och-fall
rss-veckans-ai
bli-saker-podden
bosse-bildoktorn-och-hasse-p
rss-it-sakerhetspodden