Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

News & Analysis | NO. 351

News & Analysis | NO. 351

Cloudflare vs. CAPTCHA, Exchange 0-Day, NSA Leaker Sponsor: Zerofox: Download the External Cybersecurity GuideBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Okt 202217min

News & Analysis | NO. 350

News & Analysis | NO. 350

Infowar Audit, Zoom Reflections, SF CamerasBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Sep 202215min

News & Analysis: NO. 349

News & Analysis: NO. 349

Uber Hacked, GTA Leak, Goodbyes Listen to JJAgha's comments on Relentless Iterations and What He Expects from a Modern SIEM: https://panther.com/resources/podcasts/compass-ciso-jj-agha-on-relentless-iterations-and-what-he-expects-from-a-modern-siem/ Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

20 Sep 202214min

News & Analysis | NO. 348 | Spearmishing, Patreon Security, and Triple-Threat Ransomware

News & Analysis | NO. 348 | Spearmishing, Patreon Security, and Triple-Threat Ransomware

Spearmishing, Patreon Security, and Triple-Threat Ransomware Sponsored by JupiterOne: https://www.jupiterone.com/unsupervisedlearningBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Sep 202223min

Metagaming: An Interview with Andrew Ringlein

Metagaming: An Interview with Andrew Ringlein

In today’s standalone episode I’m going to talk with Andrew Ringlein about some interesting new gaming ideas I’ve not seen anywhere else. He's releasing them in a new game called Rifters, and we chat through the concepts themselves and how they manifest in his new release.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Sep 202253min

News & Analysis | NO. 347

News & Analysis | NO. 347

TikTok Hack, Cloudflare Kiwi, Google OSS Bounty Sponsored by: Keeper Security http://keepersecurity.com/unsupervisedlearning Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Sep 202215min

News & Analysis | NO. 346

News & Analysis | NO. 346

🗞️ Unsupervised Learning NO. 346 | Twitter Whistle, LastPass Plex, Satellite PhonesBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

29 Aug 202219min

News & Analysis | NO. 345

News & Analysis | NO. 345

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Aug 202216min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
bilar-med-sladd
market-makers
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
bosse-bildoktorn-och-hasse-p
natets-morka-sida
rss-technokratin
developers-mer-an-bara-kod
rss-elektrikerpodden
ai-sweden-podcast
hej-bruksbil
mediepodden
rss-veckans-ai
bli-saker-podden
rss-uppgang-och-fall
rss-it-sakerhetspodden
rss-snacka-om-ai