Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

News & Analysis | NO. 344

News & Analysis | NO. 344

Blackhat/DEFCON, TikTok Lockdown, MailChimp Breach… Sponsor: JupiterOne https://www.jupiterone.com/unsupervisedlearning  Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Aug 202213min

News & Analysis | NO. 343

News & Analysis | NO. 343

UL NO. 343 | Emergency Hack, Chinese Cobalt Strike, Solana Drainage Sponsor: ZeroFox https://www.get.zerofox.com/ti-guideBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

8 Aug 202212min

News & Analysis | NO. 342

News & Analysis | NO. 342

NK Hackers, TikTok Influence, Amazon Police… Sponsor: Hyperproof. Security, Compliance, and Risk Management leaders need to be able to articulately advocate for their programs to gain collaboration from their peers, support from their leadership, as well as budget and headcount.In this Hyperproof guide, you'll see how to gain active and passive support for your various security initiatives, and you'll get tips and talking points you can use in executive conversations to gain support and drive urgency. info.hyperproof.io/getting-to-yes-ebookBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

2 Aug 202211min

News & Analysis | NO. 341

News & Analysis | NO. 341

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

25 Juli 202215min

News & Analysis | NO. 340 | SF Surveillance, APTs vs. Journalists, TikTok Changes…

News & Analysis | NO. 340 | SF Surveillance, APTs vs. Journalists, TikTok Changes…

SF Surveillance, APTs vs. Journalists, TikTok Changes… Sponsored by Jupiter One.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Juli 202221min

News & Analysis | NO. 339

News & Analysis | NO. 339

Lockdown Mode, Paid Pentagon Bounty, China's IP Threat… Sponsors: Cerby.com, CrowdSec.netBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

11 Juli 202219min

Sponsored Lunch Interview: Keeper Security

Sponsored Lunch Interview: Keeper Security

I had the opportunity to sit down with Zane Bond from Keeper Security. We spent around 40 minutes talking about Keeper's products, the problems they solve, and how they think about the password problem. Learn more at keepersecurity.com.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

11 Juli 202233min

News & Analysis | NO. 338 | Deepfake Interviews, China Leak, Hacker Services…

News & Analysis | NO. 338 | Deepfake Interviews, China Leak, Hacker Services…

This week's sponsor: Storyblok: Upgrade the Security of Your CMSBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

5 Juli 202220min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
bilar-med-sladd
market-makers
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
bosse-bildoktorn-och-hasse-p
natets-morka-sida
rss-technokratin
developers-mer-an-bara-kod
rss-elektrikerpodden
ai-sweden-podcast
hej-bruksbil
mediepodden
rss-veckans-ai
bli-saker-podden
rss-uppgang-och-fall
rss-it-sakerhetspodden
rss-snacka-om-ai