Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

News & Analysis | No. 285

News & Analysis | No. 285

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-285/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Juni 20218min

News & Analysis | No. 284

News & Analysis | No. 284

The latest in Security News, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism… Web Version: https://danielmiessler.com/podcast/news-analysis-no-284/Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Juni 202120min

News & Analysis | No. 283

News & Analysis | No. 283

Conti Ransomware Attacks Against US Targets, GPT-3 Disinformation Sways Opinion, SolarWinds Group Has New NativeZone Tool, Open Source HIBP, CASM, Autonomous Drone Attack, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

1 Juni 202126min

News & Analysis | No. 282

News & Analysis | No. 282

Pentagon Civilians and Contractors, CISA SolarWinds, CNA, DarkSide Money, China RSA, Senate Science Bill, Google RSS, Technology News, Human News, Notes, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

24 Maj 202125min

News & Analysis | No. 281

News & Analysis | No. 281

Darkside Colonial, Cyber Executive Order, DBIR 2021, WiFi Vulns, Microsoft AI Security, OpenSSH Hardware Keys, Insurer AXA Ransomed, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

18 Maj 202122min

News & Analysis | No. 280

News & Analysis | No. 280

Oil Pipeline Ransomware, NSA OT Warning, Deepfake Uptick, Insurer Stops Ransomware Payouts, Google Automatic 2FA, AI-powered Cameras in Banks, Technology News, Content, Ideas & Analysis, Notes, Discovery, Recommendations, and the Aphorism of the Week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

10 Maj 202124min

News & Analysis | No. 279

News & Analysis | No. 279

FBI and CISA release SVR (Cozy Bear) TTPs, CISA releases an RTOS advisory around ICS, a task force has a plan for the Biden administration to counter ransomware, there's a vulnerability in the ipaddress library in Python, Krebs says Experian leaked credit scores, Censys found 1.93 million online databases, Technology News, Content, Ideas & Analysis, Notes, Discovery, Recommendations, and the Aphorism of the Week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Maj 202121min

News & Analysis | No. 278

News & Analysis | No. 278

New Logo, CISA Pulse Secure VPN Orders, Ransomware Gangs + Stock Shorter Scams, Japanese NASA Hacked by China, Dan Kaminsky, LinkedIn Brittons and China/Russia, Codecov Fallout, Technology News, Content, Ideas & Analysis, Notes, Discovery, Recommendations, and the Aphorism of the Week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

26 Apr 202112min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
rss-badfluence
elbilsveckan
market-makers
bosse-bildoktorn-och-hasse-p
bilar-med-sladd
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
garagehang
rss-technokratin
rss-veckans-ai
solcellskollens-podcast
hej-bruksbil
rss-elektrikerpodden
skogsforum-podcast
rss-uppgang-och-fall
rss-it-sakerhetspodden
rss-snacka-om-ai
har-vi-akt-till-mars-an