Take 1 Security Podcast: Episode 8
Unsupervised Learning3 Mars 2015

Take 1 Security Podcast: Episode 8



START CONTENT


* New SSL attack called FREAK


* Has to do with falling RSA back to a deprecated and weak level
* Requires the client and server are both vulnerable
* The solution is to patch
* Many orgs will also want to note which servers were vulnerable
* The lesson is that you don’t reduce security to increase it
* Backdoors x time = regret

* Using Ruby’s Open-URI could be dangerous


* open-uri monkeypatches kernel.open
* open(params[:url]) can execute |ls

* Hilary Clinton used a personal email address and did not store correspondence on government servers for her entire 4 years as Secretary of Defense


* This seems highly suspect
* First you’re putting that data at risk in a personal system
* Second you’re obviously trying to hide your conversations

* Facebook can access your account without your password
* Google no longer encrypting Lollipop by default


* Was one of the main selling points for 5, and now it’s gone
* They said it was simply a driver issue

* DLink routers have a remote command injection bug


* Could allow DNS hijacking and other attacks

* ISIS has threatened some members of the Twitter team for disabling their accounts


* This really puts a point on public presence for me
* I’m a strong proponent of the belief that the way to avoid attack is to avoid being a target, not to be hard to attack once people want to
* This works for personal attacks, not for countries obviously

* There has been some major fraud happening with people connecting stolen cards to ApplePay


* The issue isn’t a security problem with ApplePay, but rather with standard bank / card security issue

* Up to 18.8 non-Anthem customers exposed in the Anthem breach


* This is in addition to the 80 million actual anthem customers

* GoPro vulnerability on its website exposes customer Wi-fi passwords


* Expect more of this

* Uber took over 5 months to issue a breach notification


* There was a breach of driver names and license numbers that they just now disclosed

* Seagate NAS vulnerability allows unauthorized root access


* This raises the cloud storage issue I blogged about last week



END CONTENT

Play Podcast

Notes


* Sorry about my voice on this one. I’m a bit sick. :(

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

News & Analysis | No. 277

News & Analysis | No. 277

CISA FBI and NSA Release Five APT29 Targeted Vulnerabilities, FBI Benign Hacking, The US Sanctioned Russia and Expelled Diplomats, Google's Cookie Replacement Not Going Well, NERC Says 1/4 Customers Downloaded Solarwinds, Technology News, Human News, Content Curation & Analysis, Discovery, Recommendation, and the Aphorism of the Week…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Apr 202127min

News & Analysis | No. 276

News & Analysis | No. 276

Social Media Scraping Outbreak, Microsoft AI Security Tool, FBI/CISA FortiOS Warning, Zoom Vuln at Pwn2Own, AWS Bombing, 485% Ransomware Increase, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Apr 202126min

News & Analysis | No. 275

News & Analysis | No. 275

University Accellion Breaches, 533 million Facebook Users' Data, Solarwinds Hackers Got Top DHS Emails, Github Secrets Scanning, Ubiquiti's Breach, Seoul's IoT Towers, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

5 Apr 202125min

Interview: Amir Majidimehr, Audiophile Industry Disruptor

Interview: Amir Majidimehr, Audiophile Industry Disruptor

In this standalone episode I’m speaking with Amir Majidimehr. Amir is an audiophile, but he has a unique approach to the hobby that’s literally disrupting the industry. He’s basically introduced measurement, and what he calls Objectivism, into this very sensitive audiophile world that prizes itself on everything being a matter of preference, or up to the listener. Amir calls these types the Subjectivists. So what Amir does is use his decades of experience, and his professional training, to actual test this equipment—much of which costs tens of thousands of dollars—to find out if their outrageous claims have any merit. It’s truly refreshing to see in the hobby, and I’m excited to talk to him. Amir has a degree in electrical engineering, he used to run the digital media group at Microsoft in the 1980s, and he’s the founder of Audio Science Forums. And here’s our conversation…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

2 Apr 20211h 12min

News & Analysis | No. 274

News & Analysis | No. 274

Securing the Grid, PHP hacked, Russia/China Wargames, China v. Tesla, Top 10 American Threats, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

29 Mars 202120min

The Consumer Authentication Strength Maturity Model (CASMM)

The Consumer Authentication Strength Maturity Model (CASMM)

A maturity model for seeing where a user's internet hygiene currently is, and how to improve it.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

25 Mars 202113min

News & Analysis | No. 273

News & Analysis | No. 273

US Intelligence Says Putin and Russia Tampered in 2020 Election, Finland Says APT31 Hacked Parliament, Google Releases Chrome Data Gathering Report, Ulysses Tracks Cars Worldwide, Twitter Steganography, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Mars 202121min

News & Analysis | No. 272

News & Analysis | No. 272

Russian/Chinese Deepfakes, Hafnium Fallout, Chinese AI and Cyber, Microsoft Flack, Patch Tuesday Updates, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

16 Mars 202122min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
rss-badfluence
market-makers
elbilsveckan
bilar-med-sladd
bosse-bildoktorn-och-hasse-p
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
garagehang
rss-technokratin
rss-veckans-ai
hej-bruksbil
rss-uppgang-och-fall
har-vi-akt-till-mars-an
rss-elektrikerpodden
solcellskollens-podcast
skogsforum-podcast
developers-mer-an-bara-kod
rss-snacka-om-ai