Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

News & Analysis | NO. 321

News & Analysis | NO. 321

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-321/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

9 Mars 202214min

Sponsored Conversation: Ev Kontsevoy from Teleport

Sponsored Conversation: Ev Kontsevoy from Teleport

In this sponsored conversation, I talk with Ev Kontsevoy of Teleport. In this series I have organic conversations with entrepreneurs as if having lunch with them and hearing about the product for the first time. They give their pitch, and I dig deeper with questions. Teleport, in my own words, is a way of rethinking how people access and use computing resources. It's a policy-based system that controls who can do what across your entire infrastructure using a central access plane. Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Mars 202240min

Andrew Ringlein's 5 Crypto Accelerators in Gaming and Business

Andrew Ringlein's 5 Crypto Accelerators in Gaming and Business

This standalone episode is a conversation with my friend Andrew Ringlein on the topic of how crypto is best thought of as a set of accelerators for business, with gaming being the initial flagship. We talk about Andrew's 5 principles that accelerate gaming companies adopting crypto first, and then look at how those same concepts will soon be adopted by all types of businesses. We also discuss legitimate doubts around crypto in general, and discuss why we think the concepts are more durable (and inevitable) than the technology.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Mars 20221h 5min

News & Analysis | NO. 320

News & Analysis | NO. 320

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-320/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Feb 202218min

News & Analysis | NO. 319

News & Analysis | NO. 319

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-319/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Feb 20228min

News & Analysis | NO. 318

News & Analysis | NO. 318

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-318/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Feb 202211min

News & Analysis | NO. 317

News & Analysis | NO. 317

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-317/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Feb 202214min

News & Analysis | NO. 316

News & Analysis | NO. 316

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-316/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

31 Jan 202212min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
market-makers
bilar-med-sladd
bosse-bildoktorn-och-hasse-p
rss-badfluence
rss-laddstationen-med-elbilen-i-sverige
skogsforum-podcast
rss-veckans-ai
rss-technokratin
natets-morka-sida
hej-bruksbil
developers-mer-an-bara-kod
mediepodden
rss-uppgang-och-fall
rss-snacka-om-ai
garagehang
bli-saker-podden
rss-it-sakerhetspodden